Edit tour
Windows
Analysis Report
workalone.exe
Overview
General Information
Detection
RedLine
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Yara detected RedLine Stealer
Malicious sample detected (through community Yara rule)
Sigma detected: Schedule system process
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Tries to steal Crypto Currency Wallets
Connects to many ports of the same IP (likely port scanning)
Uses known network protocols on non-standard ports
Machine Learning detection for sample
Injects a PE file into a foreign processes
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Machine Learning detection for dropped file
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Uses schtasks.exe or at.exe to add and modify task schedules
Uses dynamic DNS services
Drops PE files with benign system names
Tries to harvest and steal browser information (history, passwords, etc)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
May sleep (evasive loops) to hinder dynamic analysis
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Contains functionality to launch a process as a different user
Sample execution stops while process was sleeping (likely an evasion)
Yara detected Credential Stealer
HTTP GET or POST without a user agent
Contains long sleeps (>= 3 min)
Enables debug privileges
Is looking for software installed on the system
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
AV process strings found (often used to terminate AV products)
Sample file is different than original file name gathered from version info
Drops PE files
Detected TCP or UDP traffic on non-standard ports
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Classification
- System is w10x64
- workalone.exe (PID: 5836 cmdline:
C:\Users\u ser\Deskto p\workalon e.exe MD5: 68F42F485ECE93306BEF1E4084D3052E) - workalone.exe (PID: 5956 cmdline:
C:\Users\u ser\Deskto p\workalon e.exe MD5: 68F42F485ECE93306BEF1E4084D3052E) - conhost.exe (PID: 5964 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - cmd.exe (PID: 5972 cmdline:
cmd" /c mk dir "C:\Us ers\user\A ppData\Roa ming\svcho st MD5: F3BDBE3BB6F734E357235F4D5898582D) - conhost.exe (PID: 6020 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - cmd.exe (PID: 6040 cmdline:
"cmd" /c s chtasks /c reate /sc minute /mo 1 /tn "Na fifas" /tr "'C:\User s\user\App Data\Roami ng\svchost \svchost.e xe'" /f MD5: F3BDBE3BB6F734E357235F4D5898582D) - conhost.exe (PID: 6072 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - schtasks.exe (PID: 6108 cmdline:
schtasks / create /sc minute /m o 1 /tn "N afifas" /t r "'C:\Use rs\user\Ap pData\Roam ing\svchos t\svchost. exe'" /f MD5: 15FF7D8324231381BAD48A052F85DF04) - cmd.exe (PID: 6080 cmdline:
cmd" /c co py "C:\Use rs\user\De sktop\work alone.exe" "C:\Users \user\AppD ata\Roamin g\svchost\ svchost.ex e MD5: F3BDBE3BB6F734E357235F4D5898582D) - conhost.exe (PID: 6124 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
- cleanup
{"C2 url": ["saleshor12.duckdns.org:46539"], "Bot Id": "cheat"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
JoeSecurity_RedLine_1 | Yara detected RedLine Stealer | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
Windows_Trojan_RedLineStealer_f54632eb | unknown | unknown |
| |
JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
Click to see the 8 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
MALWARE_Win_RedLine | Detects RedLine infostealer | ditekSHen |
| |
Windows_Trojan_RedLineStealer_f54632eb | unknown | unknown |
| |
JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
Click to see the 15 entries |
Persistence and Installation Behavior |
---|
Source: | Author: Joe Security: |
⊘No Snort rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | Avira: |
Source: | Avira: |
Source: | Joe Sandbox ML: |
Source: | Joe Sandbox ML: |
Source: | Malware Configuration Extractor: |
Source: | Static PE information: |
Source: | Static PE information: |
Networking |
---|
Source: | TCP traffic: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | URLs: |
Source: | DNS query: |
Source: | ASN Name: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | TCP traffic: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Code function: | 1_2_054DDE10 | |
Source: | Code function: | 1_2_054DD2F0 | |
Source: | Code function: | 1_2_065E8440 | |
Source: | Code function: | 1_2_065E8878 | |
Source: | Code function: | 1_2_065E15A8 |
Source: | Code function: | 0_2_00F88220 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | Binary or memory string: |
Source: | Static file information: | |||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Code function: | 0_2_00F81C7A |
Source: | Static PE information: | ||
Source: | Static PE information: |
Persistence and Installation Behavior |
---|
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to dropped file |
Boot Survival |
---|
Source: | Process created: |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | WMI Queries: |
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Source: | WMI Queries: |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Last function: |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Registry key enumerated: |
Source: | Window / User API: | Jump to behavior |
Source: | WMI Queries: |
Source: | Process information queried: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process token adjusted: | Jump to behavior |
Source: | Code function: | 1_2_065EC798 |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | Binary or memory string: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1 Valid Accounts | 221 Windows Management Instrumentation | 1 Valid Accounts | 1 Valid Accounts | 11 Masquerading | 1 OS Credential Dumping | 231 Security Software Discovery | Remote Services | 11 Archive Collected Data | Exfiltration Over Other Network Medium | 1 Encrypted Channel | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | 1 Scheduled Task/Job | 1 Scheduled Task/Job | 1 Access Token Manipulation | 1 Valid Accounts | LSASS Memory | 11 Process Discovery | Remote Desktop Protocol | 3 Data from Local System | Exfiltration Over Bluetooth | 11 Non-Standard Port | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | 111 Process Injection | 1 Access Token Manipulation | Security Account Manager | 231 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | 2 Non-Application Layer Protocol | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | 1 Scheduled Task/Job | 1 Disable or Modify Tools | NTDS | 1 Application Window Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | 22 Application Layer Protocol | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | 231 Virtualization/Sandbox Evasion | LSA Secrets | 1 Remote System Discovery | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | 111 Process Injection | Cached Domain Credentials | 123 System Information Discovery | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | 1 Deobfuscate/Decode Files or Information | DCSync | Network Sniffing | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | 2 Obfuscated Files or Information | Proc Filesystem | Network Service Scanning | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue | |
Exploit Public-Facing Application | PowerShell | At (Linux) | At (Linux) | 2 Software Packing | /etc/passwd and /etc/shadow | System Network Connections Discovery | Software Deployment Tools | Data Staged | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Web Protocols | Rogue Cellular Base Station | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira | HEUR/AGEN.1235903 | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira | HEUR/AGEN.1235903 | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | HEUR/AGEN.1235903 | Download File | ||
100% | Avira | HEUR/AGEN.1234943 | Download File |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
2% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
saleshor12.duckdns.org | 85.208.136.178 | true | true | unknown | |
api.ip.sb | unknown | unknown | true |
| unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown | |
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
true |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
85.208.136.178 | saleshor12.duckdns.org | Germany | 33657 | CMCSUS | true |
Joe Sandbox Version: | 36.0.0 Rainbow Opal |
Analysis ID: | 756291 |
Start date and time: | 2022-11-30 00:06:06 +01:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 7m 33s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | workalone.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 20 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.troj.spyw.evad.winEXE@15/29@5/1 |
EGA Information: |
|
HDC Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, SgrmBroker.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 104.26.12.31, 104.26.13.31, 172.67.75.172
- Excluded domains from analysis (whitelisted): api.ip.sb.cdn.cloudflare.net, fs.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size getting too big, too many NtAllocateVirtualMemory calls found.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
Time | Type | Description |
---|---|---|
00:07:08 | Task Scheduler | |
00:07:54 | API Interceptor |
⊘No context
⊘No context
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
CMCSUS | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
⊘No context
⊘No context
Process: | C:\Users\user\Desktop\workalone.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 612 |
Entropy (8bit): | 5.33730556823153 |
Encrypted: | false |
SSDEEP: | 12:Q3La/hhkvoDLI4MWuCqDLI4MWuPk21xzAbDLI4M9XKbbDLI4MWuPJKiUrRZ9I0Z7:MLUE4K5E4Ks2vsXE4qXKDE4KhK3VZ9p7 |
MD5: | F06804B809C3212C7F29ABA89E9FAF16 |
SHA1: | B49ED216A41EA579FF109A4BA44A8E62C2B1A3BB |
SHA-256: | E63AFB84BF09F02C3C19978966E610BEE5C14099B1A65C8B34E426ABC127ECB7 |
SHA-512: | 53ED48D5233FD6318320264400ACBD451A7C6B10BB2A11C2B95F51C3838708835D1016B417748E7C50023BAF179AC94CCAAE230C71AC073D0233765409341D49 |
Malicious: | true |
Preview: |
Process: | C:\Users\user\Desktop\workalone.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 94208 |
Entropy (8bit): | 1.2882898331044472 |
Encrypted: | false |
SSDEEP: | 192:go1/8dpUXbSzTPJPn6UVuUhoEwn7PrH944:gS/inPvVuUhoEwn7b944 |
MD5: | 4822E6A71C88A4AB8A27F90192B5A3B3 |
SHA1: | CC07E541426BFF64981CE6DE7D879306C716B6B9 |
SHA-256: | A6E2CCBD736E5892E658020543F4DF20BB422253CAC06B37398AA4935987446E |
SHA-512: | C4FCA0DBC8A6B00383B593046E30C5754D570AA2009D4E26460833FB1394D348776400174C898701F621C305F53DC03C1B42CF76AA5DC33D5CCD8FA44935B03C |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\workalone.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 94208 |
Entropy (8bit): | 1.2882898331044472 |
Encrypted: | false |
SSDEEP: | 192:go1/8dpUXbSzTPJPn6UVuUhoEwn7PrH944:gS/inPvVuUhoEwn7b944 |
MD5: | 4822E6A71C88A4AB8A27F90192B5A3B3 |
SHA1: | CC07E541426BFF64981CE6DE7D879306C716B6B9 |
SHA-256: | A6E2CCBD736E5892E658020543F4DF20BB422253CAC06B37398AA4935987446E |
SHA-512: | C4FCA0DBC8A6B00383B593046E30C5754D570AA2009D4E26460833FB1394D348776400174C898701F621C305F53DC03C1B42CF76AA5DC33D5CCD8FA44935B03C |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\workalone.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 49152 |
Entropy (8bit): | 0.7876734657715041 |
Encrypted: | false |
SSDEEP: | 48:43KzOIIY3HzrkNSs8LKvUf9KnmlG0UX9q4lCm+KLka+yJqhM0ObVEq8Ma0D0HOlx:Sq0NFeymDlGD9qlm+KL2y0Obn8MouO |
MD5: | CF7758A2FF4A94A5D589DEBAED38F82E |
SHA1: | D3380E70D0CAEB9AD78D14DD970EA480E08232B8 |
SHA-256: | 6CA783B84D01BFCF9AA7185D7857401D336BAD407A182345B97096E1F2502B7F |
SHA-512: | 1D0C49B02A159EEB4AA971980CCA02751973E249422A71A0587EE63986A4A0EB8929458BCC575A9898CE3497CC5BDFB7050DF33DF53F5C88D110F386A0804CBF |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\workalone.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 94208 |
Entropy (8bit): | 1.2882898331044472 |
Encrypted: | false |
SSDEEP: | 192:go1/8dpUXbSzTPJPn6UVuUhoEwn7PrH944:gS/inPvVuUhoEwn7b944 |
MD5: | 4822E6A71C88A4AB8A27F90192B5A3B3 |
SHA1: | CC07E541426BFF64981CE6DE7D879306C716B6B9 |
SHA-256: | A6E2CCBD736E5892E658020543F4DF20BB422253CAC06B37398AA4935987446E |
SHA-512: | C4FCA0DBC8A6B00383B593046E30C5754D570AA2009D4E26460833FB1394D348776400174C898701F621C305F53DC03C1B42CF76AA5DC33D5CCD8FA44935B03C |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\workalone.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 94208 |
Entropy (8bit): | 1.2882898331044472 |
Encrypted: | false |
SSDEEP: | 192:go1/8dpUXbSzTPJPn6UVuUhoEwn7PrH944:gS/inPvVuUhoEwn7b944 |
MD5: | 4822E6A71C88A4AB8A27F90192B5A3B3 |
SHA1: | CC07E541426BFF64981CE6DE7D879306C716B6B9 |
SHA-256: | A6E2CCBD736E5892E658020543F4DF20BB422253CAC06B37398AA4935987446E |
SHA-512: | C4FCA0DBC8A6B00383B593046E30C5754D570AA2009D4E26460833FB1394D348776400174C898701F621C305F53DC03C1B42CF76AA5DC33D5CCD8FA44935B03C |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\workalone.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 94208 |
Entropy (8bit): | 1.2882898331044472 |
Encrypted: | false |
SSDEEP: | 192:go1/8dpUXbSzTPJPn6UVuUhoEwn7PrH944:gS/inPvVuUhoEwn7b944 |
MD5: | 4822E6A71C88A4AB8A27F90192B5A3B3 |
SHA1: | CC07E541426BFF64981CE6DE7D879306C716B6B9 |
SHA-256: | A6E2CCBD736E5892E658020543F4DF20BB422253CAC06B37398AA4935987446E |
SHA-512: | C4FCA0DBC8A6B00383B593046E30C5754D570AA2009D4E26460833FB1394D348776400174C898701F621C305F53DC03C1B42CF76AA5DC33D5CCD8FA44935B03C |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\workalone.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 94208 |
Entropy (8bit): | 1.2882898331044472 |
Encrypted: | false |
SSDEEP: | 192:go1/8dpUXbSzTPJPn6UVuUhoEwn7PrH944:gS/inPvVuUhoEwn7b944 |
MD5: | 4822E6A71C88A4AB8A27F90192B5A3B3 |
SHA1: | CC07E541426BFF64981CE6DE7D879306C716B6B9 |
SHA-256: | A6E2CCBD736E5892E658020543F4DF20BB422253CAC06B37398AA4935987446E |
SHA-512: | C4FCA0DBC8A6B00383B593046E30C5754D570AA2009D4E26460833FB1394D348776400174C898701F621C305F53DC03C1B42CF76AA5DC33D5CCD8FA44935B03C |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\workalone.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 94208 |
Entropy (8bit): | 1.2882898331044472 |
Encrypted: | false |
SSDEEP: | 192:go1/8dpUXbSzTPJPn6UVuUhoEwn7PrH944:gS/inPvVuUhoEwn7b944 |
MD5: | 4822E6A71C88A4AB8A27F90192B5A3B3 |
SHA1: | CC07E541426BFF64981CE6DE7D879306C716B6B9 |
SHA-256: | A6E2CCBD736E5892E658020543F4DF20BB422253CAC06B37398AA4935987446E |
SHA-512: | C4FCA0DBC8A6B00383B593046E30C5754D570AA2009D4E26460833FB1394D348776400174C898701F621C305F53DC03C1B42CF76AA5DC33D5CCD8FA44935B03C |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\workalone.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 94208 |
Entropy (8bit): | 1.2882898331044472 |
Encrypted: | false |
SSDEEP: | 192:go1/8dpUXbSzTPJPn6UVuUhoEwn7PrH944:gS/inPvVuUhoEwn7b944 |
MD5: | 4822E6A71C88A4AB8A27F90192B5A3B3 |
SHA1: | CC07E541426BFF64981CE6DE7D879306C716B6B9 |
SHA-256: | A6E2CCBD736E5892E658020543F4DF20BB422253CAC06B37398AA4935987446E |
SHA-512: | C4FCA0DBC8A6B00383B593046E30C5754D570AA2009D4E26460833FB1394D348776400174C898701F621C305F53DC03C1B42CF76AA5DC33D5CCD8FA44935B03C |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\workalone.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 94208 |
Entropy (8bit): | 1.2882898331044472 |
Encrypted: | false |
SSDEEP: | 192:go1/8dpUXbSzTPJPn6UVuUhoEwn7PrH944:gS/inPvVuUhoEwn7b944 |
MD5: | 4822E6A71C88A4AB8A27F90192B5A3B3 |
SHA1: | CC07E541426BFF64981CE6DE7D879306C716B6B9 |
SHA-256: | A6E2CCBD736E5892E658020543F4DF20BB422253CAC06B37398AA4935987446E |
SHA-512: | C4FCA0DBC8A6B00383B593046E30C5754D570AA2009D4E26460833FB1394D348776400174C898701F621C305F53DC03C1B42CF76AA5DC33D5CCD8FA44935B03C |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\workalone.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 49152 |
Entropy (8bit): | 0.7876734657715041 |
Encrypted: | false |
SSDEEP: | 48:43KzOIIY3HzrkNSs8LKvUf9KnmlG0UX9q4lCm+KLka+yJqhM0ObVEq8Ma0D0HOlx:Sq0NFeymDlGD9qlm+KL2y0Obn8MouO |
MD5: | CF7758A2FF4A94A5D589DEBAED38F82E |
SHA1: | D3380E70D0CAEB9AD78D14DD970EA480E08232B8 |
SHA-256: | 6CA783B84D01BFCF9AA7185D7857401D336BAD407A182345B97096E1F2502B7F |
SHA-512: | 1D0C49B02A159EEB4AA971980CCA02751973E249422A71A0587EE63986A4A0EB8929458BCC575A9898CE3497CC5BDFB7050DF33DF53F5C88D110F386A0804CBF |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\workalone.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 49152 |
Entropy (8bit): | 0.7876734657715041 |
Encrypted: | false |
SSDEEP: | 48:43KzOIIY3HzrkNSs8LKvUf9KnmlG0UX9q4lCm+KLka+yJqhM0ObVEq8Ma0D0HOlx:Sq0NFeymDlGD9qlm+KL2y0Obn8MouO |
MD5: | CF7758A2FF4A94A5D589DEBAED38F82E |
SHA1: | D3380E70D0CAEB9AD78D14DD970EA480E08232B8 |
SHA-256: | 6CA783B84D01BFCF9AA7185D7857401D336BAD407A182345B97096E1F2502B7F |
SHA-512: | 1D0C49B02A159EEB4AA971980CCA02751973E249422A71A0587EE63986A4A0EB8929458BCC575A9898CE3497CC5BDFB7050DF33DF53F5C88D110F386A0804CBF |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\workalone.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1026 |
Entropy (8bit): | 4.691266297898928 |
Encrypted: | false |
SSDEEP: | 24:VFl0HyrVqOHKWeRhsGhMtSCTPacJ7pZeZLF8M7y+b:VFl0HyrVqOqNRhHkTaW73Q58yy+b |
MD5: | 7D4E714F4EDA4631DCA8D420338392F1 |
SHA1: | 536B4BCBAB5C780738EE2D562D16AB532C9D8E68 |
SHA-256: | 841F74A72A1D21F63E4039906E93A4FD9E70EC517385DDEE855033A9A17FE94A |
SHA-512: | FEB2EEC88720FF040794CD273A7B4A07DD5AC1E6CD9A9235A098F1FB3A1C50385B37E376764C927978961A0EE4AC1C591F197494D82D71B35EAA3780956CB1A3 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\workalone.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1026 |
Entropy (8bit): | 4.698711683401115 |
Encrypted: | false |
SSDEEP: | 24:qKHpKPokvebe5xXL3g76mBU/gS2JBbl20IS7pnXk:Rpcjnxbw7TYgS2nbzIS7pnXk |
MD5: | 47643CE7571E0C995094D7CE5F2005D7 |
SHA1: | 40D42828B2F68C625EBD884FB8AF5B20F5A1DF9C |
SHA-256: | 1D642D4EC7BC821B0FFA28C3F2702C875C922139D8001EADD664EBCCF8D321B3 |
SHA-512: | 3AAD0470C01D2609662C0B8D146BA79132B404C669C22032D085233E2D30725797AC2E15A11F54DFE00E4B6CA6E914E3439D4775B3AF6D782334FE9424F485A5 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\workalone.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1026 |
Entropy (8bit): | 4.69486718145169 |
Encrypted: | false |
SSDEEP: | 24:XvKYeI9D5UOyoiaxIKgpZ9ONvMyTONN5ZjJH1U:yyD6yxILZ9OtTT+XRG |
MD5: | E63B196AE0D5F7670244FB1347D75EFC |
SHA1: | 1C17108AC7E5263674836BAD67AE44D8C3C6890B |
SHA-256: | D8C0D7B9CDFC72CAAB0A7687299B6734708E98C6DD088CDB0FF1A659E294B49D |
SHA-512: | 63345352964E1BD19AC843F82820E9B29C5BA991A002AB9B3164E1AA10B6D88BFA0DFAFA2E91E584835BA89B6A1770140AC14EA0B4B64E6C3BF8CDA34C9698AC |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\workalone.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1026 |
Entropy (8bit): | 4.694142261581685 |
Encrypted: | false |
SSDEEP: | 24:f9GDi2EYjkpBrLp83PYbuFr5oKIQppDgX+qrctnWyd3z+g8BHGZ:yEYjkpZYwS/oKIuA+qriTjEBHe |
MD5: | E9AA17F314E072EBB015265FB63E77C0 |
SHA1: | 1233B76350B8181FFFC438B62002C02B4AE79000 |
SHA-256: | F66078FCFEC2D71549136CC8B5B4EE7D33C4994E0A4E3E7C11F5ADCD819D0436 |
SHA-512: | 719E659924CE585E4DD8CEA9BC6B5371AD810999022F874F380F50C7153D3AE97CC934E3173EF06573CAEE6CBC835A668C4D7DC2ADE597B1B0D200FCBAC67DA1 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\workalone.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1026 |
Entropy (8bit): | 4.691266297898928 |
Encrypted: | false |
SSDEEP: | 24:VFl0HyrVqOHKWeRhsGhMtSCTPacJ7pZeZLF8M7y+b:VFl0HyrVqOqNRhHkTaW73Q58yy+b |
MD5: | 7D4E714F4EDA4631DCA8D420338392F1 |
SHA1: | 536B4BCBAB5C780738EE2D562D16AB532C9D8E68 |
SHA-256: | 841F74A72A1D21F63E4039906E93A4FD9E70EC517385DDEE855033A9A17FE94A |
SHA-512: | FEB2EEC88720FF040794CD273A7B4A07DD5AC1E6CD9A9235A098F1FB3A1C50385B37E376764C927978961A0EE4AC1C591F197494D82D71B35EAA3780956CB1A3 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\workalone.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1026 |
Entropy (8bit): | 4.698711683401115 |
Encrypted: | false |
SSDEEP: | 24:qKHpKPokvebe5xXL3g76mBU/gS2JBbl20IS7pnXk:Rpcjnxbw7TYgS2nbzIS7pnXk |
MD5: | 47643CE7571E0C995094D7CE5F2005D7 |
SHA1: | 40D42828B2F68C625EBD884FB8AF5B20F5A1DF9C |
SHA-256: | 1D642D4EC7BC821B0FFA28C3F2702C875C922139D8001EADD664EBCCF8D321B3 |
SHA-512: | 3AAD0470C01D2609662C0B8D146BA79132B404C669C22032D085233E2D30725797AC2E15A11F54DFE00E4B6CA6E914E3439D4775B3AF6D782334FE9424F485A5 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\workalone.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1026 |
Entropy (8bit): | 4.69486718145169 |
Encrypted: | false |
SSDEEP: | 24:XvKYeI9D5UOyoiaxIKgpZ9ONvMyTONN5ZjJH1U:yyD6yxILZ9OtTT+XRG |
MD5: | E63B196AE0D5F7670244FB1347D75EFC |
SHA1: | 1C17108AC7E5263674836BAD67AE44D8C3C6890B |
SHA-256: | D8C0D7B9CDFC72CAAB0A7687299B6734708E98C6DD088CDB0FF1A659E294B49D |
SHA-512: | 63345352964E1BD19AC843F82820E9B29C5BA991A002AB9B3164E1AA10B6D88BFA0DFAFA2E91E584835BA89B6A1770140AC14EA0B4B64E6C3BF8CDA34C9698AC |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\workalone.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1026 |
Entropy (8bit): | 4.694142261581685 |
Encrypted: | false |
SSDEEP: | 24:f9GDi2EYjkpBrLp83PYbuFr5oKIQppDgX+qrctnWyd3z+g8BHGZ:yEYjkpZYwS/oKIuA+qriTjEBHe |
MD5: | E9AA17F314E072EBB015265FB63E77C0 |
SHA1: | 1233B76350B8181FFFC438B62002C02B4AE79000 |
SHA-256: | F66078FCFEC2D71549136CC8B5B4EE7D33C4994E0A4E3E7C11F5ADCD819D0436 |
SHA-512: | 719E659924CE585E4DD8CEA9BC6B5371AD810999022F874F380F50C7153D3AE97CC934E3173EF06573CAEE6CBC835A668C4D7DC2ADE597B1B0D200FCBAC67DA1 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\workalone.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 94208 |
Entropy (8bit): | 1.2882898331044472 |
Encrypted: | false |
SSDEEP: | 192:go1/8dpUXbSzTPJPn6UVuUhoEwn7PrH944:gS/inPvVuUhoEwn7b944 |
MD5: | 4822E6A71C88A4AB8A27F90192B5A3B3 |
SHA1: | CC07E541426BFF64981CE6DE7D879306C716B6B9 |
SHA-256: | A6E2CCBD736E5892E658020543F4DF20BB422253CAC06B37398AA4935987446E |
SHA-512: | C4FCA0DBC8A6B00383B593046E30C5754D570AA2009D4E26460833FB1394D348776400174C898701F621C305F53DC03C1B42CF76AA5DC33D5CCD8FA44935B03C |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\workalone.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 49152 |
Entropy (8bit): | 0.7876734657715041 |
Encrypted: | false |
SSDEEP: | 48:43KzOIIY3HzrkNSs8LKvUf9KnmlG0UX9q4lCm+KLka+yJqhM0ObVEq8Ma0D0HOlx:Sq0NFeymDlGD9qlm+KL2y0Obn8MouO |
MD5: | CF7758A2FF4A94A5D589DEBAED38F82E |
SHA1: | D3380E70D0CAEB9AD78D14DD970EA480E08232B8 |
SHA-256: | 6CA783B84D01BFCF9AA7185D7857401D336BAD407A182345B97096E1F2502B7F |
SHA-512: | 1D0C49B02A159EEB4AA971980CCA02751973E249422A71A0587EE63986A4A0EB8929458BCC575A9898CE3497CC5BDFB7050DF33DF53F5C88D110F386A0804CBF |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\workalone.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 49152 |
Entropy (8bit): | 0.7876734657715041 |
Encrypted: | false |
SSDEEP: | 48:43KzOIIY3HzrkNSs8LKvUf9KnmlG0UX9q4lCm+KLka+yJqhM0ObVEq8Ma0D0HOlx:Sq0NFeymDlGD9qlm+KL2y0Obn8MouO |
MD5: | CF7758A2FF4A94A5D589DEBAED38F82E |
SHA1: | D3380E70D0CAEB9AD78D14DD970EA480E08232B8 |
SHA-256: | 6CA783B84D01BFCF9AA7185D7857401D336BAD407A182345B97096E1F2502B7F |
SHA-512: | 1D0C49B02A159EEB4AA971980CCA02751973E249422A71A0587EE63986A4A0EB8929458BCC575A9898CE3497CC5BDFB7050DF33DF53F5C88D110F386A0804CBF |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\workalone.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 94208 |
Entropy (8bit): | 1.2882898331044472 |
Encrypted: | false |
SSDEEP: | 192:go1/8dpUXbSzTPJPn6UVuUhoEwn7PrH944:gS/inPvVuUhoEwn7b944 |
MD5: | 4822E6A71C88A4AB8A27F90192B5A3B3 |
SHA1: | CC07E541426BFF64981CE6DE7D879306C716B6B9 |
SHA-256: | A6E2CCBD736E5892E658020543F4DF20BB422253CAC06B37398AA4935987446E |
SHA-512: | C4FCA0DBC8A6B00383B593046E30C5754D570AA2009D4E26460833FB1394D348776400174C898701F621C305F53DC03C1B42CF76AA5DC33D5CCD8FA44935B03C |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\workalone.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 49152 |
Entropy (8bit): | 0.7876734657715041 |
Encrypted: | false |
SSDEEP: | 48:43KzOIIY3HzrkNSs8LKvUf9KnmlG0UX9q4lCm+KLka+yJqhM0ObVEq8Ma0D0HOlx:Sq0NFeymDlGD9qlm+KL2y0Obn8MouO |
MD5: | CF7758A2FF4A94A5D589DEBAED38F82E |
SHA1: | D3380E70D0CAEB9AD78D14DD970EA480E08232B8 |
SHA-256: | 6CA783B84D01BFCF9AA7185D7857401D336BAD407A182345B97096E1F2502B7F |
SHA-512: | 1D0C49B02A159EEB4AA971980CCA02751973E249422A71A0587EE63986A4A0EB8929458BCC575A9898CE3497CC5BDFB7050DF33DF53F5C88D110F386A0804CBF |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\workalone.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 94208 |
Entropy (8bit): | 1.2882898331044472 |
Encrypted: | false |
SSDEEP: | 192:go1/8dpUXbSzTPJPn6UVuUhoEwn7PrH944:gS/inPvVuUhoEwn7b944 |
MD5: | 4822E6A71C88A4AB8A27F90192B5A3B3 |
SHA1: | CC07E541426BFF64981CE6DE7D879306C716B6B9 |
SHA-256: | A6E2CCBD736E5892E658020543F4DF20BB422253CAC06B37398AA4935987446E |
SHA-512: | C4FCA0DBC8A6B00383B593046E30C5754D570AA2009D4E26460833FB1394D348776400174C898701F621C305F53DC03C1B42CF76AA5DC33D5CCD8FA44935B03C |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\cmd.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 348672 |
Entropy (8bit): | 5.276672751026678 |
Encrypted: | false |
SSDEEP: | 3072:kd4jFS378hlr02cpbHrxfV0WzJsQuJpnpvcPavg3igp06mLkXDQWmE6:W378ib70cWpnv2+6mLkzQE6 |
MD5: | 68F42F485ECE93306BEF1E4084D3052E |
SHA1: | C63F1A56D12A0ACBF5E9A354D8A66C6E17AF2309 |
SHA-256: | 5D526BE000146CF9CF94F7EF6F4E86929D508E17CA483B03D4ECBD2D52E071C9 |
SHA-512: | 75E09E7505039A7EB0D0652666F3ED258D50C2536BB3877C2E1503E69700AAE6A8014EF6B8F4F7F41BFA11F857CF0240F1A950F66395D19AE12707DB863C1242 |
Malicious: | true |
Antivirus: |
|
Preview: |
Process: | C:\Windows\SysWOW64\cmd.exe |
File Type: | |
Category: | modified |
Size (bytes): | 26 |
Entropy (8bit): | 3.95006375643621 |
Encrypted: | false |
SSDEEP: | 3:ggPYV:rPYV |
MD5: | 187F488E27DB4AF347237FE461A079AD |
SHA1: | 6693BA299EC1881249D59262276A0D2CB21F8E64 |
SHA-256: | 255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309 |
SHA-512: | 89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E |
Malicious: | true |
Preview: |
File type: | |
Entropy (8bit): | 5.276672751026678 |
TrID: |
|
File name: | workalone.exe |
File size: | 348672 |
MD5: | 68f42f485ece93306bef1e4084d3052e |
SHA1: | c63f1a56d12a0acbf5e9a354d8a66c6e17af2309 |
SHA256: | 5d526be000146cf9cf94f7ef6f4e86929d508e17ca483b03d4ecbd2d52e071c9 |
SHA512: | 75e09e7505039a7eb0d0652666f3ed258d50c2536bb3877c2e1503e69700aae6a8014ef6b8f4f7f41bfa11f857cf0240f1a950f66395d19ae12707db863c1242 |
SSDEEP: | 3072:kd4jFS378hlr02cpbHrxfV0WzJsQuJpnpvcPavg3igp06mLkXDQWmE6:W378ib70cWpnv2+6mLkzQE6 |
TLSH: | 747439267384DF26C79223B7C6035BA002184C197785EE76A4E529FC94A1FFAD9CF193 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...PT.c.................R..........Fp... ........@.. ....................................@................................ |
Icon Hash: | 64c68eb2b3b686c4 |
Entrypoint: | 0x427046 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x63865450 [Tue Nov 29 18:49:52 2022 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
Instruction |
---|
jmp dword ptr [00402000h] |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x26ffc | 0x4a | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x28000 | 0x2faa4 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x58000 | 0xc | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x2000 | 0x8 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x2008 | 0x48 | .text |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x2000 | 0x2504c | 0x25200 | False | 0.8109743265993266 | data | 7.585773646811085 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rsrc | 0x28000 | 0x2faa4 | 0x2fc00 | False | 0.08600908049738219 | data | 2.4474216242910125 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x58000 | 0xc | 0x200 | False | 0.044921875 | data | 0.10191042566270775 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_ICON | 0x280b4 | 0x13ca | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | ||
RT_ICON | 0x294a2 | 0x10828 | Device independent bitmap graphic, 128 x 256 x 32, image size 67584 | ||
RT_ICON | 0x39cee | 0x94a8 | Device independent bitmap graphic, 96 x 192 x 32, image size 38016 | ||
RT_ICON | 0x431ba | 0x67e8 | Device independent bitmap graphic, 80 x 160 x 32, image size 26560 | ||
RT_ICON | 0x499c6 | 0x5488 | Device independent bitmap graphic, 72 x 144 x 32, image size 21600 | ||
RT_ICON | 0x4ee72 | 0x4228 | Device independent bitmap graphic, 64 x 128 x 32, image size 16896 | ||
RT_ICON | 0x530be | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | ||
RT_ICON | 0x5568a | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | ||
RT_ICON | 0x56756 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 2400 | ||
RT_ICON | 0x57102 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | ||
RT_GROUP_ICON | 0x575b8 | 0x92 | data | ||
RT_VERSION | 0x57686 | 0x1f8 | data | English | United States |
RT_MANIFEST | 0x578ba | 0x1ea | XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators |
DLL | Import |
---|---|
mscoree.dll | _CorExeMain |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Nov 30, 2022 00:07:25.722348928 CET | 49685 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:07:25.752378941 CET | 46539 | 49685 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:07:25.752796888 CET | 49685 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:07:26.016802073 CET | 49685 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:07:26.088752985 CET | 46539 | 49685 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:07:26.213782072 CET | 46539 | 49685 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:07:26.218960047 CET | 49685 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:07:26.290599108 CET | 46539 | 49685 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:07:26.380656004 CET | 46539 | 49685 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:07:26.424237013 CET | 49685 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:07:34.937004089 CET | 49685 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:07:34.972991943 CET | 46539 | 49685 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:07:35.004894972 CET | 49685 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:07:35.055725098 CET | 46539 | 49685 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:07:35.055794954 CET | 46539 | 49685 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:07:35.055846930 CET | 46539 | 49685 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:07:35.055901051 CET | 46539 | 49685 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:07:35.056029081 CET | 49685 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:07:35.056374073 CET | 49685 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:07.861217022 CET | 49685 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:07.890326023 CET | 46539 | 49685 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:07.890465021 CET | 49685 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:08.012422085 CET | 49687 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:08.040680885 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.040882111 CET | 49687 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:08.051173925 CET | 49687 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:08.118521929 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.179694891 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.181700945 CET | 49687 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:08.210653067 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.212898016 CET | 49687 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:08.242925882 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.243597984 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.243987083 CET | 49687 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:08.272692919 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.272722960 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.273192883 CET | 49687 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:08.273495913 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.273772001 CET | 49687 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:08.274296045 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.300961971 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.301352024 CET | 49687 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:08.301760912 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.301800013 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.302026987 CET | 49687 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:08.302115917 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.302129030 CET | 49687 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:08.302516937 CET | 49687 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:08.302608967 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.302635908 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.302661896 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.302783012 CET | 49687 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:08.304261923 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.329659939 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.329730988 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.329937935 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.330197096 CET | 49687 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:08.330393076 CET | 49687 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:08.330487013 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.331543922 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.331660986 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.331897974 CET | 49687 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:08.332432032 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.332724094 CET | 49687 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:08.333273888 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.333509922 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.333692074 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.333694935 CET | 49687 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:08.333961010 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.334039927 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.334115982 CET | 49687 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:08.335695982 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.335901022 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.357816935 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.358990908 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.359028101 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.359174967 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.359221935 CET | 49687 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:08.359349966 CET | 49687 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:08.359509945 CET | 49687 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:08.359599113 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.359643936 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.359833002 CET | 49687 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:08.360557079 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.361654997 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.361905098 CET | 49687 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:08.362641096 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.362689018 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.362763882 CET | 49687 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:08.363637924 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.364617109 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.365525007 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.365761995 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.365890026 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.365921021 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.365948915 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.365995884 CET | 49687 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:08.366144896 CET | 49687 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:08.366528034 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.367007971 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.367528915 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.367791891 CET | 49687 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:08.387594938 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.388499975 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.389513969 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.390594006 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.391725063 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.392486095 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.393584013 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.394597054 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.395559072 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.396579981 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.397608995 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.398592949 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.400310040 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.400779963 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.401525021 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.426443100 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.426474094 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.426843882 CET | 49687 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:08.427418947 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.427598953 CET | 49687 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:08.454690933 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.455617905 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.456527948 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.457520008 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.495439053 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.495774031 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.496046066 CET | 49687 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:08.524487972 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.524530888 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.526654005 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.526913881 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.526961088 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.526988983 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.527017117 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.527168036 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.527272940 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.527353048 CET | 49687 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:08.527571917 CET | 49687 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:08.527697086 CET | 49687 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:08.527833939 CET | 49687 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:08.527940035 CET | 49687 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:08.528070927 CET | 49687 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:08.528187990 CET | 49687 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:08.528187990 CET | 49687 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:08.552392960 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.552742958 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.554399014 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.554419994 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.554452896 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.554748058 CET | 49687 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:08.555562019 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.556437969 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.556816101 CET | 49687 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:08.557429075 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.558517933 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.558949947 CET | 49687 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:08.559442043 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.560437918 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.560764074 CET | 49687 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:08.561438084 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.561661005 CET | 49687 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:08.562467098 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.563352108 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.564543962 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.565587997 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.566427946 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.568458080 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.569574118 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.578516006 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.583189011 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.584547043 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.585625887 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.585835934 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.586098909 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.586661100 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.587007046 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.587027073 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.588452101 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.589447975 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.590449095 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.632512093 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.652580976 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.713120937 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.713145018 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.715363026 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.716440916 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.739548922 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.739588022 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.741117954 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.829467058 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.864692926 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.864749908 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.864775896 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.864800930 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.864828110 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.864852905 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:08.866043091 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:09.644581079 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:09.644618988 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:09.993891001 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:10.000479937 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:10.000648022 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:10.000782967 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:10.000804901 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:10.001079082 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:10.002705097 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:10.002805948 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:10.002825975 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:10.002842903 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:10.002859116 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:10.213998079 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:10.256093025 CET | 49687 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:10.908248901 CET | 49687 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:10.936352015 CET | 46539 | 49687 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:10.936508894 CET | 49687 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:11.091849089 CET | 49688 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:11.120538950 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:11.120707035 CET | 49688 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:11.122320890 CET | 49688 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:11.187195063 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:11.196537971 CET | 49688 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:11.227025986 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:11.227364063 CET | 49688 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:11.256616116 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:11.256922960 CET | 49688 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:11.257606983 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:11.257709026 CET | 49688 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:11.285412073 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:11.285681009 CET | 49688 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:11.286668062 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:11.286895990 CET | 49688 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:11.287868023 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:11.288023949 CET | 49688 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:11.309477091 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:11.311420918 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:11.311469078 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:11.311568975 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:11.317779064 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:11.318135977 CET | 49688 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:11.325855970 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:11.326117039 CET | 49688 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:11.348048925 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:11.348274946 CET | 49688 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:11.349504948 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:11.349706888 CET | 49688 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:11.350840092 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:11.350996017 CET | 49688 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:11.351665974 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:11.351819038 CET | 49688 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:11.355901003 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:11.356115103 CET | 49688 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:11.358912945 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:11.359019995 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:11.379221916 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:11.380438089 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:11.381033897 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:11.382400990 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:11.385426044 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:12.952426910 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:12.952848911 CET | 49688 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:12.984060049 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:12.984119892 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.002226114 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.002279997 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.002420902 CET | 49688 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:13.002521992 CET | 49688 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:13.014142036 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.014204979 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.014283895 CET | 49688 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:13.014352083 CET | 49688 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:13.032402039 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.033026934 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.038069963 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.038235903 CET | 49688 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:13.044212103 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.045208931 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.045259953 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.045291901 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.045325041 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.045346975 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.045368910 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.045375109 CET | 49688 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:13.045583010 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.045733929 CET | 49688 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:13.045821905 CET | 49688 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:13.045821905 CET | 49688 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:13.052936077 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.053108931 CET | 49688 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:13.054532051 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.054557085 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.054791927 CET | 49688 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:13.055145979 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.055198908 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.055217981 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.055320024 CET | 49688 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:13.055459023 CET | 49688 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:13.055519104 CET | 49688 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:13.055593967 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.055727005 CET | 49688 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:13.055984020 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.056612015 CET | 49688 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:13.057365894 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.057524920 CET | 49688 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:13.069972038 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.070004940 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.070133924 CET | 49688 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:13.073522091 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.073643923 CET | 49688 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:13.075541019 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.075692892 CET | 49688 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:13.075844049 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.075865030 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.075884104 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.075901985 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.075920105 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.075937986 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.075943947 CET | 49688 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:13.075989008 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.076040030 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.076092005 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.076132059 CET | 49688 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:13.076172113 CET | 49688 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:13.076193094 CET | 49688 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:13.078376055 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.078635931 CET | 49688 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:13.079792023 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.080667973 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.083374023 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.084194899 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.085100889 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.089322090 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.090193033 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.095987082 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.096184969 CET | 49688 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:13.096548080 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.096676111 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.096676111 CET | 49688 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:13.096776009 CET | 49688 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:13.098565102 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.098602057 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.098613024 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.098624945 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.098638058 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.098653078 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.098668098 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.099039078 CET | 49688 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:13.099143028 CET | 49688 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:13.099216938 CET | 49688 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:13.099268913 CET | 49688 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:13.099268913 CET | 49688 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:13.102237940 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.102288961 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.102416039 CET | 49688 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:13.102452993 CET | 49688 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:13.105859041 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.105974913 CET | 49688 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:13.106812000 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.106950045 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.106997967 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.107060909 CET | 49688 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:13.107129097 CET | 49688 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:13.107129097 CET | 49688 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:13.107172966 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.107217073 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.107264996 CET | 49688 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:13.107317924 CET | 49688 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:13.107332945 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.107388020 CET | 49688 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:13.108633995 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.108655930 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.108684063 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.108728886 CET | 49688 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:13.108840942 CET | 49688 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:13.108840942 CET | 49688 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:13.127501011 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.127557039 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.127666950 CET | 49688 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:13.127743959 CET | 49688 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:13.127912045 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.127999067 CET | 49688 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:13.128354073 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.128390074 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.128477097 CET | 49688 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:13.128477097 CET | 49688 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:13.128528118 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.128595114 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.128645897 CET | 49688 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:13.128667116 CET | 49688 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:13.128669977 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.128765106 CET | 49688 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:13.128978968 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.128999949 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.129053116 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.129087925 CET | 49688 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:13.129189014 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.129304886 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.129324913 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.129373074 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.130346060 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.130805969 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.130846024 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.130903006 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.131494999 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.131522894 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.131598949 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.131619930 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.132276058 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.132301092 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.132340908 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.132901907 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.133491993 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.133510113 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.133719921 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.133738995 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.134267092 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.134516001 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.134947062 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.134974003 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.138415098 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.138432026 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.138539076 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.138551950 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.138672113 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.138684034 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.139163971 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.139178038 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.139198065 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.139210939 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.157210112 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.157260895 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.157280922 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.157676935 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.157699108 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.157715082 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.157893896 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.158545971 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.158567905 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.158695936 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.158727884 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.158750057 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.159328938 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.159351110 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.159921885 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.159941912 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.160782099 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.187941074 CET | 46539 | 49688 | 85.208.136.178 | 192.168.2.3 |
Nov 30, 2022 00:08:13.318850040 CET | 49688 | 46539 | 192.168.2.3 | 85.208.136.178 |
Nov 30, 2022 00:08:13.501327038 CET | 49688 | 46539 | 192.168.2.3 | 85.208.136.178 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Nov 30, 2022 00:07:25.575783014 CET | 63722 | 53 | 192.168.2.3 | 8.8.8.8 |
Nov 30, 2022 00:07:25.687061071 CET | 53 | 63722 | 8.8.8.8 | 192.168.2.3 |
Nov 30, 2022 00:07:35.732409954 CET | 65522 | 53 | 192.168.2.3 | 8.8.8.8 |
Nov 30, 2022 00:07:35.763092995 CET | 59869 | 53 | 192.168.2.3 | 8.8.8.8 |
Nov 30, 2022 00:08:07.898642063 CET | 54397 | 53 | 192.168.2.3 | 8.8.8.8 |
Nov 30, 2022 00:08:08.008116007 CET | 53 | 54397 | 8.8.8.8 | 192.168.2.3 |
Nov 30, 2022 00:08:10.978208065 CET | 59324 | 53 | 192.168.2.3 | 8.8.8.8 |
Nov 30, 2022 00:08:11.086960077 CET | 53 | 59324 | 8.8.8.8 | 192.168.2.3 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Nov 30, 2022 00:07:25.575783014 CET | 192.168.2.3 | 8.8.8.8 | 0x9fd4 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 30, 2022 00:07:35.732409954 CET | 192.168.2.3 | 8.8.8.8 | 0x7e82 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 30, 2022 00:07:35.763092995 CET | 192.168.2.3 | 8.8.8.8 | 0x48a3 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 30, 2022 00:08:07.898642063 CET | 192.168.2.3 | 8.8.8.8 | 0xe5fe | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 30, 2022 00:08:10.978208065 CET | 192.168.2.3 | 8.8.8.8 | 0x3609 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Nov 30, 2022 00:07:25.687061071 CET | 8.8.8.8 | 192.168.2.3 | 0x9fd4 | No error (0) | 85.208.136.178 | A (IP address) | IN (0x0001) | false | ||
Nov 30, 2022 00:07:35.754019976 CET | 8.8.8.8 | 192.168.2.3 | 0x7e82 | No error (0) | api.ip.sb.cdn.cloudflare.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Nov 30, 2022 00:07:35.783816099 CET | 8.8.8.8 | 192.168.2.3 | 0x48a3 | No error (0) | api.ip.sb.cdn.cloudflare.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Nov 30, 2022 00:08:08.008116007 CET | 8.8.8.8 | 192.168.2.3 | 0xe5fe | No error (0) | 85.208.136.178 | A (IP address) | IN (0x0001) | false | ||
Nov 30, 2022 00:08:11.086960077 CET | 8.8.8.8 | 192.168.2.3 | 0x3609 | No error (0) | 85.208.136.178 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.3 | 49685 | 85.208.136.178 | 46539 | C:\Users\user\Desktop\workalone.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Nov 30, 2022 00:07:26.016802073 CET | 102 | OUT | |
Nov 30, 2022 00:07:26.213782072 CET | 102 | IN | |
Nov 30, 2022 00:07:26.380656004 CET | 103 | IN | |
Nov 30, 2022 00:07:34.937004089 CET | 103 | OUT | |
Nov 30, 2022 00:07:34.972991943 CET | 103 | IN | |
Nov 30, 2022 00:07:35.055725098 CET | 104 | IN |