Windows
Analysis Report
file.exe
Overview
General Information
Detection
Score: | 84 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- file.exe (PID: 7484 cmdline:
"C:\Users\ user\Deskt op\file.ex e" MD5: 661C97C107EFC1D69510C2C4EA7AAD09) - WerFault.exe (PID: 7692 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 7 484 -s 177 6 MD5: C31336C1EFC2CCB44B4326EA793040F2)
- cleanup
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_RiseProStealer | Yara detected RisePro Stealer | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_RiseProStealer | Yara detected RisePro Stealer | Joe Security | ||
JoeSecurity_RiseProStealer | Yara detected RisePro Stealer | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_RiseProStealer | Yara detected RisePro Stealer | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security |
Timestamp: | 04/26/24-11:06:02.426603 |
SID: | 2046266 |
Source Port: | 50500 |
Destination Port: | 49732 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/26/24-11:06:02.187295 |
SID: | 2049060 |
Source Port: | 49732 |
Destination Port: | 50500 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Click to jump to signature section
AV Detection |
---|
Source: | Virustotal: | Perma Link |
Source: | Static PE information: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Networking |
---|
Source: | Snort IDS: | ||
Source: | Snort IDS: |
Source: | TCP traffic: |
Source: | IP Address: | ||
Source: | IP Address: | ||
Source: | IP Address: |
Source: | ASN Name: |
Source: | JA3 fingerprint: |
Source: | DNS query: | ||
Source: | DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | Code function: | 0_2_00E04EB0 |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Code function: | 0_2_00DBF730 | |
Source: | Code function: | 0_2_00D4B8E0 | |
Source: | Code function: | 0_2_00DC2100 | |
Source: | Code function: | 0_2_010C65C2 | |
Source: | Code function: | 0_2_00D7C950 | |
Source: | Code function: | 0_2_00D7A918 | |
Source: | Code function: | 0_2_00D98BA0 | |
Source: | Code function: | 0_2_00ED72CE | |
Source: | Code function: | 0_2_010D757B | |
Source: | Code function: | 0_2_00D6F570 | |
Source: | Code function: | 0_2_00E2BFC0 |
Source: | Process created: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Virustotal: |
Source: | File read: | Jump to behavior |
Source: | Process created: | ||
Source: | Process created: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Static file information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | 0_2_00F4ED37 | |
Source: | Code function: | 0_2_00F106DE | |
Source: | Code function: | 0_2_010FCCFF | |
Source: | Code function: | 0_2_00FA8FDF | |
Source: | Code function: | 0_2_01067998 | |
Source: | Code function: | 0_2_01069907 | |
Source: | Code function: | 0_2_01067998 | |
Source: | Code function: | 0_2_00EFF50E |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Registry key monitored for changes: | Jump to behavior | ||
Source: | Registry key monitored for changes: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | Stalling execution: | graph_0-40533 |
Source: | Code function: | 0_2_0118654D |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Source: | Code function: | 0_2_0118654D |
Source: | Registry key value queried: | Jump to behavior | ||
Source: | Registry key value queried: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Code function: | 0_2_00D7360D |
Source: | Key value queried: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 DLL Side-Loading | 1 Process Injection | 1 Masquerading | 1 OS Credential Dumping | 1 System Time Discovery | Remote Services | 1 Email Collection | 11 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 1 Virtualization/Sandbox Evasion | 1 Credential API Hooking | 1 Query Registry | Remote Desktop Protocol | 1 Credential API Hooking | 1 Non-Standard Port | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Process Injection | Security Account Manager | 31 Security Software Discovery | SMB/Windows Admin Shares | 1 Archive Collected Data | 2 Ingress Tool Transfer | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Obfuscated Files or Information | NTDS | 1 Virtualization/Sandbox Evasion | Distributed Component Object Model | 2 Data from Local System | 2 Non-Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 DLL Side-Loading | LSA Secrets | 1 Process Discovery | SSH | Keylogging | 13 Application Layer Protocol | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | Steganography | Cached Domain Credentials | 1 System Network Configuration Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | Compile After Delivery | DCSync | 1 File and Directory Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | Indicator Removal from Tools | Proc Filesystem | 24 System Information Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
22% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
ipinfo.io | 34.117.186.192 | true | false | high | |
db-ip.com | 104.26.4.15 | true | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high | ||
false | high |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
34.117.186.192 | ipinfo.io | United States | 139070 | GOOGLE-AS-APGoogleAsiaPacificPteLtdSG | false | |
45.15.156.9 | unknown | Russian Federation | 39493 | RU-KSTVKolomnaGroupofcompaniesGuarantee-tvRU | true | |
104.26.4.15 | db-ip.com | United States | 13335 | CLOUDFLARENETUS | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1432049 |
Start date and time: | 2024-04-26 11:05:08 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 6m 9s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 9 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | file.exe |
Detection: | MAL |
Classification: | mal84.troj.spyw.evad.winEXE@2/28@2/3 |
EGA Information: |
|
HCA Information: | Failed |
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 104.208.16.94
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, login.live.com, slscr.update.microsoft.com, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com, onedsblobprdcus16.centralus.cloudapp.azure.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtCreateFile calls found.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
Time | Type | Description |
---|---|---|
11:06:21 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
34.117.186.192 | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Planet Stealer | Browse |
| ||
Get hash | malicious | Planet Stealer | Browse |
| ||
Get hash | malicious | Xmrig | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | RedLine | Browse |
| ||
Get hash | malicious | RedLine | Browse |
| ||
45.15.156.9 | Get hash | malicious | Unknown | Browse |
| |
104.26.4.15 | Get hash | malicious | Nemty, Xmrig | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
ipinfo.io | Get hash | malicious | RisePro Stealer | Browse |
| |
Get hash | malicious | RisePro Stealer | Browse |
| ||
Get hash | malicious | PureLog Stealer, RisePro Stealer, zgRAT | Browse |
| ||
Get hash | malicious | Clipboard Hijacker, RisePro Stealer | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Clipboard Hijacker, RisePro Stealer | Browse |
| ||
Get hash | malicious | RisePro Stealer | Browse |
| ||
Get hash | malicious | NovaSentinel | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
db-ip.com | Get hash | malicious | RisePro Stealer | Browse |
| |
Get hash | malicious | RisePro Stealer | Browse |
| ||
Get hash | malicious | PureLog Stealer, RisePro Stealer, zgRAT | Browse |
| ||
Get hash | malicious | Clipboard Hijacker, RisePro Stealer | Browse |
| ||
Get hash | malicious | Clipboard Hijacker, RisePro Stealer | Browse |
| ||
Get hash | malicious | RisePro Stealer | Browse |
| ||
Get hash | malicious | RisePro Stealer | Browse |
| ||
Get hash | malicious | RisePro Stealer | Browse |
| ||
Get hash | malicious | Clipboard Hijacker, RisePro Stealer | Browse |
| ||
Get hash | malicious | LummaC, RisePro Stealer | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
GOOGLE-AS-APGoogleAsiaPacificPteLtdSG | Get hash | malicious | RisePro Stealer | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | RisePro Stealer | Browse |
| ||
Get hash | malicious | PureLog Stealer, RisePro Stealer, zgRAT | Browse |
| ||
Get hash | malicious | Clipboard Hijacker, RisePro Stealer | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
RU-KSTVKolomnaGroupofcompaniesGuarantee-tvRU | Get hash | malicious | RisePro Stealer | Browse |
| |
Get hash | malicious | RedLine | Browse |
| ||
Get hash | malicious | PureLog Stealer, RisePro Stealer, zgRAT | Browse |
| ||
Get hash | malicious | RedLine | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Glupteba, Mars Stealer, PureLog Stealer, Stealc, Vidar, zgRAT | Browse |
| ||
Get hash | malicious | Glupteba, Mars Stealer, PureLog Stealer, Vidar, zgRAT | Browse |
| ||
Get hash | malicious | RedLine | Browse |
| ||
Get hash | malicious | Glupteba, Mars Stealer, Phorpiex, PureLog Stealer, Stealc, Vidar, zgRAT | Browse |
| ||
Get hash | malicious | RedLine | Browse |
| ||
CLOUDFLARENETUS | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
a0e9f5d64349fb13191bc781f81f42e1 | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | RisePro Stealer | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | RisePro Stealer | Browse |
| ||
Get hash | malicious | PureLog Stealer, RisePro Stealer, zgRAT | Browse |
| ||
Get hash | malicious | DBatLoader | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | Clipboard Hijacker, RisePro Stealer | Browse |
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_ff31866d17fa18c7913366427148ad386_8682c2da_5ca5d425-8a52-4555-bdfc-fbe386d59aef\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 1.0453041501471347 |
Encrypted: | false |
SSDEEP: | 192:8iB7MYZtvRPFPw0LnaII3j/ZrUyjcKzuiFWZ24IO8TVB:FNbDRtPLLnaPjyKzuiFWY4IO8X |
MD5: | F323BA6BF012D2B3F7D2D69A3BABA004 |
SHA1: | D6B844B5BD4B08F7443CA7BA3D39E791E6016444 |
SHA-256: | 10E55CA9DA0633A8DDB4E7CB5BECE0C84152AE44F6FEAFACF24942C5F555B77C |
SHA-512: | 91BDB9D395C92F7CF64F1173C4ABBC02A27F7D7FA1D719AE14447DD31AFE77B2A59F4E9B603A8320F85FA44EA398BBB70D9A17CF3D685983E529056FD7DCF5BA |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 100640 |
Entropy (8bit): | 2.013335064595714 |
Encrypted: | false |
SSDEEP: | 384:E3mzvVPuMRtvkste0Q4qpzr/JN8MzVHsGhDtdQo2VZEyKGY2sV5s3Eu:qmzvRtvkstIHZjMV |
MD5: | 6FBBD37E8077841608CDBD733068448E |
SHA1: | EF2BA196A7D9974F50EAB86C8FA02143C68D810D |
SHA-256: | B4C2DAD4985039BAA94589DE1A768402F949AEA1DABBA6CC2FC1FBBD99B6BB5F |
SHA-512: | CC756CC2FC668EDD361F40D9E9C7B87D6CC347154A4E973CF8347C42519975D94D82DFCD0F0840DCD361F39ACD7F33D91EB1548DDDA6E99D42F29801D260C2A1 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8362 |
Entropy (8bit): | 3.6973699778685862 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJNC76R6Y9tSURrgmfBjgJJEprt89bJBsftB7iDm:R6lXJU6R6YnSURrgmflgJJrJ6ftNP |
MD5: | 03C0CD9B88DB39A3D76B8936E06C6FA6 |
SHA1: | 54331A7170B6E71D79B07BEB73BAA3A5BA2B03D5 |
SHA-256: | 93A807116390AB34B238B982B35B209B31F12F3F4EE37B4CD44050AE5DA7941C |
SHA-512: | C1CCA91FE5E92026A56CCF86190AA898F826774F44D33F35CBD3BF2AC27BE8650E79FF6E1B8D174C83B627ED03F7153B18EB15413CAEFEFAE98EB51457542986 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4612 |
Entropy (8bit): | 4.485616011345078 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zsHJg77aI9n8WpW8VYmYm8M4JDX7yFR3+q8Qpx81jAwygIqwhQd:uIjfpI7V17VWJDU3v01jogIqwhQd |
MD5: | F6A0DB1CADC69C0CEF23375F5F02658F |
SHA1: | CC2064C0A69024966D1B2FB618875C7E63232A08 |
SHA-256: | 71729E4885F31CAC87DC809452D8E6788BE7F9616B0D40DD6BBE00040721C967 |
SHA-512: | C391C5C73D246CA156DEF29C2908C223E8A8CCBE35FF1D20ABB7DCABDCFD91FD83526AD60B64161E25C7352AD45711CD36FD13B28037F144C6117117E9084C98 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\file.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 682693 |
Entropy (8bit): | 7.997726461352831 |
Encrypted: | true |
SSDEEP: | 12288:B7xVTNIXI3zlzcUu/pxN46wOgOLa24fU1ppBWu5/LFwQwFu59Ili9b+SmUXOVe8Q:1/xyCzNI5wLOei1nBtp/XvAqLmUXOVe5 |
MD5: | 5C5364317FE56EE9B669063CCCF2E628 |
SHA1: | 53C95FB3C96283DB1ECE644EC9E517F0BD312427 |
SHA-256: | 7F7DB8524A80E42428B79A4DB5E618210F1B0EF844AA3CD33EEDA26403A0ECDF |
SHA-512: | 8E555A8CDFEF62D5E1B0DADC1D5687A7FCC5EE52B7CA7AC4BBF61253656D8BD690AAC9D78B6B724EFF288DFA3062A9C0237ADE9988092231D900740AB30F624E |
Malicious: | true |
Yara Hits: |
|
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\file.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 98304 |
Entropy (8bit): | 0.08235737944063153 |
Encrypted: | false |
SSDEEP: | 12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO |
MD5: | 369B6DD66F1CAD49D0952C40FEB9AD41 |
SHA1: | D05B2DE29433FB113EC4C558FF33087ED7481DD4 |
SHA-256: | 14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D |
SHA-512: | 771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928 |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
Process: | C:\Users\user\Desktop\file.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 106496 |
Entropy (8bit): | 1.1358696453229276 |
Encrypted: | false |
SSDEEP: | 192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544 |
MD5: | 28591AA4E12D1C4FC761BE7C0A468622 |
SHA1: | BC4968A84C19377D05A8BB3F208FBFAC49F4820B |
SHA-256: | 51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9 |
SHA-512: | 5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
Process: | C:\Users\user\Desktop\file.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 5242880 |
Entropy (8bit): | 0.037963276276857943 |
Encrypted: | false |
SSDEEP: | 192:58rJQaXoMXp0VW9FxWZWdgokBQNba9D3DO/JxW/QHI:58r54w0VW3xWZWdOBQFal3dQ |
MD5: | C0FDF21AE11A6D1FA1201D502614B622 |
SHA1: | 11724034A1CC915B061316A96E79E9DA6A00ADE8 |
SHA-256: | FD4EB46C81D27A9B3669C0D249DF5CE2B49E5F37B42F917CA38AB8831121ADAC |
SHA-512: | A6147C196B033725018C7F28C1E75E20C2113A0C6D8172F5EABCB8FF334EA6CE10B758FFD1D22D50B4DB5A0A21BCC15294AC44E94D973F7A3EB9F8558F31769B |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
Process: | C:\Users\user\Desktop\file.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 5242880 |
Entropy (8bit): | 0.037963276276857943 |
Encrypted: | false |
SSDEEP: | 192:58rJQaXoMXp0VW9FxWZWdgokBQNba9D3DO/JxW/QHI:58r54w0VW3xWZWdOBQFal3dQ |
MD5: | C0FDF21AE11A6D1FA1201D502614B622 |
SHA1: | 11724034A1CC915B061316A96E79E9DA6A00ADE8 |
SHA-256: | FD4EB46C81D27A9B3669C0D249DF5CE2B49E5F37B42F917CA38AB8831121ADAC |
SHA-512: | A6147C196B033725018C7F28C1E75E20C2113A0C6D8172F5EABCB8FF334EA6CE10B758FFD1D22D50B4DB5A0A21BCC15294AC44E94D973F7A3EB9F8558F31769B |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
Process: | C:\Users\user\Desktop\file.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 49152 |
Entropy (8bit): | 0.8180424350137764 |
Encrypted: | false |
SSDEEP: | 96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG |
MD5: | 349E6EB110E34A08924D92F6B334801D |
SHA1: | BDFB289DAFF51890CC71697B6322AA4B35EC9169 |
SHA-256: | C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A |
SHA-512: | 2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\file.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 106496 |
Entropy (8bit): | 1.1358696453229276 |
Encrypted: | false |
SSDEEP: | 192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544 |
MD5: | 28591AA4E12D1C4FC761BE7C0A468622 |
SHA1: | BC4968A84C19377D05A8BB3F208FBFAC49F4820B |
SHA-256: | 51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9 |
SHA-512: | 5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\file.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 126976 |
Entropy (8bit): | 0.47147045728725767 |
Encrypted: | false |
SSDEEP: | 96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u |
MD5: | A2D1F4CF66465F9F0CAC61C4A95C7EDE |
SHA1: | BA6A845E247B221AAEC96C4213E1FD3744B10A27 |
SHA-256: | B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE |
SHA-512: | C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\file.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 28672 |
Entropy (8bit): | 2.5793180405395284 |
Encrypted: | false |
SSDEEP: | 96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz |
MD5: | 41EA9A4112F057AE6BA17E2838AEAC26 |
SHA1: | F2B389103BFD1A1A050C4857A995B09FEAFE8903 |
SHA-256: | CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB |
SHA-512: | 29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\file.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 159744 |
Entropy (8bit): | 0.7873599747470391 |
Encrypted: | false |
SSDEEP: | 96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v |
MD5: | 6A6BAD38068B0F6F2CADC6464C4FE8F0 |
SHA1: | 4E3B235898D8E900548613DDB6EA59CDA5EB4E68 |
SHA-256: | 0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982 |
SHA-512: | BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\file.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 40960 |
Entropy (8bit): | 0.8553638852307782 |
Encrypted: | false |
SSDEEP: | 48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil |
MD5: | 28222628A3465C5F0D4B28F70F97F482 |
SHA1: | 1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14 |
SHA-256: | 93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4 |
SHA-512: | C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\file.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 40960 |
Entropy (8bit): | 0.8553638852307782 |
Encrypted: | false |
SSDEEP: | 48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil |
MD5: | 28222628A3465C5F0D4B28F70F97F482 |
SHA1: | 1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14 |
SHA-256: | 93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4 |
SHA-512: | C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\file.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 159744 |
Entropy (8bit): | 0.7873599747470391 |
Encrypted: | false |
SSDEEP: | 96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v |
MD5: | 6A6BAD38068B0F6F2CADC6464C4FE8F0 |
SHA1: | 4E3B235898D8E900548613DDB6EA59CDA5EB4E68 |
SHA-256: | 0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982 |
SHA-512: | BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\file.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 126976 |
Entropy (8bit): | 0.47147045728725767 |
Encrypted: | false |
SSDEEP: | 96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u |
MD5: | A2D1F4CF66465F9F0CAC61C4A95C7EDE |
SHA1: | BA6A845E247B221AAEC96C4213E1FD3744B10A27 |
SHA-256: | B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE |
SHA-512: | C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\file.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 114688 |
Entropy (8bit): | 0.9746603542602881 |
Encrypted: | false |
SSDEEP: | 192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn |
MD5: | 780853CDDEAEE8DE70F28A4B255A600B |
SHA1: | AD7A5DA33F7AD12946153C497E990720B09005ED |
SHA-256: | 1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3 |
SHA-512: | E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\file.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 106496 |
Entropy (8bit): | 1.1358696453229276 |
Encrypted: | false |
SSDEEP: | 192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544 |
MD5: | 28591AA4E12D1C4FC761BE7C0A468622 |
SHA1: | BC4968A84C19377D05A8BB3F208FBFAC49F4820B |
SHA-256: | 51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9 |
SHA-512: | 5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\file.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 114688 |
Entropy (8bit): | 0.9746603542602881 |
Encrypted: | false |
SSDEEP: | 192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn |
MD5: | 780853CDDEAEE8DE70F28A4B255A600B |
SHA1: | AD7A5DA33F7AD12946153C497E990720B09005ED |
SHA-256: | 1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3 |
SHA-512: | E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\file.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 114688 |
Entropy (8bit): | 0.9746603542602881 |
Encrypted: | false |
SSDEEP: | 192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn |
MD5: | 780853CDDEAEE8DE70F28A4B255A600B |
SHA1: | AD7A5DA33F7AD12946153C497E990720B09005ED |
SHA-256: | 1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3 |
SHA-512: | E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\file.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 6085 |
Entropy (8bit): | 6.038274200863744 |
Encrypted: | false |
SSDEEP: | 96:gxsumX/xKO2KbcRfbZJ5Jxjxcx1xcbza5BC126oxgxA26Fxr/CxbTxqCGYURxOeb:gWFXZQHRFJ5Pts7c3avC126Ygb6Lr/WY |
MD5: | ACB5AD34236C58F9F7D219FB628E3B58 |
SHA1: | 02E39404CA22F1368C46A7B8398F5F6001DB8F5C |
SHA-256: | 05E5013B848C2E619226F9E7A084DC7DCD1B3D68EE45108F552DB113D21B49D1 |
SHA-512: | 5895F39765BA3CEDFD47D57203FD7E716347CD79277EDDCDC83A729A86E2E59F03F0E7B6B0D0E7C7A383755001EDACC82171052BE801E015E6BF7E6B9595767F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\trixyKRfwTJj1oH7F\History\Firefox_fqs92o4p.default-release.txt
Download File
Process: | C:\Users\user\Desktop\file.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 112 |
Entropy (8bit): | 4.911305722693245 |
Encrypted: | false |
SSDEEP: | 3:N8DSLvIJiMgTE2WdkQUl7R8DSLvIJiMhKVX3L2WdkQUlv:2OLciodq7R8OLciA8dqv |
MD5: | 978B9515D3688A43726604AC169DF379 |
SHA1: | D61293AB99332FC45CAE37D78AB17A5DA5BCD189 |
SHA-256: | CDEF3FB1CE312E4B67DC5F1B1F9FB551241C08564FDB26AFA4CBF448BB02EA65 |
SHA-512: | 86146AA576129B73743B1EBC0BC60880FDA58A11498048B3C68284C4520F1ADC324D016696B0E995A51AC56966E0F38B0AF12458A986868701C6AAAA89C829CB |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\file.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 6578 |
Entropy (8bit): | 5.393536152761999 |
Encrypted: | false |
SSDEEP: | 96:xrhUX5RsMcT4Aisph+9hcm4ozWqbnMAANUbg3x:x2uMvAtphWhcmRzWCQB |
MD5: | A87B717AB3416F3EFFB7617D5E9BC503 |
SHA1: | A03F63B6528403E047C859D3764611BF35BC67A4 |
SHA-256: | D17F3191EBD234E2E12820B1E07F169975520CAD929733DCAC561CAF2EDE11EA |
SHA-512: | EADBF76071620E58FA818B372EE2227595A4751C4438DF72130A4704734908AB00529080EECDC94B5A2608B4DEFDA49C0EEA20F7A4361FDF8DBCFF3BB0264099 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\file.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4897 |
Entropy (8bit): | 2.518316437186352 |
Encrypted: | false |
SSDEEP: | 48:4MMMMMMMMMMdMMMM1MMMMMMMM1MMMMMMMM1MMMMMMMM1MMMMMMMMMMdMMMMMMMM3:q |
MD5: | B3E9D0E1B8207AA74CB8812BAAF52EAE |
SHA1: | A2DCE0FB6B0BBC955A1E72EF3D87CADCC6E3CC6B |
SHA-256: | 4993311FC913771ACB526BB5EF73682EDA69CD31AC14D25502E7BDA578FFA37C |
SHA-512: | B17ADF4AA80CADC581A09C72800DA22F62E5FB32953123F2C513D2E88753C430CC996E82AAE7190C8CB3340FCF2D9E0D759D99D909D2461369275FBE5C68C27A |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\file.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 694803 |
Entropy (8bit): | 7.926990286530075 |
Encrypted: | false |
SSDEEP: | 12288:0MfOlYUQ8lm8cucFVuBW2Prl3vy+mYkhicXNAZm2AaY1ZlyGflqFzLngnWy:0+jUQ3l09Pp3a+jkhTXufAJ1ZAGdAz7A |
MD5: | 5197E300B883745269B55B3D632AFDCA |
SHA1: | 1745A7ACE8AE581ECC066E7EF86852E32432C150 |
SHA-256: | 2B26C45D5788B47C29A3E6B9EE41182428DC8599D4D35431DC4A360FBC55FD8F |
SHA-512: | 718AB8AB2B5B0240F026F0B944B519A7BBE6FA681DBB3793D19E4149A2D507D9CAF1D2CF182C2E25A199271B2269E0DAF15D6C5A57D2AFA093B4BA87F595303D |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1835008 |
Entropy (8bit): | 4.465264856402223 |
Encrypted: | false |
SSDEEP: | 6144:YIXfpi67eLPU9skLmb0b4+WSPKaJG8nAgejZMMhA2gX4WABl0uNPdwBCswSbv:NXD94+WlLZMM6YFH1+v |
MD5: | 25CEC659CF9437E08507DFC09B68FD7F |
SHA1: | DC36DE33C526A9852FE066D5112DFC0B0786E139 |
SHA-256: | 0DAB69FFBBD1C8BF43B268FE55613B55B35581A80456F134E3AE17E83A601142 |
SHA-512: | 215464F2CA30EE35AFBA2EBCA40AF960AA1DCD4D35DA2E50F67CDE02C16DE97CCAE48ED7351C7DD12EE755002C659A3A7EE3FE11597628A069AE27C50797A823 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.951628183843546 |
TrID: |
|
File name: | file.exe |
File size: | 4'114'680 bytes |
MD5: | 661c97c107efc1d69510c2c4ea7aad09 |
SHA1: | 90a923d3c504672057fbdc3fbf42c3be8db5fd8c |
SHA256: | be630b379514bcea2ea2bb6285c966812b818b49c345ff5ce2ee2e714543f5dd |
SHA512: | f1555908939608c7d6ed5a7399244f89e36aa2c7c16553c90bef1773cfb4c6ab03bf5826df16a33c47b310558a0f756d8532fe57ad3dbf8b2b6ccba46786ddc5 |
SSDEEP: | 98304:a3K5NmPuOHVVLMvyTEZX9D4EoCckgOC6299LDmZkzvEaa:wK5N+HVWW6jdckNRNyz8aa |
TLSH: | CC16339E3BD25078CCA926F48F02B67C76B61D6892718C5D58987EDE9FF3261B032143 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...^.%f...............'............b.|...........@..........................P......4K?...@................................ |
Icon Hash: | 781a1a3a391cb894 |
Entrypoint: | 0xbc0262 |
Entrypoint Section: | .vmp |
Digitally signed: | true |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | DYNAMIC_BASE, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x6625EF5E [Mon Apr 22 05:02:22 2024 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 6 |
OS Version Minor: | 0 |
File Version Major: | 6 |
File Version Minor: | 0 |
Subsystem Version Major: | 6 |
Subsystem Version Minor: | 0 |
Import Hash: | fce2185f86316405847dae4f4adccdc7 |
Signature Valid: | false |
Signature Issuer: | CN=AVG Technologies USA LLC \u2122\u2030\u2122\u2030\u2122\u2030 |
Signature Validation Error: | A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider |
Error Number: | -2146762487 |
Not Before, Not After |
|
Subject Chain |
|
Version: | 3 |
Thumbprint MD5: | 27F5DD79C86B9255242DDB29A51B691E |
Thumbprint SHA-1: | 44268FBAA5D87BA1717C7237701B06FA20E9AF66 |
Thumbprint SHA-256: | 1C39A7BBBC7445339DEFD55E21DFA65CDEB9037F0FD33140759077C31CB40BE0 |
Serial: | 59AE1233E1806897438DF0EEC7051E17 |
Instruction |
---|
push ebx |
mov ebx, 6EBC27B4h |
pushfd |
and ebx, 651E5094h |
mov ebx, dword ptr [esp+ebx-641C0090h] |
mov dword ptr [esp+04h], 1B929A7Eh |
push dword ptr [esp+00h] |
popfd |
lea esp, dword ptr [esp+04h] |
call 00007F24F49DC691h |
mov dword ptr [esp+08h], edx |
mov eax, 7510083Dh |
mov dword ptr [esp+eax-75100839h], ebp |
pop ebp |
pushfd |
movsx ebp, ax |
idiv al |
push ebx |
shl eax, FFFFFFE3h |
push ebp |
mov dword ptr [esp+ebp-00000825h], esi |
call 00007F24F49D0E04h |
mov dword ptr fs:[edx], eax |
jmp 00007F24F49DAD72h |
jp 00007F24F4ADFFE3h |
nop |
dec ebx |
xor al, EAh |
mov ecx, 6DC49C53h |
hlt |
sbb dword ptr [esi-31h], 65AABDC0h |
out dx, al |
aaa |
or byte ptr [ebp+63h], ch |
mov word ptr [ebx], ds |
mov esp, dword ptr [ecx-61E76508h] |
outsd |
pop eax |
or byte ptr [edi+41h], ch |
inc ebx |
cmp cl, dl |
push ebx |
push edi |
add ecx, dword ptr [esi-436E1D5Bh] |
mov dh, FAh |
push eax |
push eax |
or al, DBh |
pop ecx |
push EB96E493h |
push 9D0D581Bh |
mov eax, dword ptr [esp+04h] |
movzx ax, byte ptr [ebp+00h] |
mov cl, byte ptr [ebp+02h] |
add ebp, 00000002h |
ror dword ptr [esp+02h], 6Dh |
neg byte ptr [esp+06h] |
shl al, cl |
jmp 00007F24F49CA84Eh |
pop ebp |
lea edi, dword ptr [eax+eax] |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x47078c | 0x140 | .vmp |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x816000 | 0x1e0bb | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x3eb000 | 0x18f8 | .vmp |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x814000 | 0x1a1c | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x46a4bc | 0x18 | .vmp |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x812bf0 | 0x40 | .vmp |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x448000 | 0x8c | .vmp |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x808ccc | 0x40 | .vmp |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x158af8 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x15a000 | 0x27b5a | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x182000 | 0x4930 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.vmp | 0x187000 | 0x2c089c | 0x0 | d41d8cd98f00b204e9800998ecf8427e | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.vmp | 0x448000 | 0x72c | 0x800 | d62e229aa06b51daee1a6a37990968b1 | False | 0.0546875 | data | 0.3471760150721117 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.vmp | 0x449000 | 0x3ca4a0 | 0x3ca600 | 202c35d9854032aed55077a4c75d3d1c | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.reloc | 0x814000 | 0x1a1c | 0x1c00 | 9e82593e38e947b89b158a8aede1802b | False | 0.32407924107142855 | data | 5.641335708691851 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.rsrc | 0x816000 | 0x1e0bb | 0x1e200 | 99108fac43aa1f989c944990edca1a42 | False | 0.5130154304979253 | data | 5.960372030973446 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_ICON | 0x8162b0 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1024 | English | United States | 0.6196808510638298 |
RT_ICON | 0x816718 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4096 | English | United States | 0.44301125703564725 |
RT_ICON | 0x8177c0 | 0x10828 | Device independent bitmap graphic, 128 x 256 x 32, image size 65536 | English | United States | 0.2436265231278836 |
RT_ICON | 0x827fe8 | 0xa4b1 | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States | 0.9979602001850051 |
RT_ICON | 0x83249c | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 128 | English | United States | 0.46621621621621623 |
RT_ICON | 0x8325c4 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors | English | United States | 0.1351156069364162 |
RT_ICON | 0x832b2c | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | English | United States | 0.20833333333333334 |
RT_ICON | 0x832f94 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors | English | United States | 0.14169675090252706 |
RT_GROUP_ICON | 0x83383c | 0x3e | data | English | United States | 0.8064516129032258 |
RT_GROUP_ICON | 0x83387c | 0x3e | data | English | United States | 0.8387096774193549 |
RT_VERSION | 0x8338bc | 0xdc | data | English | United States | 0.6545454545454545 |
RT_MANIFEST | 0x833998 | 0x723 | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States | 0.3973727422003284 |
DLL | Import |
---|---|
KERNEL32.dll | GetVersionExA |
USER32.dll | wsprintfA |
GDI32.dll | CreateCompatibleBitmap |
ADVAPI32.dll | RegQueryValueExA |
SHELL32.dll | ShellExecuteA |
ole32.dll | CoInitialize |
WS2_32.dll | WSAStartup |
CRYPT32.dll | CryptUnprotectData |
SHLWAPI.dll | PathFindExtensionA |
gdiplus.dll | GdipGetImageEncoders |
SETUPAPI.dll | SetupDiEnumDeviceInfo |
ntdll.dll | RtlUnicodeStringToAnsiString |
RstrtMgr.DLL | RmStartSession |
KERNEL32.dll | GetSystemTimeAsFileTime |
KERNEL32.dll | HeapAlloc, HeapFree, ExitProcess, GetModuleHandleA, LoadLibraryA, GetProcAddress |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
04/26/24-11:06:02.426603 | TCP | 2046266 | ET TROJAN [ANY.RUN] RisePro TCP (Token) | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
04/26/24-11:06:02.187295 | TCP | 2049060 | ET TROJAN RisePro TCP Heartbeat Packet | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 26, 2024 11:06:01.917092085 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:02.171797991 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:02.172065973 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:02.187294960 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:02.426603079 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:02.479125023 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:02.482173920 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:02.733758926 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:02.775979996 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:02.854365110 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:02.932451963 CEST | 49733 | 443 | 192.168.2.4 | 34.117.186.192 |
Apr 26, 2024 11:06:02.932491064 CEST | 443 | 49733 | 34.117.186.192 | 192.168.2.4 |
Apr 26, 2024 11:06:02.932568073 CEST | 49733 | 443 | 192.168.2.4 | 34.117.186.192 |
Apr 26, 2024 11:06:02.935981989 CEST | 49733 | 443 | 192.168.2.4 | 34.117.186.192 |
Apr 26, 2024 11:06:02.935997009 CEST | 443 | 49733 | 34.117.186.192 | 192.168.2.4 |
Apr 26, 2024 11:06:03.149221897 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:03.272475004 CEST | 443 | 49733 | 34.117.186.192 | 192.168.2.4 |
Apr 26, 2024 11:06:03.272568941 CEST | 49733 | 443 | 192.168.2.4 | 34.117.186.192 |
Apr 26, 2024 11:06:03.278506994 CEST | 49733 | 443 | 192.168.2.4 | 34.117.186.192 |
Apr 26, 2024 11:06:03.278517962 CEST | 443 | 49733 | 34.117.186.192 | 192.168.2.4 |
Apr 26, 2024 11:06:03.278917074 CEST | 443 | 49733 | 34.117.186.192 | 192.168.2.4 |
Apr 26, 2024 11:06:03.322901011 CEST | 49733 | 443 | 192.168.2.4 | 34.117.186.192 |
Apr 26, 2024 11:06:03.346611023 CEST | 49733 | 443 | 192.168.2.4 | 34.117.186.192 |
Apr 26, 2024 11:06:03.392124891 CEST | 443 | 49733 | 34.117.186.192 | 192.168.2.4 |
Apr 26, 2024 11:06:03.600184917 CEST | 443 | 49733 | 34.117.186.192 | 192.168.2.4 |
Apr 26, 2024 11:06:03.600356102 CEST | 443 | 49733 | 34.117.186.192 | 192.168.2.4 |
Apr 26, 2024 11:06:03.600419998 CEST | 49733 | 443 | 192.168.2.4 | 34.117.186.192 |
Apr 26, 2024 11:06:03.603116035 CEST | 49733 | 443 | 192.168.2.4 | 34.117.186.192 |
Apr 26, 2024 11:06:03.603136063 CEST | 443 | 49733 | 34.117.186.192 | 192.168.2.4 |
Apr 26, 2024 11:06:03.603147030 CEST | 49733 | 443 | 192.168.2.4 | 34.117.186.192 |
Apr 26, 2024 11:06:03.603152037 CEST | 443 | 49733 | 34.117.186.192 | 192.168.2.4 |
Apr 26, 2024 11:06:03.734170914 CEST | 49734 | 443 | 192.168.2.4 | 104.26.4.15 |
Apr 26, 2024 11:06:03.734225035 CEST | 443 | 49734 | 104.26.4.15 | 192.168.2.4 |
Apr 26, 2024 11:06:03.734316111 CEST | 49734 | 443 | 192.168.2.4 | 104.26.4.15 |
Apr 26, 2024 11:06:03.734755993 CEST | 49734 | 443 | 192.168.2.4 | 104.26.4.15 |
Apr 26, 2024 11:06:03.734769106 CEST | 443 | 49734 | 104.26.4.15 | 192.168.2.4 |
Apr 26, 2024 11:06:04.002857924 CEST | 443 | 49734 | 104.26.4.15 | 192.168.2.4 |
Apr 26, 2024 11:06:04.003000021 CEST | 49734 | 443 | 192.168.2.4 | 104.26.4.15 |
Apr 26, 2024 11:06:04.006805897 CEST | 49734 | 443 | 192.168.2.4 | 104.26.4.15 |
Apr 26, 2024 11:06:04.006818056 CEST | 443 | 49734 | 104.26.4.15 | 192.168.2.4 |
Apr 26, 2024 11:06:04.007148981 CEST | 443 | 49734 | 104.26.4.15 | 192.168.2.4 |
Apr 26, 2024 11:06:04.008960009 CEST | 49734 | 443 | 192.168.2.4 | 104.26.4.15 |
Apr 26, 2024 11:06:04.052134991 CEST | 443 | 49734 | 104.26.4.15 | 192.168.2.4 |
Apr 26, 2024 11:06:04.424690962 CEST | 443 | 49734 | 104.26.4.15 | 192.168.2.4 |
Apr 26, 2024 11:06:04.424920082 CEST | 443 | 49734 | 104.26.4.15 | 192.168.2.4 |
Apr 26, 2024 11:06:04.425096989 CEST | 49734 | 443 | 192.168.2.4 | 104.26.4.15 |
Apr 26, 2024 11:06:04.425189972 CEST | 49734 | 443 | 192.168.2.4 | 104.26.4.15 |
Apr 26, 2024 11:06:04.425205946 CEST | 443 | 49734 | 104.26.4.15 | 192.168.2.4 |
Apr 26, 2024 11:06:04.425218105 CEST | 49734 | 443 | 192.168.2.4 | 104.26.4.15 |
Apr 26, 2024 11:06:04.425224066 CEST | 443 | 49734 | 104.26.4.15 | 192.168.2.4 |
Apr 26, 2024 11:06:04.425864935 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:04.700517893 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:04.744740009 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:04.760631084 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:05.023027897 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:05.073040009 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:05.088799000 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:05.349571943 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:05.401005983 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:05.417047024 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:05.676086903 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:05.729269028 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:05.745122910 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:06.006787062 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:06.057246923 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:07.954155922 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:07.959615946 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:08.217885017 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:08.217902899 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:08.217947960 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:08.217967987 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:08.217987061 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:08.218007088 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:08.218017101 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:08.218064070 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:08.472420931 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:08.472505093 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:08.472609997 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:08.472625971 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:08.472678900 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:08.472708941 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:08.472774029 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:08.472807884 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:08.472933054 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:08.473064899 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:08.473159075 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:08.473171949 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:08.473176003 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:08.473258018 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:08.473378897 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:08.473447084 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:08.473457098 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:08.473551989 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:08.728724957 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:08.728743076 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:08.728748083 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:08.728751898 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:08.728761911 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:08.728773117 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:08.728786945 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:08.728797913 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:08.728806973 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:08.728816986 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:08.728837967 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:08.728913069 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:08.729249954 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:08.729262114 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:08.729310989 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:08.729424000 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:08.729530096 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:08.729590893 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:08.729645014 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:08.729773998 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:08.729840040 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:08.729939938 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:08.730031013 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:08.731225014 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:08.731339931 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:08.983491898 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:08.983560085 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:08.983627081 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:08.983676910 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:08.984221935 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:08.984307051 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:08.984776020 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:08.984839916 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:08.985187054 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:08.985209942 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:08.985222101 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:08.985259056 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:08.985291004 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:08.985340118 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:08.985852003 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:08.985941887 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:08.986001015 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:08.986048937 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:08.986057997 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:08.986116886 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:08.986124992 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:08.986217976 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:08.986455917 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:08.986466885 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:08.986529112 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:08.986566067 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:08.986625910 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:08.986690044 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:08.986761093 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:08.986772060 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:08.986793041 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:08.986849070 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:08.987144947 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:08.987155914 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:08.987190008 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:08.987225056 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:08.987294912 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:08.987304926 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:08.987381935 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:08.987632990 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:08.987673998 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:08.987690926 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:08.987740040 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:08.987813950 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:08.987874985 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:08.987884045 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:08.987912893 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:08.987937927 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:08.987946987 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:08.987962961 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:08.987989902 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:09.238156080 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.238411903 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.238495111 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:09.239126921 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.239198923 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.239290953 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:09.240304947 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.240406990 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.240479946 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:09.241806030 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.241902113 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.241987944 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:09.242019892 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.242130995 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.242207050 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:09.243324995 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.243545055 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:09.244205952 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.244265079 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.244323015 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:09.244556904 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.244651079 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:09.244841099 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.244874001 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.244946957 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:09.244947910 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.245049953 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:09.245312929 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.245351076 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.245393038 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:09.245546103 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.245629072 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:09.246082067 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.246150017 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:09.246313095 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.246387959 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.246392012 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:09.246398926 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.246423960 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.246501923 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:09.246529102 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.246588945 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:09.246663094 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.246740103 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:09.246834993 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.246951103 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.246961117 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.247015953 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:09.247519016 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.247642040 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.247652054 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.493133068 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.493148088 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.493238926 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.493282080 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.493355036 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.493447065 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:09.493453026 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.493469000 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.493525982 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:09.493690014 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.493700981 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.493756056 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:09.493917942 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.494003057 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.494035006 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:09.494060993 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.494071960 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.494103909 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:09.494103909 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:09.494132996 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:09.494149923 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.494246006 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:09.494313955 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.494345903 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.494395971 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.494446993 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.494446993 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:09.494446993 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:09.494482040 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:09.494482040 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:09.494494915 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.494510889 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.494535923 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:09.494537115 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:09.494539976 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.494601011 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:09.494601965 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:09.494788885 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.494800091 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.494879961 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:09.494879961 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:09.495109081 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.495157003 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.495193005 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:09.495234966 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:09.495589018 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.495640993 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.495657921 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:09.495699883 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.495738983 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:09.495738983 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:09.495747089 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.495788097 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.495821953 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.495826960 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:09.495840073 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.496356010 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.496457100 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.496575117 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.496854067 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.496903896 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.497456074 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.497472048 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.497543097 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.497556925 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.497602940 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.497649908 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.497764111 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.498125076 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.498183012 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.498315096 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.498364925 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.498413086 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.498579025 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.498913050 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.499011993 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.499027967 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.499074936 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.499125957 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.499183893 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.499331951 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.499833107 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.499923944 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.500068903 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.500116110 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.500130892 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.500185966 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.500381947 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.500467062 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.500570059 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.500677109 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.500724077 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.500740051 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.501058102 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.501310110 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.501359940 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.501394033 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.501773119 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.501858950 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.501869917 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.501961946 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.501971960 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.502024889 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.502038002 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.502054930 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.502064943 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.502741098 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.502774954 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.503349066 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.504132032 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.504163027 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.504339933 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.504415035 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.504425049 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.504606009 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.504631996 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.504712105 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.505126953 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.505141973 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.505182028 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.505201101 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.505409956 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.505424976 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.505776882 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.505820990 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.505839109 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.505916119 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.506313086 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.506356001 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.506479025 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.747798920 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.747836113 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.747899055 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.747915030 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.748191118 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.748404980 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.748473883 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.748541117 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.748895884 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.749062061 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.749073029 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.749232054 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.749242067 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.749249935 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.749260902 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.749270916 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.749629974 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.749869108 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.749978065 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.750199080 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.750241995 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.750286102 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.750324965 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.750400066 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.750521898 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.750581026 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.750641108 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.750655890 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.750689983 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.751125097 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.751182079 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.751235008 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:09.751280069 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:10.057261944 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:10.352150917 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:10.353445053 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:10.608920097 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:10.609524012 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:10.883264065 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:10.932687998 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:11.260497093 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Apr 26, 2024 11:06:11.519057989 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:11.519227982 CEST | 50500 | 49732 | 45.15.156.9 | 192.168.2.4 |
Apr 26, 2024 11:06:11.519316912 CEST | 49732 | 50500 | 192.168.2.4 | 45.15.156.9 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 26, 2024 11:06:02.799535036 CEST | 52414 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 26, 2024 11:06:02.924838066 CEST | 53 | 52414 | 1.1.1.1 | 192.168.2.4 |
Apr 26, 2024 11:06:03.606478930 CEST | 63075 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 26, 2024 11:06:03.732992887 CEST | 53 | 63075 | 1.1.1.1 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Apr 26, 2024 11:06:02.799535036 CEST | 192.168.2.4 | 1.1.1.1 | 0x5054 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 26, 2024 11:06:03.606478930 CEST | 192.168.2.4 | 1.1.1.1 | 0xfdf3 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Apr 26, 2024 11:06:02.924838066 CEST | 1.1.1.1 | 192.168.2.4 | 0x5054 | No error (0) | 34.117.186.192 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 11:06:03.732992887 CEST | 1.1.1.1 | 192.168.2.4 | 0xfdf3 | No error (0) | 104.26.4.15 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 11:06:03.732992887 CEST | 1.1.1.1 | 192.168.2.4 | 0xfdf3 | No error (0) | 104.26.5.15 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 11:06:03.732992887 CEST | 1.1.1.1 | 192.168.2.4 | 0xfdf3 | No error (0) | 172.67.75.166 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49733 | 34.117.186.192 | 443 | 7484 | C:\Users\user\Desktop\file.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-26 09:06:03 UTC | 240 | OUT | |
2024-04-26 09:06:03 UTC | 514 | IN | |
2024-04-26 09:06:03 UTC | 741 | IN | |
2024-04-26 09:06:03 UTC | 279 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.4 | 49734 | 104.26.4.15 | 443 | 7484 | C:\Users\user\Desktop\file.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-26 09:06:04 UTC | 264 | OUT | |
2024-04-26 09:06:04 UTC | 654 | IN | |
2024-04-26 09:06:04 UTC | 715 | IN | |
2024-04-26 09:06:04 UTC | 6 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 11:05:59 |
Start date: | 26/04/2024 |
Path: | C:\Users\user\Desktop\file.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xd40000 |
File size: | 4'114'680 bytes |
MD5 hash: | 661C97C107EFC1D69510C2C4EA7AAD09 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 3 |
Start time: | 11:06:10 |
Start date: | 26/04/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xad0000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Execution Graph
Execution Coverage: | 11.8% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 23.1% |
Total number of Nodes: | 1564 |
Total number of Limit Nodes: | 47 |
Graph
Function 00DBF730 Relevance: 110.7, APIs: 6, Strings: 56, Instructions: 2202COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D4B8E0 Relevance: 86.4, APIs: 27, Strings: 19, Instructions: 5868COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E04EB0 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 240networksleepCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00DA3650 Relevance: 110.9, APIs: 3, Strings: 59, Instructions: 2365COMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E05940 Relevance: 1.6, APIs: 1, Instructions: 98COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0107B7A4 Relevance: 1.6, APIs: 1, Instructions: 59COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01085DC3 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F0B30B Relevance: 1.3, APIs: 1, Instructions: 41memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D7C950 Relevance: 6.5, APIs: 4, Instructions: 455COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D7360D Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 28timeCOMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010C65C2 Relevance: 1.5, Strings: 1, Instructions: 219COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E2BFC0 Relevance: .8, Instructions: 763COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D6F570 Relevance: .4, Instructions: 394COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D98BA0 Relevance: .2, Instructions: 221COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D7A918 Relevance: .2, Instructions: 156COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00ED72CE Relevance: .1, Instructions: 122COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010D757B Relevance: .1, Instructions: 62COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0118654D Relevance: .0, Instructions: 13COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D5D260 Relevance: 9.1, APIs: 6, Instructions: 124COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EDED60 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 59COMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D5C430 Relevance: 7.6, APIs: 5, Instructions: 119COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D83623 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |