Edit tour
Windows
Analysis Report
1692db4e522605d93551ddcabeffa92a2cd43e764a134833644808319784b955_dump.exe
Overview
General Information
| Sample name: | 1692db4e522605d93551ddcabeffa92a2cd43e764a134833644808319784b955_dump.exe |
| Analysis ID: | 1446228 |
| MD5: | 1fb1c8da0fabb641a76ac6759dd557dd |
| SHA1: | eac9ef0a2bb9058efcc01242184f7a10136a5036 |
| SHA256: | 2f05df98b8de8af85942d15c1c7d434ee62be3e3662c551a0e14d29c9531c1cc |
| Tags: | exe |
| Infos: |  |
 | |
Detection
RedLine
| Score: | 100 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Found malware configuration
Snort IDS alert for network traffic
Yara detected RedLine Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Installs new ROOT certificates
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains long sleeps (>= 3 min)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops certificate files (DER)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Classification
- System is w10x64
1692db4e522605d93551ddcabeffa92a2cd43e764a134833644808319784b955_dump.exe (PID: 6368 cmdline: "C:\Users\ user\Deskt op\1692db4 e522605d93 551ddcabef fa92a2cd43 e764a13483 3644808319 784b955_du mp.exe" MD5: 1FB1C8DA0FABB641A76AC6759DD557DD)
- cleanup
| Name | Description | Attribution | Blogpost URLs | Link |
|---|---|---|---|---|
| RedLine Stealer | RedLine Stealer is a malware available on underground forums for sale apparently as standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer. | No Attribution |
{"C2 url": ["5.42.65.115:40551"], "Bot Id": "LogsDiller Cloud (TG: @logsdillabot)", "Authorization Header": "3a050df92d0cf082b2cdaf87863616be"}| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security |
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_RedLine_1 | Yara detected RedLine Stealer | Joe Security | ||
| JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security |
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
| JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
| JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
| JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security |
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security |
⊘No Sigma rule has matched
| Timestamp: | 05/23/24-01:26:06.551496 |
| SID: | 2043231 |
| Source Port: | 49704 |
| Destination Port: | 40551 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 05/23/24-01:25:54.736899 |
| SID: | 2043234 |
| Source Port: | 40551 |
| Destination Port: | 49704 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 05/23/24-01:25:54.541221 |
| SID: | 2046045 |
| Source Port: | 49704 |
| Destination Port: | 40551 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 05/23/24-01:25:59.978697 |
| SID: | 2046056 |
| Source Port: | 40551 |
| Destination Port: | 49704 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | Malware Configuration Extractor: | ||
| Source: | Integrated Neural Analysis Model: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
Networking | |
|---|
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | URLs: | ||
| Source: | TCP traffic: | ||
| Source: | ASN Name: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | Code function: | 0_2_00F825D8 | |
| Source: | Code function: | 0_2_00F8DC74 | |
| Source: | Code function: | 0_2_061B67D8 | |
| Source: | Code function: | 0_2_061BA3E8 | |
| Source: | Code function: | 0_2_061B3F50 | |
| Source: | Code function: | 0_2_061BA3D8 | |
| Source: | Code function: | 0_2_061B6FF8 | |
| Source: | Code function: | 0_2_061B6FE8 | |
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Static PE information: | ||
| Source: | Classification label: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Mutant created: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | Static file information: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | LNK file: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 0_2_061BE070 | |
| Source: | Code function: | 0_2_061BED01 | |
Persistence and Installation Behavior | |
|---|
| Source: | Registry value created: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
Malware Analysis System Evasion | |
|---|
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | WMI Queries: | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Process information queried: | Jump to behavior | ||
| Source: | Process token adjusted: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
Stealing of Sensitive Information | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File source: | ||
| Source: | File source: | ||
Remote Access Functionality | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 221 Windows Management Instrumentation | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 Masquerading | 1 OS Credential Dumping | 221 Security Software Discovery | Remote Services | 1 Archive Collected Data | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Disable or Modify Tools | LSASS Memory | 1 Process Discovery | Remote Desktop Protocol | 2 Data from Local System | 1 Non-Standard Port | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 241 Virtualization/Sandbox Evasion | Security Account Manager | 241 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Obfuscated Files or Information | NTDS | 1 Application Window Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Install Root Certificate | LSA Secrets | 1 File and Directory Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
| Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 Timestomp | Cached Domain Credentials | 113 System Information Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
| DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 1 DLL Side-Loading | DCSync | Remote System Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe |
⊘No contacted domains info
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 5.42.65.115 | unknown | Russian Federation | 39493 | RU-KSTVKolomnaGroupofcompaniesGuarantee-tvRU | true |
| Joe Sandbox version: | 40.0.0 Tourmaline |
| Analysis ID: | 1446228 |
| Start date and time: | 2024-05-23 01:25:07 +02:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 5m 0s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 5 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | 1692db4e522605d93551ddcabeffa92a2cd43e764a134833644808319784b955_dump.exe |
| Detection: | MAL |
| Classification: | mal100.troj.spyw.evad.winEXE@1/5@0/1 |
| EGA Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Report size getting too big, too many NtAllocateVirtualMemory calls found.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
- VT rate limit hit for: 1692db4e522605d93551ddcabeffa92a2cd43e764a134833644808319784b955_dump.exe
| Time | Type | Description |
|---|---|---|
| 19:26:02 | API Interceptor |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 5.42.65.115 | Get hash | malicious | GCleaner | Browse |
| |
| Get hash | malicious | GCleaner, RedLine | Browse |
| ||
| Get hash | malicious | LummaC, GCleaner, LummaC Stealer | Browse |
| ||
| Get hash | malicious | GCleaner, RedLine | Browse |
|
⊘No context
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| RU-KSTVKolomnaGroupofcompaniesGuarantee-tvRU | Get hash | malicious | RedLine | Browse |
| |
| Get hash | malicious | RedLine | Browse |
| ||
| Get hash | malicious | SmokeLoader | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | RedLine | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | RisePro Stealer | Browse |
|
⊘No context
⊘No context
| Process: | C:\Users\user\Desktop\1692db4e522605d93551ddcabeffa92a2cd43e764a134833644808319784b955_dump.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2104 |
| Entropy (8bit): | 3.4510501830169997 |
| Encrypted: | false |
| SSDEEP: | 48:8SCLl2dfTXdARYrnvPdAKRkdAGdAKRFdAKRE:8SmlO7 |
| MD5: | 2B6BCB85EF126111594F90D34DBCA614 |
| SHA1: | 1CB14AB3B46898BC0E7F82D17752B723F2EACBE6 |
| SHA-256: | 8B6548718CAD5DFA8A0157597E0AEFB73B2FFE38C4EDBD31A3E9B1F2145581BD |
| SHA-512: | 7C2F18D22B18B553F100BB219C729640D0EBF07790ADD06F8B3D8002B412E9CD8F175505D265C604E9F57AE8F4DF77A9A0D8ACAA6F1B45341F63DB174335590B |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\1692db4e522605d93551ddcabeffa92a2cd43e764a134833644808319784b955_dump.exe.log
Download File
| Process: | C:\Users\user\Desktop\1692db4e522605d93551ddcabeffa92a2cd43e764a134833644808319784b955_dump.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 3274 |
| Entropy (8bit): | 5.3318368586986695 |
| Encrypted: | false |
| SSDEEP: | 96:Pq5qHwCYqh3oPtI6eqzxP0aymRLKTqdqlq7qqjqcEZ5D:Pq5qHwCYqh3qtI6eqzxP0at9KTqdqlqY |
| MD5: | 0B2E58EF6402AD69025B36C36D16B67F |
| SHA1: | 5ECC642327EF5E6A54B7918A4BD7B46A512BF926 |
| SHA-256: | 4B0FB8EECEAD6C835CED9E06F47D9021C2BCDB196F2D60A96FEE09391752C2D7 |
| SHA-512: | 1464106CEC5E264F8CEA7B7FF03C887DA5192A976FBC9369FC60A480A7B9DB0ED1956EFCE6FFAD2E40A790BD51FD27BB037256964BC7B4B2DA6D4D5C6B267FA1 |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
| Process: | C:\Users\user\Desktop\1692db4e522605d93551ddcabeffa92a2cd43e764a134833644808319784b955_dump.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2662 |
| Entropy (8bit): | 7.8230547059446645 |
| Encrypted: | false |
| SSDEEP: | 48:qJdHasMPAUha1DgSVVi59ca13MfyKjWwUmq9W2UgniDhiRhkjp9g:bhhEgSVVi59defyfW2sDgAj3g |
| MD5: | 1420D30F964EAC2C85B2CCFE968EEBCE |
| SHA1: | BDF9A6876578A3E38079C4F8CF5D6C79687AD750 |
| SHA-256: | F3327793E3FD1F3F9A93F58D033ED89CE832443E2695BECA9F2B04ADBA049ED9 |
| SHA-512: | 6FCB6CE148E1E246D6805502D4914595957061946751656567A5013D96033DD1769A22A87C45821E7542CDE533450E41182CEE898CD2CCF911C91BC4822371A8 |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
| Process: | C:\Users\user\Desktop\1692db4e522605d93551ddcabeffa92a2cd43e764a134833644808319784b955_dump.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2662 |
| Entropy (8bit): | 7.8230547059446645 |
| Encrypted: | false |
| SSDEEP: | 48:qJdHasMPAUha1DgSVVi59ca13MfyKjWwUmq9W2UgniDhiRhkjp9g:bhhEgSVVi59defyfW2sDgAj3g |
| MD5: | 1420D30F964EAC2C85B2CCFE968EEBCE |
| SHA1: | BDF9A6876578A3E38079C4F8CF5D6C79687AD750 |
| SHA-256: | F3327793E3FD1F3F9A93F58D033ED89CE832443E2695BECA9F2B04ADBA049ED9 |
| SHA-512: | 6FCB6CE148E1E246D6805502D4914595957061946751656567A5013D96033DD1769A22A87C45821E7542CDE533450E41182CEE898CD2CCF911C91BC4822371A8 |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1003\76b53b3ec448f7ccdda2063b15d2bfc3_9e146be9-c76a-4720-bcdb-53011b87bd06
Download File
| Process: | C:\Users\user\Desktop\1692db4e522605d93551ddcabeffa92a2cd43e764a134833644808319784b955_dump.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2251 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | 3:: |
| MD5: | 0158FE9CEAD91D1B027B795984737614 |
| SHA1: | B41A11F909A7BDF1115088790A5680AC4E23031B |
| SHA-256: | 513257326E783A862909A2A0F0941D6FF899C403E104FBD1DBC10443C41D9F9A |
| SHA-512: | C48A55CC7A92CEFCEFE5FB2382CCD8EF651FC8E0885E88A256CD2F5D83B824B7D910F755180B29ECCB54D9361D6AF82F9CC741BD7E6752122949B657DA973676 |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
| File type: | |
| Entropy (8bit): | 5.082669296180613 |
| TrID: |
|
| File name: | 1692db4e522605d93551ddcabeffa92a2cd43e764a134833644808319784b955_dump.exe |
| File size: | 311'296 bytes |
| MD5: | 1fb1c8da0fabb641a76ac6759dd557dd |
| SHA1: | eac9ef0a2bb9058efcc01242184f7a10136a5036 |
| SHA256: | 2f05df98b8de8af85942d15c1c7d434ee62be3e3662c551a0e14d29c9531c1cc |
| SHA512: | 44623c837f1537783e44703637407b3330db2201800f0ab5d2552f3b67368b320734e1fa12143c1ed9df75518c641817039bec7ec74c2c18d4efe22dd83739cd |
| SSDEEP: | 3072:1q6EgY6iHrUj1DeewPMAVTmz+qGwRTAAtpSKGscZqf7D341eqiOLibBOp:8qY6iwwPv9priTA8pIscZqf7DIfL |
| TLSH: | 45646D1867EC8911E27F4B399471E2749375EC16A552E30F4ED06CEB3E32741FA21AB2 |
| File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...q.!...............0.................. ... ....@.. ....................... ............@................................ |
 | |
| Icon Hash: | 4d8ea38d85a38e6d |
| Entrypoint: | 0x42ba12 |
| Entrypoint Section: | .text |
| Digitally signed: | false |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
| DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
| Time Stamp: | 0xF821E471 [Fri Dec 2 12:45:37 2101 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 4 |
| OS Version Minor: | 0 |
| File Version Major: | 4 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 4 |
| Subsystem Version Minor: | 0 |
| Import Hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
| Instruction |
|---|
| jmp dword ptr [00402000h] |
| popad |
| add byte ptr [ebp+00h], dh |
| je 00007FF6414CEF32h |
| outsd |
| add byte ptr [esi+00h], ah |
| imul eax, dword ptr [eax], 006C006Ch |
| xor eax, 59007400h |
| add byte ptr [edi+00h], dl |
| push edx |
| add byte ptr [ecx+00h], dh |
| popad |
| add byte ptr [edi+00h], dl |
| push esi |
| add byte ptr [edi+00h], ch |
| popad |
| add byte ptr [ebp+00h], ch |
| push 61006800h |
| add byte ptr [ebp+00h], ch |
| dec edx |
| add byte ptr [eax], bh |
| add byte ptr [edi+00h], dl |
| push edi |
| add byte ptr [ecx], bh |
| add byte ptr [ecx+00h], bh |
| bound eax, dword ptr [eax] |
| xor al, byte ptr [eax] |
| insb |
| add byte ptr [eax+00h], bl |
| pop ecx |
| add byte ptr [edi+00h], dl |
| js 00007FF6414CEF32h |
| jnc 00007FF6414CEF32h |
| pop edx |
| add byte ptr [eax+00h], bl |
| push ecx |
| add byte ptr [ebx+00h], cl |
| popad |
| add byte ptr [edi+00h], dl |
| dec edx |
| add byte ptr [ebp+00h], dh |
| pop edx |
| add byte ptr [edi+00h], dl |
| jo 00007FF6414CEF32h |
| imul eax, dword ptr [eax], 5Ah |
| add byte ptr [ebp+00h], ch |
| jo 00007FF6414CEF32h |
| je 00007FF6414CEF32h |
| bound eax, dword ptr [eax] |
| push edi |
| add byte ptr [eax+eax+77h], dh |
| add byte ptr [ecx+00h], bl |
| xor al, byte ptr [eax] |
| xor eax, 63007300h |
| add byte ptr [edi+00h], al |
| push esi |
| add byte ptr [ecx+00h], ch |
| popad |
| add byte ptr [edx], dh |
| add byte ptr [eax+00h], bh |
| je 00007FF6414CEF32h |
| bound eax, dword ptr [eax] |
| insd |
| add byte ptr [eax+eax+76h], dh |
| add byte ptr [edx+00h], bl |
| push edi |
| add byte ptr [ecx], bh |
| add byte ptr [eax+00h], dh |
| popad |
| add byte ptr [edi+00h], al |
| cmp dword ptr [eax], eax |
| insd |
| add byte ptr [edx+00h], bl |
| push edi |
| add byte ptr [esi+00h], cl |
| cmp byte ptr [eax], al |
| push esi |
| add byte ptr [eax+00h], cl |
| dec edx |
| add byte ptr [esi+00h], dh |
| bound eax, dword ptr [eax] |
| insd |
| add byte ptr [eax+00h], bh |
| jo 00007FF6414CEF32h |
| bound eax, dword ptr [eax] |
| insd |
| add byte ptr [ebx+00h], dh |
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0x2b9c0 | 0x4f | .text |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x32000 | 0x1c9c4 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x50000 | 0xc | .reloc |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x2b9a4 | 0x1c | .text |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x2000 | 0x8 | .text |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x2008 | 0x48 | .text |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|---|
| .text | 0x2000 | 0x2e9f8 | 0x2ec00 | cb1d7e717f9d504234ecd59dbd039d9a | False | 0.4699354528743315 | data | 6.205942019428129 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .rsrc | 0x32000 | 0x1c9c4 | 0x1cc00 | 5c2a18af3bb2f0833cb4c554a40e7d18 | False | 0.23721127717391305 | data | 2.6057163374034773 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .reloc | 0x50000 | 0xc | 0x400 | 0d4caa3e42efbd58c8173a63647ce47a | False | 0.025390625 | data | 0.05585530805374581 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
|---|---|---|---|---|---|---|
| RT_ICON | 0x321a0 | 0x3d04 | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | 0.9934058898847631 | ||
| RT_ICON | 0x35eb4 | 0x10828 | Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 2835 x 2835 px/m | 0.09013072282030049 | ||
| RT_ICON | 0x466ec | 0x4228 | Device independent bitmap graphic, 64 x 128 x 32, image size 16384, resolution 2835 x 2835 px/m | 0.13905290505432216 | ||
| RT_ICON | 0x4a924 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 2835 x 2835 px/m | 0.17033195020746889 | ||
| RT_ICON | 0x4cedc | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 2835 x 2835 px/m | 0.2045028142589118 | ||
| RT_ICON | 0x4df94 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 2835 x 2835 px/m | 0.24645390070921985 | ||
| RT_GROUP_ICON | 0x4e40c | 0x5a | data | 0.7666666666666667 | ||
| RT_VERSION | 0x4e478 | 0x34a | data | 0.44655581947743467 | ||
| RT_MANIFEST | 0x4e7d4 | 0x1ea | XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators | 0.5489795918367347 |
| DLL | Import |
|---|---|
| mscoree.dll | _CorExeMain |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|---|---|---|
| 05/23/24-01:26:06.551496 | TCP | 2043231 | ET TROJAN Redline Stealer TCP CnC Activity | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| 05/23/24-01:25:54.736899 | TCP | 2043234 | ET MALWARE Redline Stealer TCP CnC - Id1Response | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| 05/23/24-01:25:54.541221 | TCP | 2046045 | ET TROJAN [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| 05/23/24-01:25:59.978697 | TCP | 2046056 | ET TROJAN Redline Stealer/MetaStealer Family Activity (Response) | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| May 23, 2024 01:25:53.839518070 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:25:53.844722033 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:25:53.844815016 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:25:53.852116108 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:25:53.901091099 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:25:54.503212929 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:25:54.541220903 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:25:54.550211906 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:25:54.736898899 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:25:54.778626919 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:25:59.782186985 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:25:59.788669109 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:25:59.978697062 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:25:59.980798960 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:25:59.981067896 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:25:59.985563993 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:25:59.990345955 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:25:59.990355968 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:25:59.990546942 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:25:59.995492935 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:25:59.995695114 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:00.033468008 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:00.033688068 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:00.109231949 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:00.114202976 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:00.300595045 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:00.310117006 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:00.315037966 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:00.500782013 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:00.506823063 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:00.511953115 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:00.700232983 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:00.701672077 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:00.709903955 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:00.905726910 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:00.950309038 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:01.141050100 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:01.146605015 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:01.338213921 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:01.349251032 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:01.354684114 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:01.545243025 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:01.547732115 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:01.603475094 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:01.931154013 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:01.981683016 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:01.992396116 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:01.992486000 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:02.003787994 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:02.009432077 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:02.009628057 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:02.014103889 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:02.014152050 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:02.014180899 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:02.014209986 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:02.014236927 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:02.014265060 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:02.014292955 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:02.014321089 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:02.014349937 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:02.014377117 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:02.019064903 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:02.068111897 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:02.296174049 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:02.298316956 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:02.303670883 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:02.491446972 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:02.496192932 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:02.503324032 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:02.691325903 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:02.715863943 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:02.721098900 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:02.906939030 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:02.950316906 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:02.966197968 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:03.002996922 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:03.219295979 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:03.262916088 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:04.081746101 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:04.093198061 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:04.280281067 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:04.284749985 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:04.296641111 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:04.296649933 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:04.296657085 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:04.296664000 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:04.296672106 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:04.296678066 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:04.296684980 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:04.296693087 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:04.495383978 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:04.499396086 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:04.547338963 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:04.690326929 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:04.694370031 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:04.699479103 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:04.976447105 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.028502941 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.055742025 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.060992956 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.061070919 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.065777063 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.065807104 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.065839052 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.065861940 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.065881014 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.065908909 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.065931082 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.065960884 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.065978050 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.066005945 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.066026926 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.066055059 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.066082001 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.066111088 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.066152096 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.066167116 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.066200018 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.066225052 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.066251993 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.066293955 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.066293955 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.070564032 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.070596933 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.070620060 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.070647955 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.070667982 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.070698023 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.070714951 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.070741892 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.070771933 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.070795059 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.070827007 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.070852995 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.070878029 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.070908070 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.070935965 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.070962906 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.070986032 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.071012020 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.071042061 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.071069956 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.071094036 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.071120024 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.071152925 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.071182013 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.071209908 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.071286917 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.071865082 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.071893930 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.071934938 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.071964025 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.071991920 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.072011948 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.072042942 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.072063923 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.072094917 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.072118998 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.072145939 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.072170973 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.072197914 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.072217941 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.072243929 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.072266102 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.072293043 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.072316885 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.072338104 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.072360992 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.072386980 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.072408915 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.072432041 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.072455883 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.072484016 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.072504997 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.072536945 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.072561979 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.072588921 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.072608948 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.072633028 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.072654963 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.072681904 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.072704077 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.072726965 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.072751999 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.072778940 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.072798967 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.072824001 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.072845936 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.072896957 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.075964928 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.076046944 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.077204943 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.077231884 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.077254057 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.077280045 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.077300072 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.077327967 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.077347994 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.077379942 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.077400923 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.077429056 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.077449083 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.077471972 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.077495098 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.077522039 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.077545881 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.077574015 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.077596903 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.077625990 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.077647924 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.077672958 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.077694893 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.077722073 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.077744007 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.077774048 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.077790976 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.077820063 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.077841997 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.077867985 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.077893972 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.077922106 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.077944040 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.077970982 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.077996969 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.078022957 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.078063011 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.078092098 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.078119040 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.078140020 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.078162909 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.078185081 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.078227997 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.078794956 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.078826904 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.078849077 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.078885078 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.078907013 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.078934908 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.078955889 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.078977108 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.079001904 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.079029083 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.079051018 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.079073906 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.079097033 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.079123974 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.079144001 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.079170942 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.079195023 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.079221964 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.079242945 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.079265118 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.079288006 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.079314947 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.079338074 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.079365969 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.079391003 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.079417944 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.079457045 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.079472065 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.079500914 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.079525948 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.079555035 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.079575062 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.079598904 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.079621077 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.079647064 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.079674959 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.079693079 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.079719067 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.079745054 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.079766989 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.079792023 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.079818964 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.079869986 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.080709934 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.080741882 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.080764055 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.080787897 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.083959103 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.083986998 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.084007978 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.084033966 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.084064960 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.084088087 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.084108114 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.084135056 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.084163904 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.084184885 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.084204912 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.084232092 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.084252119 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.084280968 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.084302902 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.084330082 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.084352970 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.084378004 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.084407091 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.084428072 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.084451914 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.084479094 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.084501982 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.084532022 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.084553957 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.084580898 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.084603071 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.084625006 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.084647894 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.084675074 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.084698915 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.084718943 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.084743977 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.084772110 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.084793091 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.084815979 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.084840059 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.084867954 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.084889889 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.084913015 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.084938049 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.085000992 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.085303068 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.085335016 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.085361004 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.085386992 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.085406065 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.085432053 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.085457087 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.085474968 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.085500002 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.085527897 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.085549116 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.085570097 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.085594893 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.085621119 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.085642099 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.085661888 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.085686922 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.085714102 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.085738897 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.085758924 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.085800886 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.085829020 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.085851908 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.085874081 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.085897923 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.085925102 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.085944891 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.085974932 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.085994005 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.086020947 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.086040974 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.086071014 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.086087942 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.086113930 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.086137056 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.086164951 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.086182117 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.086208105 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.086232901 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.086251020 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.086276054 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.086302996 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.086327076 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.086349964 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.086379051 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.086410046 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.086431026 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.086458921 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.086477995 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.086512089 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.086533070 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.086558104 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.086580992 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.086623907 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.090219975 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.090250969 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.090275049 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.090298891 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.090322018 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.090348959 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.090373039 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.090393066 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.090418100 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.090444088 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.090471029 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.090523958 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.090558052 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.090610027 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.091847897 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.091876030 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.091900110 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.091931105 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.091959000 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.091985941 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.092012882 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.092045069 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.092073917 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.092099905 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.092127085 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.092154026 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.092195988 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.092220068 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.092255116 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.092282057 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.092304945 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.092328072 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.092350960 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.092376947 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.092396021 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.092413902 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.092439890 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.092466116 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.092488050 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.092520952 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.092547894 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.092575073 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.092596054 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.092621088 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.092645884 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.092672110 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.092691898 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.092741013 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.092776060 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.092796087 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.092813015 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.092839956 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.092859030 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.092881918 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.092905998 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.092931986 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.092955112 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.092974901 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.093000889 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.093027115 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.093049049 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.093071938 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.093101025 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.093127012 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.093147993 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.093173981 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.093194008 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.093219995 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.093242884 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.093266964 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.093291998 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.093318939 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.093338966 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.093367100 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.093384981 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.093410969 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.093430042 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.093455076 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.093476057 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.093502045 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.093525887 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.093544960 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.093569994 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.093596935 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.093621969 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.093643904 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.093667984 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.093694925 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.093714952 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.093733072 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.093758106 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.093810081 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.095885992 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.095920086 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.095942020 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.095967054 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.095988035 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.096014977 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.096036911 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.096057892 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.096081972 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.096110106 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.096136093 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.096158028 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.100675106 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.100703001 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.100739002 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.100761890 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.100761890 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.100807905 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.100833893 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.100861073 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.100887060 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.100913048 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.100939989 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.100965977 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.100992918 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.101021051 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.101048946 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.101077080 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.101118088 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.101140976 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.101174116 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.101174116 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.101217985 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.101243973 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.101264000 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.101290941 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.101310015 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.101336956 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.101356983 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.101381063 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.101402998 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.101449966 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.101586103 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.101613045 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.101632118 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.101655006 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.101679087 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.101705074 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.101725101 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.101747990 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.101772070 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.101799011 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.101819992 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.101846933 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.101866007 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.101892948 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.101927042 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.101927042 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.101969957 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.101996899 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.102015972 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.102039099 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.102063894 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.102092981 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.102121115 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.102142096 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.102166891 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.102194071 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.102215052 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.102236032 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.102261066 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.102288008 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.102308035 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.102329969 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.102360964 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.102391958 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.102411985 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.102433920 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.102458954 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.102504969 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.102529049 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.102555990 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.102577925 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.102601051 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.105469942 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.105504990 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.105526924 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.105551004 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.105576038 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.105602026 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.105623007 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.105650902 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.105669975 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.105696917 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.105720043 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.105746031 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.105772972 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.105799913 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.105820894 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.105839968 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.105865002 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.105891943 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.105911016 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.105937958 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.105957985 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.105983019 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.106004953 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.106035948 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.106062889 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.106090069 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.106117964 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.106143951 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.106173038 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.106199980 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.106225967 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.108366966 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.108396053 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.108423948 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.108449936 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.108478069 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.108505011 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.108531952 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.108572960 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.108614922 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.108653069 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.108690023 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.108716965 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.108737946 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.108762026 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.108784914 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.108812094 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.108830929 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.108854055 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.108876944 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.108903885 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.108925104 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.108947992 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.108971119 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.108999014 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.109019995 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.109045982 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.109071970 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.109102011 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.109119892 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.109144926 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.109164953 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.109193087 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.109213114 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.109236956 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.109261036 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.109302998 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.109329939 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.109360933 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.109374046 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.109401941 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.109420061 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.109447956 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.109467983 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.109488964 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.109514952 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.109540939 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.109561920 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.109582901 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.109606981 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.109632969 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.109673023 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.109673023 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.109709978 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.109736919 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.109760046 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.109792948 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.109817982 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.109844923 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.109867096 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.109894037 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.109920979 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.109947920 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.109968901 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.109991074 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.110017061 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.110045910 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.110064983 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.110088110 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.110110998 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.110137939 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.110161066 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.110182047 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.110207081 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.110233068 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.110256910 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.110285997 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.110312939 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.111974955 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.116039991 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.116070032 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.116096973 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.116123915 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.116149902 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.116175890 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.116203070 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.116230011 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.116256952 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.116282940 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.116309881 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.116336107 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.116363049 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.116389990 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.116416931 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.116444111 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.116471052 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.116516113 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.116564989 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.116600037 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.116628885 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.116648912 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.116677046 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.116694927 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.116720915 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.116741896 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.116772890 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.116816998 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.116858959 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.116873026 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.116900921 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.116920948 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.116947889 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.116969109 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.116990089 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.117014885 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.117042065 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.117068052 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.117094994 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.117119074 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.117146015 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.117172003 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.117192030 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.117217064 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.117244005 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.117265940 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.117284060 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.117307901 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.117335081 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.117355108 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.117377043 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.117400885 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.117428064 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.117446899 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.117470026 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.117494106 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.117522001 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.117539883 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.117568016 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.117593050 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.117620945 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.117640018 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.117664099 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.117687941 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.117716074 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.117737055 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.117763042 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.117786884 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.117814064 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.117835045 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.117854118 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.117878914 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.117906094 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.117928028 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.117954016 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.117980003 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.118011951 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.122883081 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.122912884 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.122941017 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.122967005 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.122993946 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.123020887 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.123049974 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.123076916 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.123104095 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.123131037 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.123157978 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.123184919 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.123213053 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.123239040 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.123265982 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.123294115 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.123321056 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.123347998 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.123557091 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.123586893 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.123614073 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.123641014 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.123670101 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.123737097 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.123789072 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.123825073 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.123852015 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.123876095 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.123893976 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.123918056 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.123944044 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.123963118 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.123986959 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.124007940 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.124034882 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.124057055 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.124084949 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.124102116 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.124128103 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.124147892 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.124171019 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.124196053 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.124222994 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.124243021 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.124272108 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.124290943 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.124317884 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.124351025 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.124382973 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.124404907 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.124433041 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.124453068 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.124485970 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.124505997 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.124533892 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.124553919 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.124581099 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.127625942 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.127657890 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.127677917 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.127707005 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.127724886 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.127752066 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.127772093 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.127800941 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.168240070 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.168329000 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.168495893 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.168598890 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.216346025 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.216609001 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:05.221713066 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.267376900 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.267417908 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.267446041 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.267476082 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.267503977 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.267530918 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.267558098 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.891268015 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:05.934684038 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:06.168905973 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:06.174000978 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:06.359443903 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:06.360224009 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:06.365344048 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:06.550805092 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:06.551496029 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
| May 23, 2024 01:26:06.556529045 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:06.746830940 CEST | 40551 | 49704 | 5.42.65.115 | 192.168.2.5 |
| May 23, 2024 01:26:06.781287909 CEST | 49704 | 40551 | 192.168.2.5 | 5.42.65.115 |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
| Target ID: | 0 |
| Start time: | 19:25:51 |
| Start date: | 22/05/2024 |
| Path: | C:\Users\user\Desktop\1692db4e522605d93551ddcabeffa92a2cd43e764a134833644808319784b955_dump.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x6b0000 |
| File size: | 311'296 bytes |
| MD5 hash: | 1FB1C8DA0FABB641A76AC6759DD557DD |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
| Has exited: | true |
Execution Graph
| Execution Coverage: | 7.2% |
| Dynamic/Decrypted Code Coverage: | 100% |
| Signature Coverage: | 0% |
| Total number of Nodes: | 96 |
| Total number of Limit Nodes: | 8 |
Graph
Function 061B3F50 Relevance: 1.8, Strings: 1, Instructions: 520COMMON
Download Yara Rule
Control-flow Graph
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 061B67D8 Relevance: .4, Instructions: 411COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 061BA3D8 Relevance: .3, Instructions: 295COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 061BA3E8 Relevance: .3, Instructions: 289COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 061A0D80 Relevance: 20.6, Strings: 16, Instructions: 625COMMON
Download Yara Rule
Control-flow Graph
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 061A1582 Relevance: 7.8, Strings: 6, Instructions: 338COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00F8AE30 Relevance: 1.7, APIs: 1, Instructions: 198COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00F85935 Relevance: 1.6, APIs: 1, Instructions: 99COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00F84248 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00F8C9A0 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00F8D2F9 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00F8A870 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00F8B2A0 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00F8B020 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 061B59D8 Relevance: 1.5, Strings: 1, Instructions: 291COMMON
Download Yara Rule
Control-flow Graph
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 061A1BA0 Relevance: 1.5, Instructions: 1456COMMON
Download Yara Rule
Control-flow Graph
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 061B3DE0 Relevance: 1.4, Strings: 1, Instructions: 107COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 061B84D8 Relevance: 1.3, Strings: 1, Instructions: 98COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 061B84C8 Relevance: 1.3, Strings: 1, Instructions: 92COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 061BB358 Relevance: 1.3, Strings: 1, Instructions: 39COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 061B3EC8 Relevance: 1.3, Strings: 1, Instructions: 36COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 061BB368 Relevance: 1.3, Strings: 1, Instructions: 32COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 061A3838 Relevance: 1.0, Instructions: 1033COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 061A00D8 Relevance: .7, Instructions: 676COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 061B48B8 Relevance: .6, Instructions: 591COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 061A0598 Relevance: .5, Instructions: 462COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 061A0610 Relevance: .5, Instructions: 453COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 061A0688 Relevance: .4, Instructions: 389COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 061A0700 Relevance: .4, Instructions: 365COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 061A00B7 Relevance: .3, Instructions: 341COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 061B48A8 Relevance: .3, Instructions: 277COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 061B3F3F Relevance: .2, Instructions: 180COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 061B7D58 Relevance: .1, Instructions: 147COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 061A34D8 Relevance: .1, Instructions: 143COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 061A3688 Relevance: .1, Instructions: 143COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 061A3328 Relevance: .1, Instructions: 143COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 061B7D4C Relevance: .1, Instructions: 130COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 061B59C8 Relevance: .1, Instructions: 117COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 061B5579 Relevance: .1, Instructions: 101COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 061A3817 Relevance: .1, Instructions: 98COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 061B5588 Relevance: .1, Instructions: 96COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 061B87A0 Relevance: .1, Instructions: 93COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 061B8796 Relevance: .1, Instructions: 80COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 061B8A98 Relevance: .1, Instructions: 77COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CED1FC Relevance: .1, Instructions: 76COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CED4C4 Relevance: .1, Instructions: 75COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CFD01C Relevance: .1, Instructions: 72COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 061B8A8C Relevance: .1, Instructions: 63COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CFD005 Relevance: .1, Instructions: 62COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CED1F7 Relevance: .1, Instructions: 57COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CED4BF Relevance: .1, Instructions: 56COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 061BBC5F Relevance: .1, Instructions: 55COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 061B8350 Relevance: .0, Instructions: 50COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 061BBC70 Relevance: .0, Instructions: 46COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CEDB09 Relevance: .0, Instructions: 45COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 061B5508 Relevance: .0, Instructions: 42COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 061B6E90 Relevance: .0, Instructions: 42COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 061BE8B0 Relevance: .0, Instructions: 42COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 061B8F42 Relevance: .0, Instructions: 38COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 061B8F50 Relevance: .0, Instructions: 37COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00CEDB08 Relevance: .0, Instructions: 36COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 061BC170 Relevance: .0, Instructions: 35COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 061B6EA0 Relevance: .0, Instructions: 35COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 061BACB8 Relevance: .0, Instructions: 35COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 061BADE9 Relevance: .0, Instructions: 35COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 061B67C8 Relevance: .0, Instructions: 34COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 061B8FC0 Relevance: .0, Instructions: 33COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 061B8341 Relevance: .0, Instructions: 32COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 061BC110 Relevance: .0, Instructions: 32COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 061B54F8 Relevance: .0, Instructions: 31COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 061BAC60 Relevance: .0, Instructions: 30COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 061BADF8 Relevance: .0, Instructions: 28COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 061BC180 Relevance: .0, Instructions: 27COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 061BB500 Relevance: .0, Instructions: 26COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 061BC120 Relevance: .0, Instructions: 25COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 061B5698 Relevance: .0, Instructions: 23COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 061BCE88 Relevance: .0, Instructions: 23COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 061BE280 Relevance: .0, Instructions: 22COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 061BE1FF Relevance: .0, Instructions: 22COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 061BCC38 Relevance: .0, Instructions: 21COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 061BAC80 Relevance: .0, Instructions: 20COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 061BB510 Relevance: .0, Instructions: 19COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 061BF8E2 Relevance: .0, Instructions: 17COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 061BE210 Relevance: .0, Instructions: 16COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 061BE8F8 Relevance: .0, Instructions: 15COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 061BDFD1 Relevance: .0, Instructions: 9COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 061B3721 Relevance: .0, Instructions: 8COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 061B6FE8 Relevance: .8, Instructions: 784COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 061B6FF8 Relevance: .8, Instructions: 780COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00F8DC74 Relevance: .3, Instructions: 264COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00F825D8 Relevance: .1, Instructions: 72COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 061BED10 Relevance: 7.9, Strings: 6, Instructions: 379COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|