Edit tour
Windows
Analysis Report
file.exe
Overview
General Information
| Sample name: | file.exe |
| Analysis ID: | 1445897 |
| MD5: | e154829a16292c782b579d217e0ea8bf |
| SHA1: | 5d2fb1535930184e7212b5fb780c638f32a03cee |
| SHA256: | 132fe6d8e5c0026b4f9e0de786ccc4a35fc22d86821d230f8d8ea924e825ffbf |
| Tags: | exe |
| Infos: |  |
 | |
Detection
RedLine
| Score: | 100 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Antivirus / Scanner detection for submitted sample
Found malware configuration
Snort IDS alert for network traffic
Yara detected RedLine Stealer
AI detected suspicious sample
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Contains functionality to inject code into remote processes
Injects a PE file into a foreign processes
Installs new ROOT certificates
Machine Learning detection for sample
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Writes to foreign memory regions
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops certificate files (DER)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found potential string decryption / allocating functions
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Classification
- System is w10x64
file.exe (PID: 6864 cmdline: "C:\Users\ user\Deskt op\file.ex e" MD5: E154829A16292C782B579D217E0EA8BF) - RegAsm.exe (PID: 6032 cmdline:
"C:\Window s\Microsof t.NET\Fram ework\v4.0 .30319\Reg Asm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)
- cleanup
| Name | Description | Attribution | Blogpost URLs | Link |
|---|---|---|---|---|
| RedLine Stealer | RedLine Stealer is a malware available on underground forums for sale apparently as standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer. | No Attribution |
{"C2 url": ["5.42.65.115:40551"], "Bot Id": "LogsDiller Cloud (TG: @logsdillabot)", "Authorization Header": "3a050df92d0cf082b2cdaf87863616be"}| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_RedLine_1 | Yara detected RedLine Stealer | Joe Security | ||
| JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security |
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
| JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
| JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
| JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
| JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
| Click to see the 2 entries | ||||
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
| JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security |
⊘No Sigma rule has matched
| Timestamp: | 05/22/24-18:20:00.737450 |
| SID: | 2046045 |
| Source Port: | 49730 |
| Destination Port: | 40551 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 05/22/24-18:20:00.932379 |
| SID: | 2043234 |
| Source Port: | 40551 |
| Destination Port: | 49730 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 05/22/24-18:20:12.066922 |
| SID: | 2043231 |
| Source Port: | 49730 |
| Destination Port: | 40551 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 05/22/24-18:20:06.193796 |
| SID: | 2046056 |
| Source Port: | 40551 |
| Destination Port: | 49730 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | Avira: | ||
| Source: | Malware Configuration Extractor: | ||
| Source: | Integrated Neural Analysis Model: | ||
| Source: | Joe Sandbox ML: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 0_2_003F4493 | |
Networking | |
|---|
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | URLs: | ||
| Source: | TCP traffic: | ||
| Source: | ASN Name: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | Code function: | 0_2_003F6AF8 | |
| Source: | Code function: | 0_2_003F3560 | |
| Source: | Code function: | 1_2_00E3DC74 | |
| Source: | Code function: | 1_2_064567D8 | |
| Source: | Code function: | 1_2_0645A3D8 | |
| Source: | Code function: | 1_2_06453F50 | |
| Source: | Code function: | 1_2_06456FE8 | |
| Source: | Code function: | 1_2_06456FF8 | |
| Source: | Code function: | ||
| Source: | Binary or memory string: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Classification label: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Mutant created: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | LNK file: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 0_2_003E4977 | |
| Source: | Code function: | 1_2_0645E070 | |
| Source: | Code function: | 1_2_0645ED01 | |
| Source: | Code function: | 1_2_06453B53 | |
| Source: | Code function: | 1_2_064549AD | |
Persistence and Installation Behavior | |
|---|
| Source: | Registry value created: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
Malware Analysis System Evasion | |
|---|
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | WMI Queries: | ||
| Source: | Code function: | 0_2_003F4493 | |
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Process information queried: | Jump to behavior | ||
| Source: | Code function: | 0_2_003E8F06 | |
| Source: | Code function: | 0_2_003EC35D | |
| Source: | Code function: | 0_2_003F560E | |
| Source: | Code function: | 0_2_003F7C0D | |
| Source: | Process token adjusted: | Jump to behavior | ||
| Source: | Code function: | 0_2_003E5102 | |
| Source: | Code function: | 0_2_003E5237 | |
| Source: | Code function: | 0_2_003E8F06 | |
| Source: | Code function: | 0_2_003E4FA6 | |
| Source: | Memory allocated: | Jump to behavior | ||
HIPS / PFW / Operating System Protection Evasion | |
|---|
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Code function: | 0_2_00BB018D | |
| Source: | Memory written: | Jump to behavior | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Code function: | 0_2_003E4CCC | |
| Source: | Code function: | 0_2_003EF01F | |
| Source: | Code function: | 0_2_003F7047 | |
| Source: | Code function: | 0_2_003F78DC | |
| Source: | Code function: | 0_2_003F79AB | |
| Source: | Code function: | 0_2_003F72E9 | |
| Source: | Code function: | 0_2_003F7334 | |
| Source: | Code function: | 0_2_003F73CF | |
| Source: | Code function: | 0_2_003F745A | |
| Source: | Code function: | 0_2_003EF545 | |
| Source: | Code function: | 0_2_003F76AD | |
| Source: | Code function: | 0_2_003F77D6 | |
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Code function: | 0_2_003E4EA0 | |
| Source: | Key value queried: | Jump to behavior | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
Stealing of Sensitive Information | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File source: | ||
| Source: | File source: | ||
Remote Access Functionality | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 221 Windows Management Instrumentation | 1 DLL Side-Loading | 411 Process Injection | 1 Masquerading | 1 OS Credential Dumping | 1 System Time Discovery | Remote Services | 1 Archive Collected Data | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 1 Disable or Modify Tools | LSASS Memory | 241 Security Software Discovery | Remote Desktop Protocol | 2 Data from Local System | 1 Non-Standard Port | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 241 Virtualization/Sandbox Evasion | Security Account Manager | 1 Process Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 411 Process Injection | NTDS | 241 Virtualization/Sandbox Evasion | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Deobfuscate/Decode Files or Information | LSA Secrets | 1 Application Window Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
| Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 2 Obfuscated Files or Information | Cached Domain Credentials | 2 File and Directory Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
| DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 1 Install Root Certificate | DCSync | 134 System Information Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
| Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 1 Software Packing | Proc Filesystem | System Owner/User Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
| Network Topology | Malvertising | Exploit Public-Facing Application | Command and Scripting Interpreter | At | At | 1 DLL Side-Loading | /etc/passwd and /etc/shadow | Network Sniffing | Direct Cloud VM Connections | Data Staged | Web Protocols | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Internal Defacement |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 100% | Avira | HEUR/AGEN.1317026 | ||
| 100% | Joe Sandbox ML |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe |
⊘No contacted domains info
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 5.42.65.115 | unknown | Russian Federation | 39493 | RU-KSTVKolomnaGroupofcompaniesGuarantee-tvRU | true |
| Joe Sandbox version: | 40.0.0 Tourmaline |
| Analysis ID: | 1445897 |
| Start date and time: | 2024-05-22 18:19:12 +02:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 5m 10s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 7 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | file.exe |
| Detection: | MAL |
| Classification: | mal100.troj.spyw.evad.winEXE@3/5@0/1 |
| EGA Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, 4.8.2.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.0.2.0.c.0.0.3.0.1.3.0.6.2.ip6.arpa, ctldl.windowsupdate.com, dns.msftncsi.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtAllocateVirtualMemory calls found.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
- VT rate limit hit for: file.exe
| Time | Type | Description |
|---|---|---|
| 12:20:08 | API Interceptor |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 5.42.65.115 | Get hash | malicious | GCleaner | Browse |
| |
| Get hash | malicious | GCleaner, RedLine | Browse |
| ||
| Get hash | malicious | LummaC, GCleaner, LummaC Stealer | Browse |
| ||
| Get hash | malicious | GCleaner, RedLine | Browse |
|
⊘No context
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| RU-KSTVKolomnaGroupofcompaniesGuarantee-tvRU | Get hash | malicious | RedLine | Browse |
| |
| Get hash | malicious | SmokeLoader | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | RedLine | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | RisePro Stealer | Browse |
| ||
| Get hash | malicious | RedLine | Browse |
|
⊘No context
⊘No context
| Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2104 |
| Entropy (8bit): | 3.4556070346954355 |
| Encrypted: | false |
| SSDEEP: | 48:8S0dZTBnxRYrnvPdAKRkdAGdAKRFdAKR/U:8SyK |
| MD5: | 76EA8642EDFC0D70B8C0F0B5D9C1784A |
| SHA1: | C23DCA143ED074418571E27A2E99C7BAB5A3703A |
| SHA-256: | 1B98DCB6FD1A24A0B051D6F6E1A4261ABC071096940758EAAFBA87DEA3656695 |
| SHA-512: | D1B67DC5D7089CB11D10C1138E785E6C5EF6FAF92CF1C48C7A24713122B7856DC9C2C9B393D64C2B66B86CDAD9B5CC3A88AEB0D2DC70124B67C72EBEE3AB9771 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 3274 |
| Entropy (8bit): | 5.3318368586986695 |
| Encrypted: | false |
| SSDEEP: | 96:Pq5qHwCYqh3oPtI6eqzxP0aymRLKTqdqlq7qqjqc85VD:Pq5qHwCYqh3qtI6eqzxP0at9KTqdqlq0 |
| MD5: | 0C1110E9B7BBBCB651A0B7568D796468 |
| SHA1: | 7AEE00407EE27655FFF0ADFBC96CF7FAD9610AAA |
| SHA-256: | 112E21404A85963FB5DF8388F97429D6A46E9D4663435CC86267C563C0951FA2 |
| SHA-512: | 46E37552764B4E61006AB99F8C542D55B2418668B097D3C6647D306604C3D7CA3FAF34F8B4121D94B0E7168295B2ABEB7C21C3B96F37208943537B887BC81590 |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
| Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2662 |
| Entropy (8bit): | 7.8230547059446645 |
| Encrypted: | false |
| SSDEEP: | 48:qJdHasMPAUha1DgSVVi59ca13MfyKjWwUmq9W2UgniDhiRhkjp9g:bhhEgSVVi59defyfW2sDgAj3g |
| MD5: | 1420D30F964EAC2C85B2CCFE968EEBCE |
| SHA1: | BDF9A6876578A3E38079C4F8CF5D6C79687AD750 |
| SHA-256: | F3327793E3FD1F3F9A93F58D033ED89CE832443E2695BECA9F2B04ADBA049ED9 |
| SHA-512: | 6FCB6CE148E1E246D6805502D4914595957061946751656567A5013D96033DD1769A22A87C45821E7542CDE533450E41182CEE898CD2CCF911C91BC4822371A8 |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
| Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2662 |
| Entropy (8bit): | 7.8230547059446645 |
| Encrypted: | false |
| SSDEEP: | 48:qJdHasMPAUha1DgSVVi59ca13MfyKjWwUmq9W2UgniDhiRhkjp9g:bhhEgSVVi59defyfW2sDgAj3g |
| MD5: | 1420D30F964EAC2C85B2CCFE968EEBCE |
| SHA1: | BDF9A6876578A3E38079C4F8CF5D6C79687AD750 |
| SHA-256: | F3327793E3FD1F3F9A93F58D033ED89CE832443E2695BECA9F2B04ADBA049ED9 |
| SHA-512: | 6FCB6CE148E1E246D6805502D4914595957061946751656567A5013D96033DD1769A22A87C45821E7542CDE533450E41182CEE898CD2CCF911C91BC4822371A8 |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1002\76b53b3ec448f7ccdda2063b15d2bfc3_9e146be9-c76a-4720-bcdb-53011b87bd06
Download File
| Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2251 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | 3:: |
| MD5: | 0158FE9CEAD91D1B027B795984737614 |
| SHA1: | B41A11F909A7BDF1115088790A5680AC4E23031B |
| SHA-256: | 513257326E783A862909A2A0F0941D6FF899C403E104FBD1DBC10443C41D9F9A |
| SHA-512: | C48A55CC7A92CEFCEFE5FB2382CCD8EF651FC8E0885E88A256CD2F5D83B824B7D910F755180B29ECCB54D9361D6AF82F9CC741BD7E6752122949B657DA973676 |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
| File type: | |
| Entropy (8bit): | 7.711295641924988 |
| TrID: |
|
| File name: | file.exe |
| File size: | 470'528 bytes |
| MD5: | e154829a16292c782b579d217e0ea8bf |
| SHA1: | 5d2fb1535930184e7212b5fb780c638f32a03cee |
| SHA256: | 132fe6d8e5c0026b4f9e0de786ccc4a35fc22d86821d230f8d8ea924e825ffbf |
| SHA512: | d0acbc1d810f628107e095959a2c53ef6e58adcc8631f1ab16353b1294b7f51f13b1ff9936ab5e86aff2d3c4fad9c56f3df263d9f7b27de8ffa3cd508537a300 |
| SSDEEP: | 12288:mQJRsrrQqYvbeUVOyJ3GJNu0ADIJTls9tJBKM1I59rM:akkyJoNYDOsrqM259A |
| TLSH: | B6A4F181B0C08072EA73153609E4D6F4AE7EFD704EA69D9F77484BBE5F301819A21B67 |
| File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......jL$..-J,.-J,.-J,._I-"-J,._O-.-J,._N-;-J,._K---J,.-K,u-J,..N-<-J,..I-:-J,..O-`-J,..O-/-J,..H-/-J,Rich.-J,........PE..L.....Nf... |
 | |
| Icon Hash: | 90cececece8e8eb0 |
| Entrypoint: | 0x40490e |
| Entrypoint Section: | .text |
| Digitally signed: | false |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
| DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
| Time Stamp: | 0x664E1414 [Wed May 22 15:49:40 2024 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 6 |
| OS Version Minor: | 0 |
| File Version Major: | 6 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 6 |
| Subsystem Version Minor: | 0 |
| Import Hash: | 3253afb4f76368b87a5ee602b0490ec8 |
| Instruction |
|---|
| call 00007FDD6086DA6Fh |
| jmp 00007FDD6086D309h |
| push ebp |
| mov ebp, esp |
| jmp 00007FDD6086D49Fh |
| push dword ptr [ebp+08h] |
| call 00007FDD608767C5h |
| pop ecx |
| test eax, eax |
| je 00007FDD6086D4A1h |
| push dword ptr [ebp+08h] |
| call 00007FDD6087348Eh |
| pop ecx |
| test eax, eax |
| je 00007FDD6086D478h |
| pop ebp |
| ret |
| cmp dword ptr [ebp+08h], FFFFFFFFh |
| je 00007FDD6086A934h |
| jmp 00007FDD6086DD62h |
| push ebp |
| mov ebp, esp |
| push dword ptr [ebp+08h] |
| call 00007FDD6086DD74h |
| pop ecx |
| pop ebp |
| ret |
| cmp ecx, dword ptr [00473500h] |
| jne 00007FDD6086D493h |
| ret |
| jmp 00007FDD6086DD90h |
| mov ecx, dword ptr [ebp-0Ch] |
| mov dword ptr fs:[00000000h], ecx |
| pop ecx |
| pop edi |
| pop edi |
| pop esi |
| pop ebx |
| mov esp, ebp |
| pop ebp |
| push ecx |
| ret |
| mov ecx, dword ptr [ebp-10h] |
| xor ecx, ebp |
| call 00007FDD6086D469h |
| jmp 00007FDD6086D472h |
| push eax |
| push dword ptr fs:[00000000h] |
| lea eax, dword ptr [esp+0Ch] |
| sub esp, dword ptr [esp+0Ch] |
| push ebx |
| push esi |
| push edi |
| mov dword ptr [eax], ebp |
| mov ebp, eax |
| mov eax, dword ptr [00473500h] |
| xor eax, ebp |
| push eax |
| push dword ptr [ebp-04h] |
| mov dword ptr [ebp-04h], FFFFFFFFh |
| lea eax, dword ptr [ebp-0Ch] |
| mov dword ptr fs:[00000000h], eax |
| ret |
| push eax |
| push dword ptr fs:[00000000h] |
| lea eax, dword ptr [esp+0Ch] |
| sub esp, dword ptr [esp+0Ch] |
| push ebx |
| push esi |
| push edi |
| mov dword ptr [eax], ebp |
| mov ebp, eax |
| mov eax, dword ptr [00473500h] |
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0x2599c | 0x28 | .rdata |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x76000 | 0x1950 | .reloc |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x23fc8 | 0x1c | .rdata |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x23f08 | 0x40 | .rdata |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x1d000 | 0x140 | .rdata |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0x1a59f | 0x1a600 | 958a190d2e286e394b8f216995317189 | False | 0.5829939277251185 | data | 6.602027588555361 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .bSs | 0x1c000 | 0x315 | 0x400 | 6e172757ba390471c9226323f78cdc03 | False | 0.6591796875 | data | 5.456564594277736 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .rdata | 0x1d000 | 0x90d0 | 0x9200 | c16a9693e3f1bd814224ee07625ccb81 | False | 0.390089897260274 | data | 4.688642176445258 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .data | 0x27000 | 0x4e214 | 0x4d400 | f82928d5af1ad00b42833e2c6bb5d9d0 | False | 0.9890492263349514 | data | 7.992045422958882 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .reloc | 0x76000 | 0x1950 | 0x1a00 | 372541e493b33588efc8de3f292b1268 | False | 0.7569110576923077 | data | 6.484945587212282 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
| DLL | Import |
|---|---|
| KERNEL32.dll | CloseHandle, WaitForSingleObjectEx, CreateThread, VirtualAlloc, GetModuleHandleA, GetProcAddress, EncodePointer, DecodePointer, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionEx, DeleteCriticalSection, MultiByteToWideChar, WideCharToMultiByte, LCMapStringEx, GetStringTypeW, GetCPInfo, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, GetModuleHandleW, GetCurrentProcess, TerminateProcess, CreateFileW, RaiseException, RtlUnwind, GetLastError, SetLastError, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, LoadLibraryExW, GetStdHandle, WriteFile, GetModuleFileNameW, ExitProcess, GetModuleHandleExW, GetCommandLineA, GetCommandLineW, HeapAlloc, HeapFree, CompareStringW, LCMapStringW, GetLocaleInfoW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, GetFileType, FlushFileBuffers, GetConsoleOutputCP, GetConsoleMode, ReadFile, GetFileSizeEx, SetFilePointerEx, ReadConsoleW, HeapReAlloc, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetACP, GetOEMCP, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableW, SetStdHandle, GetProcessHeap, HeapSize, WriteConsoleW |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|---|---|---|
| 05/22/24-18:20:00.737450 | TCP | 2046045 | ET TROJAN [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| 05/22/24-18:20:00.932379 | TCP | 2043234 | ET MALWARE Redline Stealer TCP CnC - Id1Response | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| 05/22/24-18:20:12.066922 | TCP | 2043231 | ET TROJAN Redline Stealer TCP CnC Activity | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| 05/22/24-18:20:06.193796 | TCP | 2046056 | ET TROJAN Redline Stealer/MetaStealer Family Activity (Response) | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| May 22, 2024 18:20:00.041604996 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:00.046922922 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:00.047151089 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:00.055115938 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:00.097771883 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:00.709685087 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:00.737449884 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:00.742768049 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:00.932379007 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:00.975501060 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:05.994251013 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:06.001460075 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:06.193795919 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:06.195012093 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:06.195228100 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:06.197375059 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:06.199944973 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:06.200128078 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:06.202553988 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:06.245553970 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:06.245712042 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:06.315599918 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:06.320960999 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:06.514353037 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:06.569255114 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:06.576057911 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:06.581509113 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:06.581584930 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:06.586414099 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:06.586446047 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:06.586473942 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:06.586491108 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:06.586529970 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:06.586560011 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:06.586587906 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:06.586616039 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:06.591240883 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:06.591270924 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:06.591300964 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:06.595953941 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:06.595969915 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:06.595982075 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:06.653402090 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:06.869519949 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:06.912880898 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:06.977698088 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:06.987680912 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.178246975 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.225464106 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.226576090 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.235788107 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.430304050 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.475471973 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.541631937 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.552222013 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.552468061 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.557775974 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.557807922 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.557840109 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.557872057 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.557877064 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.557900906 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.557902098 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.557929039 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.557949066 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.557956934 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.557977915 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.557985067 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.557997942 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.558012962 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.558029890 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.558043957 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.558059931 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.558072090 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.558093071 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.558099985 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.558128119 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.558128119 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.558139086 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.558156013 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.558178902 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.558182955 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.558193922 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.558263063 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.562515974 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.562618971 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.569880009 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.569996119 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.576176882 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.576205969 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.576232910 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.576241016 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.576261044 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.576268911 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.576289892 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.576306105 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.576318979 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.576340914 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.576348066 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.576363087 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.576375008 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.576399088 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.576406002 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.576432943 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.576435089 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.576452971 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.576459885 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.576487064 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.576515913 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.576543093 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.576569080 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.580967903 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.580996037 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.581022978 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.581049919 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.581077099 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.581105947 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.581135988 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.581162930 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.581190109 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.581217051 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.581243038 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.581269026 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.581295967 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.581321955 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.581350088 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.581376076 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.581403017 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.581429958 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.581456900 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.584811926 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.585789919 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.585819960 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.585848093 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.585850000 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.585875988 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.585877895 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.585900068 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.585906982 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.585922956 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.585936069 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.585963011 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.585964918 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.585987091 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.585992098 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.586009979 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.586019993 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.586046934 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.586077929 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.590567112 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.590595007 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.590622902 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.590622902 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.590651989 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.590655088 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.590672016 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.590681076 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.590708971 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.590732098 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.590737104 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.590764999 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.590768099 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.590792894 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.590821981 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.590831041 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.590833902 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.590859890 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.590928078 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.591963053 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.591990948 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.592015028 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.592016935 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.592045069 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.592072010 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.592098951 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.592125893 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.592153072 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.592180014 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.592205048 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.592223883 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.592231989 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.592258930 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.592259884 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.592278957 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.592288017 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.592309952 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.592317104 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.592334986 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.592344999 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.592372894 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.592380047 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.592401981 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.592405081 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.592433929 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.592437029 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.592456102 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.592461109 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.592473030 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.592488050 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.592509031 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.592514992 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.592540026 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.592556953 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.601309061 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.601341963 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.601368904 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.601372004 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.601391077 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.601397038 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.601424932 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.601432085 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.601452112 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.601458073 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.601479053 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.601479053 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.601505995 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.601509094 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.601526976 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.601536989 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.601563931 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.601564884 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.601588964 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.601608038 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.603084087 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.603135109 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.603152037 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.603166103 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.603183031 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.603194952 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.603219032 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.603224039 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.603250027 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.603252888 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.603269100 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.603281975 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.603305101 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.603310108 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.603332043 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.603338957 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.603368044 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.603372097 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.603389978 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.603395939 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.603424072 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.603427887 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.603451014 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.603452921 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.603478909 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.603487015 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.603507042 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.603526115 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.603535891 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.603558064 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.603564024 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.603583097 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.603591919 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.603612900 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.603620052 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.603637934 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.603647947 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.603674889 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.604238033 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.604271889 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.604300022 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.604326963 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.604353905 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.604382038 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.604408979 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.604437113 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.604464054 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.604490995 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.604517937 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.604546070 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.604567051 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.604573965 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.604607105 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.604610920 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.604629040 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.604633093 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.604649067 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.604660988 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.604687929 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.604687929 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.604711056 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.604717970 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.604736090 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.604746103 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.604773998 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.604774952 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.604794979 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.604800940 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.604820967 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.604830980 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.604861975 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.604893923 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.606188059 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.606247902 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.608931065 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.608959913 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.608985901 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.608988047 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.609004974 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.609015942 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.609034061 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.609044075 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.609071970 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.609072924 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.609092951 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.609100103 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.609126091 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.609127998 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.609148979 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.609153986 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.609179974 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.609180927 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.609205008 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.609209061 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.609225988 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.609236956 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.609263897 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.609266996 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.609292030 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.609293938 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.609313011 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.609321117 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.609335899 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.609349012 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.609375954 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.609379053 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.609399080 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.609402895 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.609421015 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.609431028 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.609450102 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.609458923 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.609489918 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.609492064 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.609512091 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.609533072 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.610980988 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.611013889 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.611036062 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.611042976 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.611061096 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.611071110 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.611097097 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.611099005 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.611124992 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.611154079 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.611181021 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.611207008 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.611233950 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.611262083 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.611289978 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.611316919 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.611344099 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.611371040 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.611397982 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.611424923 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.611452103 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.611479044 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.611505032 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.611532927 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.611542940 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.611560106 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.611591101 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.611614943 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.613058090 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.613091946 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.613118887 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.613126993 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.613147020 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.613153934 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.613174915 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.613195896 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.613203049 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.613229990 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.613234043 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.613253117 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.613257885 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.613274097 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.613286972 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.613308907 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.613315105 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.613336086 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.613343000 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.613369942 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.613370895 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.613390923 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.613398075 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.613413095 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.613425970 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.613450050 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.613454103 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.613466978 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.613481998 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.613503933 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.613509893 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.613531113 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.613538027 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.613555908 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.613567114 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.613585949 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.613609076 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.618443012 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.618472099 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.618494987 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.618519068 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.618537903 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.618546963 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.618573904 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.618592024 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.618601084 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.618616104 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.618628979 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.618654966 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.618658066 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.618673086 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.618685007 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.618702888 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.618712902 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.618731976 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.618741035 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.618755102 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.618769884 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.618791103 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.618798018 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.618815899 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.618827105 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.619431019 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.619461060 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.619487047 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.619514942 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.619540930 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.619568110 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.619595051 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.619621992 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.619648933 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.619676113 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.619703054 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.619729996 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.619756937 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.619784117 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.619812012 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.619844913 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.619872093 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.619899988 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.619927883 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.619954109 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.619955063 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.619981050 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.620033026 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.621593952 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.621628046 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.621655941 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.621655941 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.621680975 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.621682882 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.621706009 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.621711016 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.621728897 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.621738911 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.621751070 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.621767044 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.621793985 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.621794939 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.621813059 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.621824026 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.621851921 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.621857882 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.621877909 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.621880054 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.621901035 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.621906996 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.621926069 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.621934891 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.621963024 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.621973991 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.621989965 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.622013092 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.622016907 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.622031927 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.622045994 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.622070074 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.622072935 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.622095108 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.622101068 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.622124910 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.622128010 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.622148037 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.622155905 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.622176886 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.622183084 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.622205973 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.622235060 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.623706102 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.623739004 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.623764038 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.623768091 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.623783112 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.623795986 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.623821020 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.623823881 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.623846054 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.623852015 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.623879910 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.623907089 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.623934031 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.623961926 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.625906944 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.625936031 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.625963926 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.625991106 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.626019001 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.626046896 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.626074076 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.626100063 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.626127958 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.626153946 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.626179934 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.626207113 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.626234055 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.626261950 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.626291037 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.626317024 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.626344919 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.626370907 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.626399040 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.626425028 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.626454115 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.626507998 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.629352093 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.629384995 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.629415035 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.629451036 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.672815084 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.673067093 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.673269987 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.673413038 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.711258888 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.711570978 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.711570978 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.711767912 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.716767073 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.763511896 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.763552904 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.763581991 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.763609886 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:07.763921976 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:07.808109045 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:08.614713907 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:08.619342089 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:08.625715017 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:08.818742037 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:08.866105080 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:09.233766079 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:09.239377975 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:09.244223118 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:09.244277000 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:09.528629065 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:09.554436922 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:09.559642076 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:09.749232054 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:09.750848055 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:09.756304026 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:09.945738077 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:09.949565887 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:09.954616070 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:10.144108057 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:10.147768021 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:10.153278112 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:10.343456984 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:10.397492886 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:10.404406071 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:10.449954033 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:10.639611006 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:10.641222000 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:10.646224022 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:10.839525938 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:10.843481064 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:10.849813938 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:11.041181087 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:11.044030905 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:11.049491882 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:11.240643024 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:11.242731094 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:11.248182058 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:11.442259073 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:11.452106953 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:11.463579893 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:11.663566113 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:11.667942047 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:11.673365116 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:11.678178072 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:11.678229094 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:11.678258896 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:11.678287029 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:11.678316116 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:11.727658033 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:11.727701902 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:11.868026972 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:11.868587971 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:11.873720884 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:12.066140890 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:12.066921949 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:12.072355986 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:12.262933016 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:12.300235033 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| May 22, 2024 18:20:12.581267118 CEST | 40551 | 49730 | 5.42.65.115 | 192.168.2.4 |
| May 22, 2024 18:20:12.581445932 CEST | 49730 | 40551 | 192.168.2.4 | 5.42.65.115 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| May 22, 2024 18:20:22.466888905 CEST | 53 | 60475 | 1.1.1.1 | 192.168.2.4 |
| May 22, 2024 18:20:48.030168056 CEST | 53 | 58739 | 162.159.36.2 | 192.168.2.4 |
| May 22, 2024 18:20:48.572839975 CEST | 53 | 58327 | 1.1.1.1 | 192.168.2.4 |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 12:19:57 |
| Start date: | 22/05/2024 |
| Path: | C:\Users\user\Desktop\file.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x3e0000 |
| File size: | 470'528 bytes |
| MD5 hash: | E154829A16292C782B579D217E0EA8BF |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
| Has exited: | true |
| Target ID: | 1 |
| Start time: | 12:19:58 |
| Start date: | 22/05/2024 |
| Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x730000 |
| File size: | 65'440 bytes |
| MD5 hash: | 0D5DF43AF2916F47D00C1573797C1A13 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | high |
| Has exited: | true |
Execution Graph
| Execution Coverage: | 3.5% |
| Dynamic/Decrypted Code Coverage: | 0.5% |
| Signature Coverage: | 1.6% |
| Total number of Nodes: | 1520 |
| Total number of Limit Nodes: | 14 |
Graph
Function 00BB018D Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 282threadinjectionmemoryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003F560E Relevance: .0, Instructions: 22COMMONLIBRARYCODE
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 003EC35D Relevance: .0, Instructions: 12COMMONLIBRARYCODE
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 003EF1E8 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 003FC20E Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 42memorythreadCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 003F2C21 Relevance: 7.7, APIs: 5, Instructions: 202COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Control-flow Graph
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 003F4F3F Relevance: 3.2, APIs: 2, Instructions: 177COMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Control-flow Graph
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 003F4B43 Relevance: 1.6, APIs: 1, Instructions: 147COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Control-flow Graph
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 003F79AB Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 183COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 003F7047 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 251COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 003F77D6 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 003E4FA6 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 003F745A Relevance: 4.7, APIs: 3, Instructions: 205COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 003E4CCC Relevance: 1.6, APIs: 1, Instructions: 147COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 003F4493 Relevance: 1.6, APIs: 1, Instructions: 140COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 003F76AD Relevance: 1.6, APIs: 1, Instructions: 83COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 003F78DC Relevance: 1.5, APIs: 1, Instructions: 45COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 003E5102 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 003F7C0D Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 003F6AF8 Relevance: .3, Instructions: 327COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 003FC274 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 55libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 003E7E18 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 303COMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 003F187C Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 298COMMONLIBRARYCODE
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 003EC37F Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 003E8BF2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 003E8B52 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 67libraryloaderCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 003E25A5 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47COMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 003F4250 Relevance: 6.1, APIs: 4, Instructions: 82COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 003EB5A9 Relevance: 6.1, APIs: 4, Instructions: 79COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 003F51E6 Relevance: 6.1, APIs: 4, Instructions: 74COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 003F662E Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 113COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 003E81BD Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 003E4956 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59COMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 003E5365 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Execution Graph
| Execution Coverage: | 6.5% |
| Dynamic/Decrypted Code Coverage: | 100% |
| Signature Coverage: | 0% |
| Total number of Nodes: | 52 |
| Total number of Limit Nodes: | 9 |
Graph
Function 06453F50 Relevance: 1.8, Strings: 1, Instructions: 522COMMON
Download Yara Rule
Control-flow Graph
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 064567D8 Relevance: .4, Instructions: 413COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0645A3D8 Relevance: .3, Instructions: 293COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06430D80 Relevance: 20.6, Strings: 16, Instructions: 628COMMON
Download Yara Rule
Control-flow Graph
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06431582 Relevance: 7.8, Strings: 6, Instructions: 336COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E3D0A8 Relevance: 6.1, APIs: 4, Instructions: 133threadCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E3D0B8 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06430598 Relevance: 1.7, Strings: 1, Instructions: 462COMMON
Download Yara Rule
Control-flow Graph
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E3AE30 Relevance: 1.7, APIs: 1, Instructions: 197COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E34248 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E35935 Relevance: 1.6, APIs: 1, Instructions: 95COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E3D2F9 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E3D300 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E3A870 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E3B2A0 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E3B020 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06431BA0 Relevance: 1.4, Instructions: 1445COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06453DE0 Relevance: 1.4, Strings: 1, Instructions: 107COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 064584D8 Relevance: 1.3, Strings: 1, Instructions: 98COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 064584C8 Relevance: 1.3, Strings: 1, Instructions: 90COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0645B358 Relevance: 1.3, Strings: 1, Instructions: 43COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06453EC8 Relevance: 1.3, Strings: 1, Instructions: 36COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0645B368 Relevance: 1.3, Strings: 1, Instructions: 32COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 064300D8 Relevance: .7, Instructions: 676COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 064349F1 Relevance: .6, Instructions: 591COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06433B22 Relevance: .4, Instructions: 410COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06430688 Relevance: .4, Instructions: 389COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06430700 Relevance: .4, Instructions: 354COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 064300B9 Relevance: .3, Instructions: 340COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06430610 Relevance: .3, Instructions: 315COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06430666 Relevance: .3, Instructions: 306COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06454AFF Relevance: .3, Instructions: 294COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06457D58 Relevance: .1, Instructions: 147COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 064334D8 Relevance: .1, Instructions: 143COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06457D4C Relevance: .1, Instructions: 128COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 064559C8 Relevance: .1, Instructions: 118COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 064334B9 Relevance: .1, Instructions: 110COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06455579 Relevance: .1, Instructions: 101COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06455588 Relevance: .1, Instructions: 96COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 064587A0 Relevance: .1, Instructions: 93COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06458796 Relevance: .1, Instructions: 78COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 064330FB Relevance: .1, Instructions: 78COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06458A98 Relevance: .1, Instructions: 77COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D4D3D8 Relevance: .1, Instructions: 75COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D4D4C4 Relevance: .1, Instructions: 75COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D5D01C Relevance: .1, Instructions: 72COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06458A8C Relevance: .1, Instructions: 63COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D5D005 Relevance: .1, Instructions: 62COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0645BC5F Relevance: .1, Instructions: 60COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D4D3D3 Relevance: .1, Instructions: 56COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D4D4BF Relevance: .1, Instructions: 56COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0645C499 Relevance: .0, Instructions: 50COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06458350 Relevance: .0, Instructions: 50COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0645BC70 Relevance: .0, Instructions: 46COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0645E8B0 Relevance: .0, Instructions: 45COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D4DA4D Relevance: .0, Instructions: 45COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06456E90 Relevance: .0, Instructions: 44COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0645C4A8 Relevance: .0, Instructions: 42COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06455508 Relevance: .0, Instructions: 42COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0645C170 Relevance: .0, Instructions: 39COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06458F42 Relevance: .0, Instructions: 38COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06458F50 Relevance: .0, Instructions: 37COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0645ADE9 Relevance: .0, Instructions: 37COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0645ACB8 Relevance: .0, Instructions: 36COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D4DA4C Relevance: .0, Instructions: 36COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0645C110 Relevance: .0, Instructions: 35COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06456EA0 Relevance: .0, Instructions: 35COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 064567C8 Relevance: .0, Instructions: 34COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06458FC0 Relevance: .0, Instructions: 33COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06458341 Relevance: .0, Instructions: 32COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 064554F8 Relevance: .0, Instructions: 31COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0645ADF8 Relevance: .0, Instructions: 28COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0645C180 Relevance: .0, Instructions: 27COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0645CC38 Relevance: .0, Instructions: 27COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0645B500 Relevance: .0, Instructions: 26COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0645C120 Relevance: .0, Instructions: 25COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0645CE88 Relevance: .0, Instructions: 25COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06455698 Relevance: .0, Instructions: 23COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0645E8F8 Relevance: .0, Instructions: 23COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0645E1FF Relevance: .0, Instructions: 22COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0645E280 Relevance: .0, Instructions: 21COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0645AC80 Relevance: .0, Instructions: 20COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0645B510 Relevance: .0, Instructions: 19COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0645E210 Relevance: .0, Instructions: 16COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0645F8EA Relevance: .0, Instructions: 15COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06453721 Relevance: .0, Instructions: 9COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0645DFD1 Relevance: .0, Instructions: 9COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0645E2C7 Relevance: 46.6, Strings: 37, Instructions: 390COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0645E2D8 Relevance: 46.6, Strings: 37, Instructions: 383COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0645CC7F Relevance: 16.4, Strings: 13, Instructions: 152COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0645CC90 Relevance: 16.4, Strings: 13, Instructions: 143COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0645CED1 Relevance: 10.1, Strings: 8, Instructions: 106COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0645CEE0 Relevance: 10.1, Strings: 8, Instructions: 93COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0645C968 Relevance: 8.8, Strings: 7, Instructions: 89COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0645C978 Relevance: 8.8, Strings: 7, Instructions: 83COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0645D538 Relevance: 7.6, Strings: 6, Instructions: 84COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0645D548 Relevance: 7.6, Strings: 6, Instructions: 73COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0645ED10 Relevance: 5.2, Strings: 4, Instructions: 243COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|