Windows
Analysis Report
file.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- file.exe (PID: 3196 cmdline:
"C:\Users\ user\Deskt op\file.ex e" MD5: 2CFC1AA34C34F4968B099AA7646097A5) - conhost.exe (PID: 6704 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - RegAsm.exe (PID: 5536 cmdline:
"C:\Window s\Microsof t.NET\Fram ework\v4.0 .30319\Reg Asm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
RedLine Stealer | RedLine Stealer is a malware available on underground forums for sale apparently as a standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer. | No Attribution |
{"C2 url": "91.211.248.215:24327", "Bot Id": "LogsDiller Cloud (TG: @logsdillabot)", "Authorization Header": "3a050df92d0cf082b2cdaf87863616be"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_RedLine_1 | Yara detected RedLine Stealer | Joe Security | ||
JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
Click to see the 1 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-26T11:32:14.378994+0200 | 2043234 | 1 | A Network Trojan was detected | 91.211.248.215 | 24327 | 192.168.2.6 | 49711 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-26T11:32:14.203025+0200 | 2043231 | 1 | A Network Trojan was detected | 192.168.2.6 | 49711 | 91.211.248.215 | 24327 | TCP |
2024-09-26T11:32:19.440734+0200 | 2043231 | 1 | A Network Trojan was detected | 192.168.2.6 | 49711 | 91.211.248.215 | 24327 | TCP |
2024-09-26T11:32:20.100634+0200 | 2043231 | 1 | A Network Trojan was detected | 192.168.2.6 | 49711 | 91.211.248.215 | 24327 | TCP |
2024-09-26T11:32:20.373552+0200 | 2043231 | 1 | A Network Trojan was detected | 192.168.2.6 | 49711 | 91.211.248.215 | 24327 | TCP |
2024-09-26T11:32:20.832089+0200 | 2043231 | 1 | A Network Trojan was detected | 192.168.2.6 | 49711 | 91.211.248.215 | 24327 | TCP |
2024-09-26T11:32:21.060538+0200 | 2043231 | 1 | A Network Trojan was detected | 192.168.2.6 | 49711 | 91.211.248.215 | 24327 | TCP |
2024-09-26T11:32:22.487259+0200 | 2043231 | 1 | A Network Trojan was detected | 192.168.2.6 | 49711 | 91.211.248.215 | 24327 | TCP |
2024-09-26T11:32:22.666955+0200 | 2043231 | 1 | A Network Trojan was detected | 192.168.2.6 | 49711 | 91.211.248.215 | 24327 | TCP |
2024-09-26T11:32:23.013834+0200 | 2043231 | 1 | A Network Trojan was detected | 192.168.2.6 | 49711 | 91.211.248.215 | 24327 | TCP |
2024-09-26T11:32:23.253329+0200 | 2043231 | 1 | A Network Trojan was detected | 192.168.2.6 | 49711 | 91.211.248.215 | 24327 | TCP |
2024-09-26T11:32:23.440567+0200 | 2043231 | 1 | A Network Trojan was detected | 192.168.2.6 | 49711 | 91.211.248.215 | 24327 | TCP |
2024-09-26T11:32:23.732396+0200 | 2043231 | 1 | A Network Trojan was detected | 192.168.2.6 | 49711 | 91.211.248.215 | 24327 | TCP |
2024-09-26T11:32:24.016824+0200 | 2043231 | 1 | A Network Trojan was detected | 192.168.2.6 | 49711 | 91.211.248.215 | 24327 | TCP |
2024-09-26T11:32:24.193018+0200 | 2043231 | 1 | A Network Trojan was detected | 192.168.2.6 | 49711 | 91.211.248.215 | 24327 | TCP |
2024-09-26T11:32:24.418887+0200 | 2043231 | 1 | A Network Trojan was detected | 192.168.2.6 | 49711 | 91.211.248.215 | 24327 | TCP |
2024-09-26T11:32:26.087980+0200 | 2043231 | 1 | A Network Trojan was detected | 192.168.2.6 | 49711 | 91.211.248.215 | 24327 | TCP |
2024-09-26T11:32:26.402758+0200 | 2043231 | 1 | A Network Trojan was detected | 192.168.2.6 | 49711 | 91.211.248.215 | 24327 | TCP |
2024-09-26T11:32:26.407741+0200 | 2043231 | 1 | A Network Trojan was detected | 192.168.2.6 | 49711 | 91.211.248.215 | 24327 | TCP |
2024-09-26T11:32:27.181688+0200 | 2043231 | 1 | A Network Trojan was detected | 192.168.2.6 | 49711 | 91.211.248.215 | 24327 | TCP |
2024-09-26T11:32:27.398083+0200 | 2043231 | 1 | A Network Trojan was detected | 192.168.2.6 | 49711 | 91.211.248.215 | 24327 | TCP |
2024-09-26T11:32:27.574784+0200 | 2043231 | 1 | A Network Trojan was detected | 192.168.2.6 | 49711 | 91.211.248.215 | 24327 | TCP |
2024-09-26T11:32:27.754493+0200 | 2043231 | 1 | A Network Trojan was detected | 192.168.2.6 | 49711 | 91.211.248.215 | 24327 | TCP |
2024-09-26T11:32:27.930030+0200 | 2043231 | 1 | A Network Trojan was detected | 192.168.2.6 | 49711 | 91.211.248.215 | 24327 | TCP |
2024-09-26T11:32:28.105518+0200 | 2043231 | 1 | A Network Trojan was detected | 192.168.2.6 | 49711 | 91.211.248.215 | 24327 | TCP |
2024-09-26T11:32:28.355607+0200 | 2043231 | 1 | A Network Trojan was detected | 192.168.2.6 | 49711 | 91.211.248.215 | 24327 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-26T11:32:20.106375+0200 | 2046056 | 1 | A Network Trojan was detected | 91.211.248.215 | 24327 | 192.168.2.6 | 49711 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-26T11:32:14.203025+0200 | 2046045 | 1 | A Network Trojan was detected | 192.168.2.6 | 49711 | 91.211.248.215 | 24327 | TCP |
Click to jump to signature section
AV Detection |
---|
Source: | Malware Configuration Extractor: |
Source: | ReversingLabs: |
Source: | Integrated Neural Analysis Model: |
Source: | Static PE information: |
Source: | Static PE information: |
Networking |
---|
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: |
Source: | URLs: |
Source: | TCP traffic: |
Source: | ASN Name: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
System Summary |
---|
Source: | Large array initialization: |
Source: | Code function: | 3_2_00C1DC74 | |
Source: | Code function: | 3_2_04DE6948 | |
Source: | Code function: | 3_2_04DE7C20 | |
Source: | Code function: | 3_2_04DE0040 | |
Source: | Code function: | 3_2_04DE0007 | |
Source: | Code function: | 3_2_04DE7C10 | |
Source: | Code function: | 3_2_04DE5A43 | |
Source: | Code function: | 3_2_060F67D8 | |
Source: | Code function: | 3_2_060FA3E8 | |
Source: | Code function: | 3_2_060F3F50 | |
Source: | Code function: | 3_2_060FA3D8 | |
Source: | Code function: | 3_2_060F6FE8 | |
Source: | Code function: | 3_2_060F6FF8 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | Static file information: |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Binary or memory string: |
Source: | ReversingLabs: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | LNK file: |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Code function: | 3_2_060FC720 | |
Source: | Code function: | 3_2_060FD420 | |
Source: | Code function: | 3_2_060FED01 |
Source: | Static PE information: |
Persistence and Installation Behavior |
---|
Source: | Registry value created: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | WMI Queries: |
Source: | WMI Queries: |
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | WMI Queries: |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Source: | Process token adjusted: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Memory allocated: | Jump to behavior |
Source: | Code function: | 0_2_02A92139 |
Source: | Memory written: | Jump to behavior |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Binary or memory string: |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 221 Windows Management Instrumentation | 1 DLL Side-Loading | 411 Process Injection | 1 Masquerading | 1 OS Credential Dumping | 231 Security Software Discovery | Remote Services | 1 Archive Collected Data | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 1 Disable or Modify Tools | LSASS Memory | 1 Process Discovery | Remote Desktop Protocol | 2 Data from Local System | 1 Non-Standard Port | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 241 Virtualization/Sandbox Evasion | Security Account Manager | 241 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 411 Process Injection | NTDS | 1 Application Window Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 2 Obfuscated Files or Information | LSA Secrets | 1 File and Directory Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 Install Root Certificate | Cached Domain Credentials | 113 System Information Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 2 Software Packing | DCSync | Remote System Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 1 DLL Side-Loading | Proc Filesystem | System Owner/User Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
39% | ReversingLabs | ByteCode-MSIL.Trojan.Zilla |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
91.211.248.215 | unknown | Ukraine | 204601 | ON-LINE-DATAServerlocation-NetherlandsDrontenNL | true |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1519329 |
Start date and time: | 2024-09-26 11:31:10 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 5m 7s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 11 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | file.exe |
Detection: | MAL |
Classification: | mal100.troj.spyw.evad.winEXE@4/7@0/1 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe
- Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, slscr.update.microsoft.com, tile-service.weather.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtAllocateVirtualMemory calls found.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
- VT rate limit hit for: file.exe
Time | Type | Description |
---|---|---|
05:32:24 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
ON-LINE-DATAServerlocation-NetherlandsDrontenNL | Get hash | malicious | LummaC, Clipboard Hijacker, Cryptbot, LummaC Stealer | Browse |
| |
Get hash | malicious | Amadey, Clipboard Hijacker, Cryptbot, Go Injector, LummaC Stealer, PrivateLoader, PureLog Stealer | Browse |
| ||
Get hash | malicious | Amadey, Clipboard Hijacker, Cryptbot, Go Injector, LummaC Stealer, PrivateLoader, PureLog Stealer | Browse |
| ||
Get hash | malicious | LummaC, PureLog Stealer, RedLine, Socks5Systemz, Stealc, Vidar, Xmrig | Browse |
| ||
Get hash | malicious | LummaC Stealer, PureLog Stealer, RedLine, Socks5Systemz, Stealc, Vidar, Xmrig | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | RedLine | Browse |
| ||
Get hash | malicious | LummaC, PureLog Stealer, RedLine, Stealc, Vidar, XWorm, zgRAT | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2104 |
Entropy (8bit): | 3.4666706587201315 |
Encrypted: | false |
SSDEEP: | 48:8SQd5TvG90lRYrnvPdAKRkdAGdAKRFdAKR6P:8S6by7 |
MD5: | 35A80D01B48EA8A6F909CD1A55CFF163 |
SHA1: | 642B7F564B38B40568DBDF38992B6D402D3370CC |
SHA-256: | 5F00AADB8B2A4A8481AC48A0F20676E02DF7E0973AB5DC955A53FA28AE4D3DDF |
SHA-512: | 9D730C2632A8988980E36D47CBB2857B5F3864B80ACF6849DD0695F51F1E31347E675406F70312C5BBF58DEC2A1EA4810BA1F1B76D3707AA42497B86DB056149 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3274 |
Entropy (8bit): | 5.3318368586986695 |
Encrypted: | false |
SSDEEP: | 96:Pq5qHwCYqh3oPtI6eqzxP0aymRLKTqdqlq7qqjqcEZ5D:Pq5qHwCYqh3qtI6eqzxP0at9KTqdqlqY |
MD5: | 0B2E58EF6402AD69025B36C36D16B67F |
SHA1: | 5ECC642327EF5E6A54B7918A4BD7B46A512BF926 |
SHA-256: | 4B0FB8EECEAD6C835CED9E06F47D9021C2BCDB196F2D60A96FEE09391752C2D7 |
SHA-512: | 1464106CEC5E264F8CEA7B7FF03C887DA5192A976FBC9369FC60A480A7B9DB0ED1956EFCE6FFAD2E40A790BD51FD27BB037256964BC7B4B2DA6D4D5C6B267FA1 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Users\user\Desktop\file.exe |
File Type: | |
Category: | modified |
Size (bytes): | 425 |
Entropy (8bit): | 5.353683843266035 |
Encrypted: | false |
SSDEEP: | 12:Q3La/KDLI4MWuPTAOKbbDLI4MWuPJKAVKhav:ML9E4KlKDE4KhKiKhk |
MD5: | 859802284B12C59DDBB85B0AC64C08F0 |
SHA1: | 4FDDEFC6DB9645057FEB3322BE98EF10D6A593EE |
SHA-256: | FB234B6DAB715ADABB23E450DADCDBCDDFF78A054BAF19B5CE7A9B4206B7492B |
SHA-512: | 8A371F671B962AE8AE0F58421A13E80F645FF0A9888462C1529B77289098A0EA4D6A9E2E07ABD4F96460FCC32AA87B0581CA4D747E77E69C3620BF1368BA9A67 |
Malicious: | true |
Reputation: | high, very likely benign file |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2662 |
Entropy (8bit): | 7.8230547059446645 |
Encrypted: | false |
SSDEEP: | 48:qJdHasMPAUha1DgSVVi59ca13MfyKjWwUmq9W2UgniDhiRhkjp9g:bhhEgSVVi59defyfW2sDgAj3g |
MD5: | 1420D30F964EAC2C85B2CCFE968EEBCE |
SHA1: | BDF9A6876578A3E38079C4F8CF5D6C79687AD750 |
SHA-256: | F3327793E3FD1F3F9A93F58D033ED89CE832443E2695BECA9F2B04ADBA049ED9 |
SHA-512: | 6FCB6CE148E1E246D6805502D4914595957061946751656567A5013D96033DD1769A22A87C45821E7542CDE533450E41182CEE898CD2CCF911C91BC4822371A8 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2662 |
Entropy (8bit): | 7.8230547059446645 |
Encrypted: | false |
SSDEEP: | 48:qJdHasMPAUha1DgSVVi59ca13MfyKjWwUmq9W2UgniDhiRhkjp9g:bhhEgSVVi59defyfW2sDgAj3g |
MD5: | 1420D30F964EAC2C85B2CCFE968EEBCE |
SHA1: | BDF9A6876578A3E38079C4F8CF5D6C79687AD750 |
SHA-256: | F3327793E3FD1F3F9A93F58D033ED89CE832443E2695BECA9F2B04ADBA049ED9 |
SHA-512: | 6FCB6CE148E1E246D6805502D4914595957061946751656567A5013D96033DD1769A22A87C45821E7542CDE533450E41182CEE898CD2CCF911C91BC4822371A8 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1003\76b53b3ec448f7ccdda2063b15d2bfc3_9e146be9-c76a-4720-bcdb-53011b87bd06
Download File
Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2251 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:: |
MD5: | 0158FE9CEAD91D1B027B795984737614 |
SHA1: | B41A11F909A7BDF1115088790A5680AC4E23031B |
SHA-256: | 513257326E783A862909A2A0F0941D6FF899C403E104FBD1DBC10443C41D9F9A |
SHA-512: | C48A55CC7A92CEFCEFE5FB2382CCD8EF651FC8E0885E88A256CD2F5D83B824B7D910F755180B29ECCB54D9361D6AF82F9CC741BD7E6752122949B657DA973676 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\file.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 33 |
Entropy (8bit): | 2.2845972159140855 |
Encrypted: | false |
SSDEEP: | 3:i6vvRyMivvRya:iKvHivD |
MD5: | 45B4C82B8041BF0F9CCED0D6A18D151A |
SHA1: | B4DAD3FFFEF507CBB78671EE620BB495F8CE22F1 |
SHA-256: | 7CFA461ED1FC8611AB74878EDB1FBBDE3596F5D042946A42A7F31EB6D462E628 |
SHA-512: | B29C3696A8A311EFAF9B9709BA082FF2C8D45A6912D79BC1DE7FEEFBEF8F8DDEFCD6650B5E1165D0A79800C8AED399E2B11BC2431E3837DD8587516BDE50EAB5 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.986693995498632 |
TrID: |
|
File name: | file.exe |
File size: | 321'536 bytes |
MD5: | 2cfc1aa34c34f4968b099aa7646097a5 |
SHA1: | 8f0474e95ebd679be59eb2c002056bef9361305c |
SHA256: | 330b91473f27721d99e11cde67a05631aefcac78b6b69fc7b6bb61bd053ddbe6 |
SHA512: | 81a4b338cf5a931e7a24c5de37069aec288cfbdd5f94895c470bef2f3407eea3e1046d5072e690430288719560baa4d63f21b89876c07d63811b5da3a9611e81 |
SSDEEP: | 6144:89ecSWylbPXlZctxOTyORbnRRX8LC3V7/9rQxf08+LFYM:89eDNvcqT9Z7WC5/9ES8y |
TLSH: | DB6423946B830172E1C84B32AEB7EA6DD0F7F5130342778F66EC0C8E92A59AD715B471 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....|.f................................. ........@.. .......................@............`................................ |
Icon Hash: | 00928e8e8686b000 |
Entrypoint: | 0x44fcee |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows cui |
Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x66F47C82 [Wed Sep 25 21:11:30 2024 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
Instruction |
---|
jmp dword ptr [00402000h] |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x4fc94 | 0x57 | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x50000 | 0x5b8 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x52000 | 0xc | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x4fb5c | 0x1c | .text |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x2000 | 0x8 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x2008 | 0x48 | .text |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x2000 | 0x4dcf4 | 0x4de00 | 8945b009e71a4c00f6e1b387d369c222 | False | 0.992406952247191 | data | 7.994517021039135 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rsrc | 0x50000 | 0x5b8 | 0x600 | 59c39f15f05bc5bec30f54a84b9c8ed2 | False | 0.4361979166666667 | data | 4.110921347030149 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x52000 | 0xc | 0x200 | 018bc3404a75d8e475430c0894fe6423 | False | 0.044921875 | data | 0.09800417566270775 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_VERSION | 0x500a0 | 0x324 | data | 0.4552238805970149 | ||
RT_MANIFEST | 0x503c8 | 0x1ea | XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators | 0.5469387755102041 |
DLL | Import |
---|---|
mscoree.dll | _CorExeMain |
Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-26T11:32:14.203025+0200 | 2043231 | ET MALWARE Redline Stealer TCP CnC Activity | 1 | 192.168.2.6 | 49711 | 91.211.248.215 | 24327 | TCP |
2024-09-26T11:32:14.203025+0200 | 2046045 | ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) | 1 | 192.168.2.6 | 49711 | 91.211.248.215 | 24327 | TCP |
2024-09-26T11:32:14.378994+0200 | 2043234 | ET MALWARE Redline Stealer TCP CnC - Id1Response | 1 | 91.211.248.215 | 24327 | 192.168.2.6 | 49711 | TCP |
2024-09-26T11:32:19.440734+0200 | 2043231 | ET MALWARE Redline Stealer TCP CnC Activity | 1 | 192.168.2.6 | 49711 | 91.211.248.215 | 24327 | TCP |
2024-09-26T11:32:20.100634+0200 | 2043231 | ET MALWARE Redline Stealer TCP CnC Activity | 1 | 192.168.2.6 | 49711 | 91.211.248.215 | 24327 | TCP |
2024-09-26T11:32:20.106375+0200 | 2046056 | ET MALWARE Redline Stealer/MetaStealer Family Activity (Response) | 1 | 91.211.248.215 | 24327 | 192.168.2.6 | 49711 | TCP |
2024-09-26T11:32:20.373552+0200 | 2043231 | ET MALWARE Redline Stealer TCP CnC Activity | 1 | 192.168.2.6 | 49711 | 91.211.248.215 | 24327 | TCP |
2024-09-26T11:32:20.832089+0200 | 2043231 | ET MALWARE Redline Stealer TCP CnC Activity | 1 | 192.168.2.6 | 49711 | 91.211.248.215 | 24327 | TCP |
2024-09-26T11:32:21.060538+0200 | 2043231 | ET MALWARE Redline Stealer TCP CnC Activity | 1 | 192.168.2.6 | 49711 | 91.211.248.215 | 24327 | TCP |
2024-09-26T11:32:22.487259+0200 | 2043231 | ET MALWARE Redline Stealer TCP CnC Activity | 1 | 192.168.2.6 | 49711 | 91.211.248.215 | 24327 | TCP |
2024-09-26T11:32:22.666955+0200 | 2043231 | ET MALWARE Redline Stealer TCP CnC Activity | 1 | 192.168.2.6 | 49711 | 91.211.248.215 | 24327 | TCP |
2024-09-26T11:32:23.013834+0200 | 2043231 | ET MALWARE Redline Stealer TCP CnC Activity | 1 | 192.168.2.6 | 49711 | 91.211.248.215 | 24327 | TCP |
2024-09-26T11:32:23.253329+0200 | 2043231 | ET MALWARE Redline Stealer TCP CnC Activity | 1 | 192.168.2.6 | 49711 | 91.211.248.215 | 24327 | TCP |
2024-09-26T11:32:23.440567+0200 | 2043231 | ET MALWARE Redline Stealer TCP CnC Activity | 1 | 192.168.2.6 | 49711 | 91.211.248.215 | 24327 | TCP |
2024-09-26T11:32:23.732396+0200 | 2043231 | ET MALWARE Redline Stealer TCP CnC Activity | 1 | 192.168.2.6 | 49711 | 91.211.248.215 | 24327 | TCP |
2024-09-26T11:32:24.016824+0200 | 2043231 | ET MALWARE Redline Stealer TCP CnC Activity | 1 | 192.168.2.6 | 49711 | 91.211.248.215 | 24327 | TCP |
2024-09-26T11:32:24.193018+0200 | 2043231 | ET MALWARE Redline Stealer TCP CnC Activity | 1 | 192.168.2.6 | 49711 | 91.211.248.215 | 24327 | TCP |
2024-09-26T11:32:24.418887+0200 | 2043231 | ET MALWARE Redline Stealer TCP CnC Activity | 1 | 192.168.2.6 | 49711 | 91.211.248.215 | 24327 | TCP |
2024-09-26T11:32:26.087980+0200 | 2043231 | ET MALWARE Redline Stealer TCP CnC Activity | 1 | 192.168.2.6 | 49711 | 91.211.248.215 | 24327 | TCP |
2024-09-26T11:32:26.402758+0200 | 2043231 | ET MALWARE Redline Stealer TCP CnC Activity | 1 | 192.168.2.6 | 49711 | 91.211.248.215 | 24327 | TCP |
2024-09-26T11:32:26.407741+0200 | 2043231 | ET MALWARE Redline Stealer TCP CnC Activity | 1 | 192.168.2.6 | 49711 | 91.211.248.215 | 24327 | TCP |
2024-09-26T11:32:27.181688+0200 | 2043231 | ET MALWARE Redline Stealer TCP CnC Activity | 1 | 192.168.2.6 | 49711 | 91.211.248.215 | 24327 | TCP |
2024-09-26T11:32:27.398083+0200 | 2043231 | ET MALWARE Redline Stealer TCP CnC Activity | 1 | 192.168.2.6 | 49711 | 91.211.248.215 | 24327 | TCP |
2024-09-26T11:32:27.574784+0200 | 2043231 | ET MALWARE Redline Stealer TCP CnC Activity | 1 | 192.168.2.6 | 49711 | 91.211.248.215 | 24327 | TCP |
2024-09-26T11:32:27.754493+0200 | 2043231 | ET MALWARE Redline Stealer TCP CnC Activity | 1 | 192.168.2.6 | 49711 | 91.211.248.215 | 24327 | TCP |
2024-09-26T11:32:27.930030+0200 | 2043231 | ET MALWARE Redline Stealer TCP CnC Activity | 1 | 192.168.2.6 | 49711 | 91.211.248.215 | 24327 | TCP |
2024-09-26T11:32:28.105518+0200 | 2043231 | ET MALWARE Redline Stealer TCP CnC Activity | 1 | 192.168.2.6 | 49711 | 91.211.248.215 | 24327 | TCP |
2024-09-26T11:32:28.355607+0200 | 2043231 | ET MALWARE Redline Stealer TCP CnC Activity | 1 | 192.168.2.6 | 49711 | 91.211.248.215 | 24327 | TCP |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 26, 2024 11:32:13.500581980 CEST | 49711 | 24327 | 192.168.2.6 | 91.211.248.215 |
Sep 26, 2024 11:32:13.505496025 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:13.505647898 CEST | 49711 | 24327 | 192.168.2.6 | 91.211.248.215 |
Sep 26, 2024 11:32:13.523066998 CEST | 49711 | 24327 | 192.168.2.6 | 91.211.248.215 |
Sep 26, 2024 11:32:13.527842045 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:14.141542912 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:14.184636116 CEST | 49711 | 24327 | 192.168.2.6 | 91.211.248.215 |
Sep 26, 2024 11:32:14.203025103 CEST | 49711 | 24327 | 192.168.2.6 | 91.211.248.215 |
Sep 26, 2024 11:32:14.207935095 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:14.378993988 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:14.434525967 CEST | 49711 | 24327 | 192.168.2.6 | 91.211.248.215 |
Sep 26, 2024 11:32:19.440733910 CEST | 49711 | 24327 | 192.168.2.6 | 91.211.248.215 |
Sep 26, 2024 11:32:19.445719004 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:19.620354891 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:19.620385885 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:19.620441914 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:19.620455980 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:19.620469093 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:19.620481014 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:19.620482922 CEST | 49711 | 24327 | 192.168.2.6 | 91.211.248.215 |
Sep 26, 2024 11:32:19.620639086 CEST | 49711 | 24327 | 192.168.2.6 | 91.211.248.215 |
Sep 26, 2024 11:32:20.100634098 CEST | 49711 | 24327 | 192.168.2.6 | 91.211.248.215 |
Sep 26, 2024 11:32:20.106374979 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:20.299901009 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:20.340761900 CEST | 49711 | 24327 | 192.168.2.6 | 91.211.248.215 |
Sep 26, 2024 11:32:20.373552084 CEST | 49711 | 24327 | 192.168.2.6 | 91.211.248.215 |
Sep 26, 2024 11:32:20.378576040 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:20.378592968 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:20.378616095 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:20.378627062 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:20.378635883 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:20.378643990 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:20.378664017 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:20.378673077 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:20.378679991 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:20.378690004 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:20.378735065 CEST | 49711 | 24327 | 192.168.2.6 | 91.211.248.215 |
Sep 26, 2024 11:32:20.383609056 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:20.383627892 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:20.383636951 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:20.819842100 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:20.832088947 CEST | 49711 | 24327 | 192.168.2.6 | 91.211.248.215 |
Sep 26, 2024 11:32:20.836893082 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:21.009042978 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:21.059515953 CEST | 49711 | 24327 | 192.168.2.6 | 91.211.248.215 |
Sep 26, 2024 11:32:21.060538054 CEST | 49711 | 24327 | 192.168.2.6 | 91.211.248.215 |
Sep 26, 2024 11:32:21.066297054 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:21.235510111 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:21.278279066 CEST | 49711 | 24327 | 192.168.2.6 | 91.211.248.215 |
Sep 26, 2024 11:32:22.487258911 CEST | 49711 | 24327 | 192.168.2.6 | 91.211.248.215 |
Sep 26, 2024 11:32:22.492295980 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:22.661741972 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:22.666954994 CEST | 49711 | 24327 | 192.168.2.6 | 91.211.248.215 |
Sep 26, 2024 11:32:22.671750069 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:22.841356993 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:22.887653112 CEST | 49711 | 24327 | 192.168.2.6 | 91.211.248.215 |
Sep 26, 2024 11:32:23.013834000 CEST | 49711 | 24327 | 192.168.2.6 | 91.211.248.215 |
Sep 26, 2024 11:32:23.019962072 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:23.189404964 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:23.231429100 CEST | 49711 | 24327 | 192.168.2.6 | 91.211.248.215 |
Sep 26, 2024 11:32:23.253329039 CEST | 49711 | 24327 | 192.168.2.6 | 91.211.248.215 |
Sep 26, 2024 11:32:23.260410070 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:23.430255890 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:23.440567017 CEST | 49711 | 24327 | 192.168.2.6 | 91.211.248.215 |
Sep 26, 2024 11:32:23.445400953 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:23.615128040 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:23.668874025 CEST | 49711 | 24327 | 192.168.2.6 | 91.211.248.215 |
Sep 26, 2024 11:32:23.732395887 CEST | 49711 | 24327 | 192.168.2.6 | 91.211.248.215 |
Sep 26, 2024 11:32:23.737320900 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:23.977459908 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:24.016824007 CEST | 49711 | 24327 | 192.168.2.6 | 91.211.248.215 |
Sep 26, 2024 11:32:24.022330999 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:24.191739082 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:24.193017960 CEST | 49711 | 24327 | 192.168.2.6 | 91.211.248.215 |
Sep 26, 2024 11:32:24.197875023 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:24.367187977 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:24.418886900 CEST | 49711 | 24327 | 192.168.2.6 | 91.211.248.215 |
Sep 26, 2024 11:32:26.087980032 CEST | 49711 | 24327 | 192.168.2.6 | 91.211.248.215 |
Sep 26, 2024 11:32:26.092912912 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.263606071 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.309518099 CEST | 49711 | 24327 | 192.168.2.6 | 91.211.248.215 |
Sep 26, 2024 11:32:26.402757883 CEST | 49711 | 24327 | 192.168.2.6 | 91.211.248.215 |
Sep 26, 2024 11:32:26.407677889 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.407737970 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.407741070 CEST | 49711 | 24327 | 192.168.2.6 | 91.211.248.215 |
Sep 26, 2024 11:32:26.407748938 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.407785892 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.407793045 CEST | 49711 | 24327 | 192.168.2.6 | 91.211.248.215 |
Sep 26, 2024 11:32:26.407795906 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.407874107 CEST | 49711 | 24327 | 192.168.2.6 | 91.211.248.215 |
Sep 26, 2024 11:32:26.408128023 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.408186913 CEST | 49711 | 24327 | 192.168.2.6 | 91.211.248.215 |
Sep 26, 2024 11:32:26.408222914 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.408286095 CEST | 49711 | 24327 | 192.168.2.6 | 91.211.248.215 |
Sep 26, 2024 11:32:26.408443928 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.408452988 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.408504963 CEST | 49711 | 24327 | 192.168.2.6 | 91.211.248.215 |
Sep 26, 2024 11:32:26.409744024 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.409801960 CEST | 49711 | 24327 | 192.168.2.6 | 91.211.248.215 |
Sep 26, 2024 11:32:26.413697004 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.413716078 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.413724899 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.413741112 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.413747072 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.413763046 CEST | 49711 | 24327 | 192.168.2.6 | 91.211.248.215 |
Sep 26, 2024 11:32:26.413810015 CEST | 49711 | 24327 | 192.168.2.6 | 91.211.248.215 |
Sep 26, 2024 11:32:26.413810968 CEST | 49711 | 24327 | 192.168.2.6 | 91.211.248.215 |
Sep 26, 2024 11:32:26.413871050 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.413906097 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.413942099 CEST | 49711 | 24327 | 192.168.2.6 | 91.211.248.215 |
Sep 26, 2024 11:32:26.413959980 CEST | 49711 | 24327 | 192.168.2.6 | 91.211.248.215 |
Sep 26, 2024 11:32:26.413983107 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.414048910 CEST | 49711 | 24327 | 192.168.2.6 | 91.211.248.215 |
Sep 26, 2024 11:32:26.414063931 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.414120913 CEST | 49711 | 24327 | 192.168.2.6 | 91.211.248.215 |
Sep 26, 2024 11:32:26.414293051 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.414313078 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.414321899 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.414340973 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.414390087 CEST | 49711 | 24327 | 192.168.2.6 | 91.211.248.215 |
Sep 26, 2024 11:32:26.414542913 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.414592028 CEST | 49711 | 24327 | 192.168.2.6 | 91.211.248.215 |
Sep 26, 2024 11:32:26.419296026 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.419347048 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.419361115 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.419365883 CEST | 49711 | 24327 | 192.168.2.6 | 91.211.248.215 |
Sep 26, 2024 11:32:26.419394016 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.419418097 CEST | 49711 | 24327 | 192.168.2.6 | 91.211.248.215 |
Sep 26, 2024 11:32:26.419450045 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.419457912 CEST | 49711 | 24327 | 192.168.2.6 | 91.211.248.215 |
Sep 26, 2024 11:32:26.419461966 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.419523001 CEST | 49711 | 24327 | 192.168.2.6 | 91.211.248.215 |
Sep 26, 2024 11:32:26.419713974 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.419723988 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.419740915 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.419750929 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.419754982 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.419758081 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.419766903 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.419775009 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.419780970 CEST | 49711 | 24327 | 192.168.2.6 | 91.211.248.215 |
Sep 26, 2024 11:32:26.419791937 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.419799089 CEST | 49711 | 24327 | 192.168.2.6 | 91.211.248.215 |
Sep 26, 2024 11:32:26.419800043 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.419819117 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.419831991 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.419877052 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.419887066 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.419903994 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.419913054 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.419998884 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.420006037 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.420012951 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.420017004 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.420037985 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.420044899 CEST | 49711 | 24327 | 192.168.2.6 | 91.211.248.215 |
Sep 26, 2024 11:32:26.420047045 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.420088053 CEST | 49711 | 24327 | 192.168.2.6 | 91.211.248.215 |
Sep 26, 2024 11:32:26.420101881 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.420114040 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.420125961 CEST | 49711 | 24327 | 192.168.2.6 | 91.211.248.215 |
Sep 26, 2024 11:32:26.420140028 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.420149088 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.420191050 CEST | 49711 | 24327 | 192.168.2.6 | 91.211.248.215 |
Sep 26, 2024 11:32:26.420197010 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.420212030 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.420221090 CEST | 49711 | 24327 | 192.168.2.6 | 91.211.248.215 |
Sep 26, 2024 11:32:26.420249939 CEST | 49711 | 24327 | 192.168.2.6 | 91.211.248.215 |
Sep 26, 2024 11:32:26.420275927 CEST | 49711 | 24327 | 192.168.2.6 | 91.211.248.215 |
Sep 26, 2024 11:32:26.420315981 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.420361996 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.420366049 CEST | 49711 | 24327 | 192.168.2.6 | 91.211.248.215 |
Sep 26, 2024 11:32:26.420377970 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.420387030 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.420396090 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.420403957 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.420413017 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.420423985 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.420428991 CEST | 49711 | 24327 | 192.168.2.6 | 91.211.248.215 |
Sep 26, 2024 11:32:26.424119949 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.424130917 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.424141884 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.424150944 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.424209118 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.424220085 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.424243927 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.424256086 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.424369097 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.424401999 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.424411058 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.424421072 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.424607038 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.424619913 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.424628973 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.424638033 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.424645901 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.424654961 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.424670935 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.424685001 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.424705982 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.424715042 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.424767017 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.424777031 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.424796104 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.424804926 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.424814939 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.424869061 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.424877882 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.424911976 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.424932003 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.424941063 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.424952030 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.425034046 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.425045967 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.425070047 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.425079107 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.425091028 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.425160885 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.425175905 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.425185919 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.425205946 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.425261021 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.425266981 CEST | 49711 | 24327 | 192.168.2.6 | 91.211.248.215 |
Sep 26, 2024 11:32:26.425271988 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.425286055 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.425332069 CEST | 49711 | 24327 | 192.168.2.6 | 91.211.248.215 |
Sep 26, 2024 11:32:26.425348997 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.425544977 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.425554037 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.425561905 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.425570965 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.425580025 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.425587893 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.425599098 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.425611019 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.425627947 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.425636053 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.425674915 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.425715923 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.425764084 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.425786018 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.425868034 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.425899029 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.425964117 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.425982952 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.426040888 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.426049948 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.426110983 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.426131010 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.426219940 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.426230907 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.426336050 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.426347017 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.426543951 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.426553965 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.426562071 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.426570892 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.426579952 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.426588058 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.426597118 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.426604986 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.426625013 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.426635981 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.426763058 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.426774979 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.426981926 CEST | 49711 | 24327 | 192.168.2.6 | 91.211.248.215 |
Sep 26, 2024 11:32:26.427047968 CEST | 49711 | 24327 | 192.168.2.6 | 91.211.248.215 |
Sep 26, 2024 11:32:26.430201054 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.430254936 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.430318117 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.430326939 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.430366993 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.430382013 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.430408955 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.430419922 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.430468082 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.430479050 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.430505991 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.430535078 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.430605888 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.430619955 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.430638075 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.430701017 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.430759907 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.430771112 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.430844069 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.430855036 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.430871964 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.430886030 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.430955887 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.430967093 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.430977106 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.431049109 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.431123018 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.431188107 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.431196928 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.431262016 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.431267977 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.431312084 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.431354046 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.431406021 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.431420088 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.431436062 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.431444883 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.431483030 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.431490898 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.431519032 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.431549072 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.431610107 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.431618929 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.431628942 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.431736946 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.431746960 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.431756020 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.431781054 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.431790113 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.431835890 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.431848049 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.431922913 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.431936026 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.431945086 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.432202101 CEST | 49711 | 24327 | 192.168.2.6 | 91.211.248.215 |
Sep 26, 2024 11:32:26.432255030 CEST | 49711 | 24327 | 192.168.2.6 | 91.211.248.215 |
Sep 26, 2024 11:32:26.432763100 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.432773113 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.432842016 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.432863951 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.432939053 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.432950020 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.433017015 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.433037043 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.433101892 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.433114052 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.433152914 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.433181047 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.433303118 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.433357000 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.433391094 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.433455944 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.433480024 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.433490992 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.433568001 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.433582067 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.433664083 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.433675051 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.433716059 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.433763027 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.433798075 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.433839083 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.433957100 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.433968067 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.434031010 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.434088945 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.434130907 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.434168100 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.434250116 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.434263945 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.434299946 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.434312105 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.434323072 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.434376955 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.434428930 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.434442043 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.434478998 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.434492111 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.434565067 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.434580088 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.434622049 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.434633970 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.434669018 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.434679985 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.434746981 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.434760094 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.434770107 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.434779882 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.434839964 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.434849024 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.435087919 CEST | 49711 | 24327 | 192.168.2.6 | 91.211.248.215 |
Sep 26, 2024 11:32:26.435153008 CEST | 49711 | 24327 | 192.168.2.6 | 91.211.248.215 |
Sep 26, 2024 11:32:26.437041044 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.437135935 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.437145948 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.437201023 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.437223911 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.437309980 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.437315941 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.437360048 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.437370062 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.437405109 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.437427044 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.437443972 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.437453985 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.437500000 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.437513113 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.437681913 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.437694073 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.437716961 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.437731028 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.437752962 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.437762022 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.437809944 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.437818050 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.437916040 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.437927008 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.437947035 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.437961102 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.437992096 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.438005924 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.438043118 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.438054085 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.438203096 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.438214064 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.438221931 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.438231945 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.438249111 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.438263893 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.438288927 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.438329935 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.438416004 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.438472986 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.438500881 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.438512087 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.438523054 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.438544035 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.438601017 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.438611984 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.438632011 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.438642979 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.438678980 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.438689947 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.438721895 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.438733101 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.438766003 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.439208031 CEST | 49711 | 24327 | 192.168.2.6 | 91.211.248.215 |
Sep 26, 2024 11:32:26.439273119 CEST | 49711 | 24327 | 192.168.2.6 | 91.211.248.215 |
Sep 26, 2024 11:32:26.440069914 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.440073967 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.440079927 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.440084934 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.440097094 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.440105915 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.440140009 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.440234900 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.440243959 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.440253019 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.440295935 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.440306902 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.440327883 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.440336943 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.440375090 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.440386057 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.440407991 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.440419912 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.440459013 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.440469980 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.440500021 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.440551043 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.440598011 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.440608025 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.440615892 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.440624952 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.440645933 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.440654039 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.440670013 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.440687895 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.440819979 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.440836906 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.440979004 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.440988064 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.440998077 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.441005945 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.441026926 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.441035986 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.441044092 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.441056013 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.441066027 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.441078901 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.441127062 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.441137075 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.441180944 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.441190958 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.441215038 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.441224098 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.441313028 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.441323996 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.441374063 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.441384077 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.441410065 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.441418886 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.441627979 CEST | 49711 | 24327 | 192.168.2.6 | 91.211.248.215 |
Sep 26, 2024 11:32:26.441692114 CEST | 49711 | 24327 | 192.168.2.6 | 91.211.248.215 |
Sep 26, 2024 11:32:26.444094896 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.444106102 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.444117069 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.444133997 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.444191933 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.444201946 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.444224119 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.444272995 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.444318056 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.444329023 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.444369078 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.444381952 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.444447041 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.444459915 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.444488049 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.444498062 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.444524050 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.444534063 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.444582939 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.444593906 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.444603920 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.444617987 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.444652081 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.444662094 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.444719076 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.444735050 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.444753885 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.444763899 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.444811106 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.444820881 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.444868088 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.444880962 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.444911003 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.444921970 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.444933891 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.444997072 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.445010900 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.445019960 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.445049047 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.445058107 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.445101023 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.445110083 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.445158005 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.445168018 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.445235968 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.445246935 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.445267916 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.445276976 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.445287943 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.445307970 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.445358038 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.445364952 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.445431948 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.446585894 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.446594000 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.446609020 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.446619987 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.446667910 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.446861029 CEST | 49711 | 24327 | 192.168.2.6 | 91.211.248.215 |
Sep 26, 2024 11:32:26.446944952 CEST | 49711 | 24327 | 192.168.2.6 | 91.211.248.215 |
Sep 26, 2024 11:32:26.490483046 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:26.490678072 CEST | 49711 | 24327 | 192.168.2.6 | 91.211.248.215 |
Sep 26, 2024 11:32:26.538522959 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:27.130790949 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:27.181688070 CEST | 49711 | 24327 | 192.168.2.6 | 91.211.248.215 |
Sep 26, 2024 11:32:27.186940908 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:27.356564045 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:27.398082972 CEST | 49711 | 24327 | 192.168.2.6 | 91.211.248.215 |
Sep 26, 2024 11:32:27.402975082 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:27.572617054 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:27.574784040 CEST | 49711 | 24327 | 192.168.2.6 | 91.211.248.215 |
Sep 26, 2024 11:32:27.579878092 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:27.749222040 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:27.754492998 CEST | 49711 | 24327 | 192.168.2.6 | 91.211.248.215 |
Sep 26, 2024 11:32:27.759514093 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:27.759522915 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:27.759537935 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:27.759542942 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:27.929349899 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:27.930030107 CEST | 49711 | 24327 | 192.168.2.6 | 91.211.248.215 |
Sep 26, 2024 11:32:27.934984922 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:28.104507923 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:28.105518103 CEST | 49711 | 24327 | 192.168.2.6 | 91.211.248.215 |
Sep 26, 2024 11:32:28.110444069 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:28.280884981 CEST | 24327 | 49711 | 91.211.248.215 | 192.168.2.6 |
Sep 26, 2024 11:32:28.325145006 CEST | 49711 | 24327 | 192.168.2.6 | 91.211.248.215 |
Sep 26, 2024 11:32:28.355607033 CEST | 49711 | 24327 | 192.168.2.6 | 91.211.248.215 |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 05:32:05 |
Start date: | 26/09/2024 |
Path: | C:\Users\user\Desktop\file.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x580000 |
File size: | 321'536 bytes |
MD5 hash: | 2CFC1AA34C34F4968B099AA7646097A5 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 1 |
Start time: | 05:32:05 |
Start date: | 26/09/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff66e660000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 3 |
Start time: | 05:32:07 |
Start date: | 26/09/2024 |
Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x510000 |
File size: | 65'440 bytes |
MD5 hash: | 0D5DF43AF2916F47D00C1573797C1A13 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
Has exited: | true |
Execution Graph
Execution Coverage: | 40% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 30% |
Total number of Nodes: | 20 |
Total number of Limit Nodes: | 0 |
Graph
Callgraph
Function 02A92139 Relevance: 42.3, APIs: 10, Strings: 14, Instructions: 282threadinjectionmemoryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02911268 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02911270 Relevance: 1.6, APIs: 1, Instructions: 56COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Execution Graph
Execution Coverage: | 9% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 0% |
Total number of Nodes: | 82 |
Total number of Limit Nodes: | 7 |
Graph
Function 060F3F50 Relevance: .5, Instructions: 526COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 04DE6948 Relevance: .5, Instructions: 499COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060F67D8 Relevance: .4, Instructions: 416COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060FA3D8 Relevance: .3, Instructions: 297COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060FA3E8 Relevance: .3, Instructions: 289COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 04DE7C20 Relevance: .3, Instructions: 279COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 04DE5A43 Relevance: .2, Instructions: 181COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 04DE7C10 Relevance: .1, Instructions: 130COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C1AE30 Relevance: 1.7, APIs: 1, Instructions: 209COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C15935 Relevance: 1.6, APIs: 1, Instructions: 101COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 04DE0BFC Relevance: 1.6, APIs: 1, Instructions: 97COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C14248 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C1C9A0 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C1D2F9 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C1B020 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060F59C8 Relevance: 1.5, Strings: 1, Instructions: 286COMMON
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060D1BA0 Relevance: 1.4, Instructions: 1438COMMON
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060D3838 Relevance: .9, Instructions: 875COMMON
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060D00D8 Relevance: .7, Instructions: 676COMMON
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060D0D80 Relevance: .6, Instructions: 616COMMON
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060F48B8 Relevance: .6, Instructions: 595COMMON
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060D2071 Relevance: .6, Instructions: 569COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060D00B8 Relevance: .3, Instructions: 338COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060D1582 Relevance: .3, Instructions: 336COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060D0753 Relevance: .3, Instructions: 310COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060D06DB Relevance: .3, Instructions: 309COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060D0663 Relevance: .3, Instructions: 309COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060D05EB Relevance: .3, Instructions: 308COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060F48A8 Relevance: .3, Instructions: 279COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060F7D58 Relevance: .1, Instructions: 147COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060D2FC8 Relevance: .1, Instructions: 143COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060D34D8 Relevance: .1, Instructions: 143COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060D3818 Relevance: .1, Instructions: 137COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060F7D4C Relevance: .1, Instructions: 130COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060F3DE0 Relevance: .1, Instructions: 113COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060F5579 Relevance: .1, Instructions: 103COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060F84C8 Relevance: .1, Instructions: 102COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060F5588 Relevance: .1, Instructions: 96COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060F87A0 Relevance: .1, Instructions: 93COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060F8796 Relevance: .1, Instructions: 80COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060F8A98 Relevance: .1, Instructions: 77COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BBD3D8 Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BBD4C4 Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060D1069 Relevance: .1, Instructions: 73COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060F8F42 Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BCD01C Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060F8A8C Relevance: .1, Instructions: 69COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BCD006 Relevance: .1, Instructions: 60COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060F6E72 Relevance: .1, Instructions: 58COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BBD4BF Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BBD3D3 Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060FBC5F Relevance: .1, Instructions: 55COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060F8350 Relevance: .0, Instructions: 50COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060FBC70 Relevance: .0, Instructions: 46COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BBDAA5 Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060F5508 Relevance: .0, Instructions: 42COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060FE8B0 Relevance: .0, Instructions: 41COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060FB358 Relevance: .0, Instructions: 40COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060F8F50 Relevance: .0, Instructions: 37COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BBDAA4 Relevance: .0, Instructions: 36COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060F6EA0 Relevance: .0, Instructions: 35COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060FADE9 Relevance: .0, Instructions: 35COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060F67C8 Relevance: .0, Instructions: 34COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060F8341 Relevance: .0, Instructions: 34COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060FC170 Relevance: .0, Instructions: 34COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060F54F8 Relevance: .0, Instructions: 33COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060FC110 Relevance: .0, Instructions: 33COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060F8FC0 Relevance: .0, Instructions: 33COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060FACB8 Relevance: .0, Instructions: 33COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060FB368 Relevance: .0, Instructions: 32COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060FADF8 Relevance: .0, Instructions: 28COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060FC180 Relevance: .0, Instructions: 27COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060FB500 Relevance: .0, Instructions: 25COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060FC120 Relevance: .0, Instructions: 25COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060FCC38 Relevance: .0, Instructions: 25COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060F5698 Relevance: .0, Instructions: 24COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060FE280 Relevance: .0, Instructions: 23COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060FCE88 Relevance: .0, Instructions: 23COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060FE1FF Relevance: .0, Instructions: 22COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060FAC80 Relevance: .0, Instructions: 20COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060FB510 Relevance: .0, Instructions: 19COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060FE8F8 Relevance: .0, Instructions: 18COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060FE210 Relevance: .0, Instructions: 16COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060FF8EA Relevance: .0, Instructions: 14COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060F3721 Relevance: .0, Instructions: 11COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060FDFD1 Relevance: .0, Instructions: 8COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060F6FE8 Relevance: .8, Instructions: 786COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 060F6FF8 Relevance: .8, Instructions: 780COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 04DE0040 Relevance: .3, Instructions: 315COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C1DC74 Relevance: .3, Instructions: 264COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 04DE0007 Relevance: .2, Instructions: 244COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|