Edit tour
Windows
Analysis Report
NI0Y4iB1ON.exe
Overview
General Information
| Sample name: | NI0Y4iB1ON.exerenamed because original name is a hash value |
| Original sample name: | 375e9acde29beee941aa2706285f34b1.exe |
| Analysis ID: | 1465053 |
| MD5: | 375e9acde29beee941aa2706285f34b1 |
| SHA1: | e4beb794991712982a6ef02fb41b59b7eb82b202 |
| SHA256: | b2a4a9e9cd0fbce0d8bb0e6d7bd34aacca346ad20e0835064366a557bba2e20b |
| Tags: | exeRedLineStealer |
| Infos: |   |
 | |
Detection
RedLine
| Score: | 100 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Detected unpacking (creates a PE file in dynamic memory)
Found malware configuration
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected RedLine Stealer
AI detected suspicious sample
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Drops PE files to the document folder of the user
Drops large PE files
Injects a PE file into a foreign processes
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Writes to foreign memory regions
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Compiles C# or VB.Net code
Contains long sleeps (>= 3 min)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Internet Provider seen in connection with other malware
Launches processes in debugging mode, may be used to hinder debugging
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Classification
- System is w10x64
NI0Y4iB1ON.exe (PID: 6600 cmdline: "C:\Users\ user\Deskt op\NI0Y4iB 1ON.exe" MD5: 375E9ACDE29BEEE941AA2706285F34B1) 
csc.exe (PID: 1196 cmdline: "C:\Window s\Microsof t.NET\Fram ework\v4.0 .30319\csc .exe" MD5: EB80BB1CA9B9C7F516FF69AFCFD75B7D)
- cleanup
| Name | Description | Attribution | Blogpost URLs | Link |
|---|---|---|---|---|
| RedLine Stealer | RedLine Stealer is a malware available on underground forums for sale apparently as standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer. | No Attribution |
{"C2 url": "5.161.190.139:8732", "Authorization Header": "249e1ece2f90b39d9c5563282076f21f"}| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security |
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
| JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
| JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
| JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
| JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
| Click to see the 2 entries | ||||
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
| JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
| JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
| JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
| JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security |
System Summary |   |
|---|
| Source: | Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): | ||
| Timestamp: | 07/01/24-08:47:32.504841 |
| SID: | 2046045 |
| Source Port: | 49737 |
| Destination Port: | 8732 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 07/01/24-08:47:39.139186 |
| SID: | 2046056 |
| Source Port: | 8732 |
| Destination Port: | 49737 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 07/01/24-08:47:46.398128 |
| SID: | 2043231 |
| Source Port: | 49737 |
| Destination Port: | 8732 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 07/01/24-08:47:32.607724 |
| SID: | 2043234 |
| Source Port: | 8732 |
| Destination Port: | 49737 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
Click to jump to signature section
Show All Signature Results
AV Detection | |
|---|
| Source: | Avira: | ||
| Source: | Avira: | ||
| Source: | Malware Configuration Extractor: | ||
| Source: | ReversingLabs: | |||
| Source: | Virustotal: | Perma Link | ||
| Source: | Integrated Neural Analysis Model: | ||
Compliance | |
|---|
| Source: | Unpacked PE file: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Binary string: | ||
Networking | |
|---|
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | URLs: | ||
| Source: | TCP traffic: | ||
| Source: | ASN Name: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
System Summary | |
|---|
| Source: | File dump: | Jump to dropped file | ||
| Source: | Code function: | 2_2_057ADC74 | |
| Source: | Code function: | 2_2_098F6948 | |
| Source: | Code function: | 2_2_098F8D28 | |
| Source: | Code function: | 2_2_098F8D18 | |
| Source: | Code function: | 2_2_098F001B | |
| Source: | Code function: | 2_2_098F0040 | |
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Static PE information: | ||
| Source: | Classification label: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Mutant created: | ||
| Source: | Static PE information: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | ReversingLabs: | ||
| Source: | Virustotal: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | Static file information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Binary string: | ||
Data Obfuscation | |
|---|
| Source: | Unpacked PE file: | ||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 2_2_098FD921 | |
Persistence and Installation Behavior | |
|---|
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | Registry value created or modified: | Jump to behavior | ||
| Source: | Registry value created or modified: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
Malware Analysis System Evasion | |
|---|
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | WMI Queries: | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Process information queried: | Jump to behavior | ||
| Source: | Process token adjusted: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
HIPS / PFW / Operating System Protection Evasion | |
|---|
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
Stealing of Sensitive Information | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File source: | ||
| Source: | File source: | ||
Remote Access Functionality | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 221 Windows Management Instrumentation | 1 Registry Run Keys / Startup Folder | 31 Process Injection | 1 Masquerading | 1 OS Credential Dumping | 231 Security Software Discovery | Remote Services | 1 Archive Collected Data | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | 1 DLL Side-Loading | 1 Registry Run Keys / Startup Folder | 11 Disable or Modify Tools | LSASS Memory | 1 Process Discovery | Remote Desktop Protocol | 2 Data from Local System | 1 Non-Standard Port | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 1 DLL Side-Loading | 241 Virtualization/Sandbox Evasion | Security Account Manager | 241 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 31 Process Injection | NTDS | 1 Application Window Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Obfuscated Files or Information | LSA Secrets | 113 System Information Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
| Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 Software Packing | Cached Domain Credentials | Wi-Fi Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
| DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 1 DLL Side-Loading | DCSync | Remote System Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 39% | ReversingLabs | Win32.Spyware.RedLine | ||
| 47% | Virustotal | Browse | ||
| 100% | Avira | TR/Dropper.Gen2 |
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 100% | Avira | TR/Dropper.Gen2 |
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Virustotal | Browse | ||
| 0% | Virustotal | Browse | ||
| 2% | Virustotal | Browse | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Virustotal | Browse | ||
| 1% | Virustotal | Browse | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Virustotal | Browse | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Virustotal | Browse | ||
| 2% | Virustotal | Browse | ||
| 2% | Virustotal | Browse | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Virustotal | Browse | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 4% | Virustotal | Browse | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Virustotal | Browse | ||
| 0% | Virustotal | Browse | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Virustotal | Browse | ||
| 0% | Avira URL Cloud | safe | ||
| 3% | Virustotal | Browse | ||
| 1% | Virustotal | Browse | ||
| 1% | Virustotal | Browse | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Virustotal | Browse | ||
| 0% | Avira URL Cloud | safe | ||
| 1% | Virustotal | Browse | ||
| 1% | Virustotal | Browse | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 1% | Virustotal | Browse | ||
| 0% | Avira URL Cloud | safe | ||
| 1% | Virustotal | Browse | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Virustotal | Browse | ||
| 0% | Virustotal | Browse | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Virustotal | Browse | ||
| 2% | Virustotal | Browse | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Virustotal | Browse | ||
| 0% | Avira URL Cloud | safe | ||
| 1% | Virustotal | Browse | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Virustotal | Browse | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Virustotal | Browse | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Virustotal | Browse | ||
| 0% | Virustotal | Browse | ||
| 0% | Avira URL Cloud | safe | ||
| 2% | Virustotal | Browse | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Virustotal | Browse | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 2% | Virustotal | Browse | ||
| 0% | Avira URL Cloud | safe | ||
| 1% | Virustotal | Browse | ||
| 0% | Virustotal | Browse | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Virustotal | Browse | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Virustotal | Browse | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe |
⊘No contacted domains info
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 5.161.190.139 | unknown | Germany | 24940 | HETZNER-ASDE | true |
| Joe Sandbox version: | 40.0.0 Tourmaline |
| Analysis ID: | 1465053 |
| Start date and time: | 2024-07-01 08:46:07 +02:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 6m 58s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 6 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | NI0Y4iB1ON.exerenamed because original name is a hash value |
| Original Sample Name: | 375e9acde29beee941aa2706285f34b1.exe |
| Detection: | MAL |
| Classification: | mal100.troj.spyw.evad.winEXE@3/2@0/1 |
| EGA Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Execution Graph export aborted for target NI0Y4iB1ON.exe, PID 6600 because there are no executed function
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtAllocateVirtualMemory calls found.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
| Time | Type | Description |
|---|---|---|
| 02:47:43 | API Interceptor | |
| 07:47:22 | Autostart | |
| 07:47:30 | Autostart |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 5.161.190.139 | Get hash | malicious | RedLine | Browse |
⊘No context
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| HETZNER-ASDE | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | TechSupportScam | Browse |
| ||
| Get hash | malicious | TechSupportScam | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | PureLog Stealer, Vidar | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | AsyncRAT | Browse |
| ||
| Get hash | malicious | TechSupportScam | Browse |
| ||
| Get hash | malicious | TechSupportScam | Browse |
|
⊘No context
⊘No context
| Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 3094 |
| Entropy (8bit): | 5.33145931749415 |
| Encrypted: | false |
| SSDEEP: | 96:Pq5qHwCYqh3oPtI6eqzxP0aymTqdqlq7qqjqcEZ5D:Pq5qHwCYqh3qtI6eqzxP0atTqdqlq7qV |
| MD5: | 3FD5C0634443FB2EF2796B9636159CB6 |
| SHA1: | 366DDE94AEFCFFFAB8E03AD8B448E05D7489EB48 |
| SHA-256: | 58307E94C67E2348F5A838DE4FF668983B38B7E9A3B1D61535D3A392814A57D6 |
| SHA-512: | 8535E7C0777C6B0876936D84BDE2BDC59963CF0954D4E50D65808E6E806E8B131DF5DB8FA0E030FAE2702143A7C3A70698A2B9A80519C9E2FFC286A71F0B797C |
| Malicious: | false |
| Reputation: | high, very likely benign file |
| Preview: |
| Process: | C:\Users\user\Desktop\NI0Y4iB1ON.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 953255531 |
| Entropy (8bit): | 0.06579742896447444 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 44B7D1F5510DBF3BEB498D5A75392E83 |
| SHA1: | 3D703E1225B0374094D9FCE60EEA6F62BE17EB91 |
| SHA-256: | AB899360300CB48AC4FEB96681F411A685823E1B632D265ECAF651789150A43E |
| SHA-512: | 465E1EAF9CF692248CBFC5483B9153C668DE5DBD6000238EABC483C0874A20A33ADF8D8EE204D0E25861654130246A760483255A0B6BA29FD67242F585E089EB |
| Malicious: | true |
| Antivirus: |
|
| Reputation: | low |
| Preview: |
| File type: | |
| Entropy (8bit): | 6.476570625780272 |
| TrID: |
|
| File name: | NI0Y4iB1ON.exe |
| File size: | 4'686'848 bytes |
| MD5: | 375e9acde29beee941aa2706285f34b1 |
| SHA1: | e4beb794991712982a6ef02fb41b59b7eb82b202 |
| SHA256: | b2a4a9e9cd0fbce0d8bb0e6d7bd34aacca346ad20e0835064366a557bba2e20b |
| SHA512: | 4d376813cb1ede9ad20cac49a8ad8bc83dfaefd13e1326f7710fa357e9c636446c19684641ecf16eaf0e73283895a3fe7fd29fdb12c1f60065d7c9810d256597 |
| SSDEEP: | 98304:ZWFsTuRN2zazBLlLvOc1Pgd1Ea0fzsFvOFLyf:ZWFsTuRN2zahf1Y7Efy |
| TLSH: | 45262820325E8D2FD59128F1962897B7911CAD2B0B61A0D7B68C7E5F27710C70BF7E1A |
| File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........y..............~j......~j..............................~j......~j......~j......~j..........O.......)..... .......H............ |
 | |
| Icon Hash: | c338dad2da985006 |
| Entrypoint: | 0x60c1a0 |
| Entrypoint Section: | .text |
| Digitally signed: | true |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE |
| DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE |
| Time Stamp: | 0x65AFEAC5 [Tue Jan 23 16:35:17 2024 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 6 |
| OS Version Minor: | 0 |
| File Version Major: | 6 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 6 |
| Subsystem Version Minor: | 0 |
| Import Hash: | 36aca8edddb161c588fcf5afdc1ad9fa |
| Signature Valid: | |
| Signature Issuer: | |
| Signature Validation Error: | |
| Error Number: | |
| Not Before, Not After | |
| Subject Chain | |
| Version: | |
| Thumbprint MD5: | |
| Thumbprint SHA-1: | |
| Thumbprint SHA-256: | |
| Serial: |
| Instruction |
|---|
| call 00007F65647D8A2Bh |
| jmp 00007F65647D826Dh |
| push ebp |
| mov ebp, esp |
| and dword ptr [00750BACh], 00000000h |
| sub esp, 24h |
| or dword ptr [0074D020h], 01h |
| push 0000000Ah |
| call dword ptr [00699268h] |
| test eax, eax |
| je 00007F65647D85A2h |
| and dword ptr [ebp-10h], 00000000h |
| xor eax, eax |
| push ebx |
| push esi |
| push edi |
| xor ecx, ecx |
| lea edi, dword ptr [ebp-24h] |
| push ebx |
| cpuid |
| mov esi, ebx |
| pop ebx |
| nop |
| mov dword ptr [edi], eax |
| mov dword ptr [edi+04h], esi |
| mov dword ptr [edi+08h], ecx |
| xor ecx, ecx |
| mov dword ptr [edi+0Ch], edx |
| mov eax, dword ptr [ebp-24h] |
| mov edi, dword ptr [ebp-20h] |
| mov dword ptr [ebp-0Ch], eax |
| xor edi, 756E6547h |
| mov eax, dword ptr [ebp-18h] |
| xor eax, 49656E69h |
| mov dword ptr [ebp-04h], eax |
| mov eax, dword ptr [ebp-1Ch] |
| xor eax, 6C65746Eh |
| mov dword ptr [ebp-08h], eax |
| xor eax, eax |
| inc eax |
| push ebx |
| cpuid |
| mov esi, ebx |
| pop ebx |
| nop |
| lea ebx, dword ptr [ebp-24h] |
| mov dword ptr [ebx], eax |
| mov eax, dword ptr [ebp-04h] |
| or eax, dword ptr [ebp-08h] |
| or eax, edi |
| mov dword ptr [ebx+04h], esi |
| mov dword ptr [ebx+08h], ecx |
| mov dword ptr [ebx+0Ch], edx |
| jne 00007F65647D8435h |
| mov eax, dword ptr [ebp-24h] |
| and eax, 0FFF3FF0h |
| cmp eax, 000106C0h |
| je 00007F65647D8415h |
| cmp eax, 00020660h |
| je 00007F65647D840Eh |
| cmp eax, 00020670h |
| je 00007F65647D8407h |
| cmp eax, 00030650h |
| je 00007F65647D8400h |
| cmp eax, 00030660h |
| je 00007F65647D83F9h |
| cmp eax, 00030670h |
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0x34b518 | 0x3c | .rdata |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x35b000 | 0x12965b | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x806908 | 0x29b8 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x3de000 | 0x2d824 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x2ed3b0 | 0x70 | .rdata |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x2ed440 | 0x18 | .rdata |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x2beb00 | 0x40 | .rdata |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x299000 | 0x320 | .rdata |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x348804 | 0x240 | .rdata |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0x298000 | 0x297400 | 57da8830c31be32bc33e4e134aa599fa | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .rdata | 0x299000 | 0xb4000 | 0xb3800 | 4f9d26185e37b65035edbc1141b2007e | False | 0.32706411037604455 | data | 5.068944901847019 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .data | 0x34d000 | 0xd000 | 0x3400 | e98ea88d23706ee22313e0c4a05673ed | False | 0.2342247596153846 | data | 4.472160620433143 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .didat | 0x35a000 | 0x1000 | 0x800 | 024099aaf5ddf68616b817cf9ff2cd48 | False | 0.4072265625 | data | 4.513561592019692 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .rsrc | 0x35b000 | 0x12965b | 0x129800 | 7cf64a4b1d83d73c8b57c1f9cea01194 | False | 0.30150341386554624 | data | 6.117507832819866 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
|---|---|---|---|---|---|---|
| RT_BITMAP | 0x35ba5c | 0x4a436 | PC bitmap, Windows 3.x format, 38982 x 2 x 52, image size 304445, cbSize 304182, bits offset 54 | 0.49700179497800656 | ||
| RT_BITMAP | 0x3a5e94 | 0x13e | Device independent bitmap graphic, 32 x 16 x 4, image size 258, resolution 2834 x 2834 px/m, 5 important colors | English | United States | 0.25471698113207547 |
| RT_BITMAP | 0x3a5fd4 | 0x828 | Device independent bitmap graphic, 32 x 16 x 32, image size 0 | English | United States | 0.03017241379310345 |
| RT_BITMAP | 0x3a67fc | 0x48a8 | Device independent bitmap graphic, 290 x 16 x 32, image size 0 | English | United States | 0.11881720430107527 |
| RT_BITMAP | 0x3ab0a4 | 0xa6a | Device independent bitmap graphic, 320 x 16 x 4, image size 2562, resolution 2834 x 2834 px/m | English | United States | 0.21680420105026257 |
| RT_BITMAP | 0x3abb10 | 0x152 | Device independent bitmap graphic, 32 x 16 x 4, image size 258, resolution 2834 x 2834 px/m, 10 important colors | English | United States | 0.5295857988165681 |
| RT_BITMAP | 0x3abc64 | 0x828 | Device independent bitmap graphic, 32 x 16 x 32, image size 0 | English | United States | 0.4875478927203065 |
| RT_ICON | 0x3ac48c | 0xb4bd | PC bitmap, Windows 3.x format, 6396 x 2 x 51, image size 47160, cbSize 46269, bits offset 54 | 0.48287190127299057 | ||
| RT_ICON | 0x3b794c | 0x6c3d | PC bitmap, Windows 3.x format, 4011 x 2 x 52, image size 28203, cbSize 27709, bits offset 54 | 0.5219242845284926 | ||
| RT_ICON | 0x3be58c | 0x99c9 | PC bitmap, Windows 3.x format, 5428 x 2 x 46, image size 39539, cbSize 39369, bits offset 54 | 0.4305417968452336 | ||
| RT_ICON | 0x3c7f58 | 0x41b89 | PC bitmap, Windows 3.x format, 34018 x 2 x 35, image size 269636, cbSize 269193, bits offset 54 | 0.49671053853554886 | ||
| RT_ICON | 0x409ae4 | 0x42028 | Device independent bitmap graphic, 256 x 512 x 32, image size 262144, resolution 2835 x 2835 px/m | English | United States | 0.016724857235849336 |
| RT_ICON | 0x44bb0c | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 2835 x 2835 px/m | English | United States | 0.2624113475177305 |
| RT_ICON | 0x44bf74 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 2835 x 2835 px/m | English | United States | 0.08153526970954357 |
| RT_ICON | 0x44e51c | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 2835 x 2835 px/m | English | United States | 0.12312382739212008 |
| RT_ICON | 0x44f5c4 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | English | United States | 0.3262411347517731 |
| RT_ICON | 0x44fa2c | 0x10828 | Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 2835 x 2835 px/m | English | United States | 0.030078078788595766 |
| RT_ICON | 0x460254 | 0x4228 | Device independent bitmap graphic, 64 x 128 x 32, image size 16384, resolution 2835 x 2835 px/m | English | United States | 0.05922295701464336 |
| RT_DIALOG | 0x46447c | 0xac | data | English | United States | 0.7151162790697675 |
| RT_DIALOG | 0x464528 | 0xcc | data | English | United States | 0.6911764705882353 |
| RT_DIALOG | 0x4645f4 | 0x1b4 | data | English | United States | 0.5458715596330275 |
| RT_DIALOG | 0x4647a8 | 0x136 | data | English | United States | 0.6064516129032258 |
| RT_DIALOG | 0x4648e0 | 0x4c | data | English | United States | 0.8289473684210527 |
| RT_STRING | 0x46492c | 0x234 | data | English | United States | 0.4645390070921986 |
| RT_STRING | 0x464b60 | 0x182 | data | English | United States | 0.5103626943005182 |
| RT_STRING | 0x464ce4 | 0x50 | data | English | United States | 0.7375 |
| RT_STRING | 0x464d34 | 0x9a | data | English | United States | 0.37662337662337664 |
| RT_STRING | 0x464dd0 | 0x2f6 | data | English | United States | 0.449868073878628 |
| RT_STRING | 0x4650c8 | 0x5c0 | data | English | United States | 0.3498641304347826 |
| RT_STRING | 0x465688 | 0x434 | data | English | United States | 0.32899628252788105 |
| RT_STRING | 0x465abc | 0x100 | data | English | United States | 0.5703125 |
| RT_STRING | 0x465bbc | 0x484 | data | English | United States | 0.39186851211072665 |
| RT_STRING | 0x466040 | 0x1ea | data | English | United States | 0.44081632653061226 |
| RT_STRING | 0x46622c | 0x18a | data | English | United States | 0.5228426395939086 |
| RT_STRING | 0x4663b8 | 0x216 | Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0 | English | United States | 0.46254681647940077 |
| RT_STRING | 0x4665d0 | 0x624 | data | English | United States | 0.3575063613231552 |
| RT_STRING | 0x466bf4 | 0x660 | data | English | United States | 0.3474264705882353 |
| RT_STRING | 0x467254 | 0x396 | data | English | United States | 0.3867102396514161 |
| RT_GROUP_ICON | 0x4675ec | 0x5a | data | English | United States | 0.7444444444444445 |
| RT_HTML | 0x467648 | 0x3835 | ASCII text, with very long lines (443), with CRLF line terminators | English | United States | 0.08298005420807561 |
| RT_HTML | 0x46ae80 | 0x1316 | ASCII text, with CRLF line terminators | English | United States | 0.18399508800654932 |
| RT_HTML | 0x46c198 | 0x8c77 | HTML document, ASCII text, with CRLF line terminators | English | United States | 0.08081426068578103 |
| RT_HTML | 0x474e10 | 0x6acd | HTML document, ASCII text, with CRLF line terminators | English | United States | 0.10679931238798873 |
| RT_HTML | 0x47b8e0 | 0x6a2 | HTML document, ASCII text, with CRLF line terminators | English | United States | 0.3486454652532391 |
| RT_HTML | 0x47bf84 | 0x104a | HTML document, ASCII text, with CRLF line terminators | English | United States | 0.2170263788968825 |
| RT_HTML | 0x47cfd0 | 0x15b1 | HTML document, ASCII text, with CRLF line terminators | English | United States | 0.17612101566720692 |
| RT_HTML | 0x47e584 | 0x205c | exported SGML document, ASCII text, with very long lines (659), with CRLF line terminators | English | United States | 0.13604538870111058 |
| RT_HTML | 0x4805e0 | 0x368d | HTML document, ASCII text, with CRLF line terminators | English | United States | 0.10834228428213391 |
| RT_HTML | 0x483c70 | 0x1d7 | ASCII text, with CRLF line terminators | English | United States | 0.6008492569002123 |
| RT_MANIFEST | 0x483e48 | 0x813 | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States | 0.41025641025641024 |
| DLL | Import |
|---|---|
| KERNEL32.dll | WriteFile, DeleteFileW, HeapDestroy, HeapSize, HeapReAlloc, HeapFree, HeapAlloc, GetProcessHeap, SizeofResource, LockResource, LoadResource, FindResourceW, FindResourceExW, CreateEventExW, WaitForSingleObject, CreateProcessW, GetLastError, GetExitCodeProcess, SetEvent, RemoveDirectoryW, GetProcAddress, GetModuleHandleW, GetWindowsDirectoryW, CreateDirectoryW, GetTempPathW, GetTempFileNameW, MoveFileW, EnterCriticalSection, LeaveCriticalSection, GetModuleFileNameW, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, GetCurrentThreadId, RaiseException, SetLastError, GlobalUnlock, GlobalLock, GlobalAlloc, MulDiv, lstrcmpW, CreateEventW, FindClose, FindFirstFileW, GetFullPathNameW, InitializeCriticalSection, lstrcpynW, CreateThread, LoadLibraryExW, GetCurrentProcess, Sleep, WideCharToMultiByte, GetDiskFreeSpaceExW, DecodePointer, GetExitCodeThread, GetCurrentProcessId, FreeLibrary, GetSystemDirectoryW, lstrlenW, VerifyVersionInfoW, VerSetConditionMask, lstrcmpiW, LoadLibraryW, GetDriveTypeW, CompareStringW, FindNextFileW, GetLogicalDriveStringsW, GetFileSize, GetFileAttributesW, GetShortPathNameW, GetFinalPathNameByHandleW, SetFileAttributesW, GetFileTime, CopyFileW, ReadFile, SetFilePointer, SetFileTime, SystemTimeToFileTime, MultiByteToWideChar, GetSystemInfo, WaitForMultipleObjects, GetVersionExW, CreateSemaphoreW, ReleaseSemaphore, GlobalMemoryStatus, GetModuleHandleA, GetProcessAffinityMask, VirtualProtect, VirtualQuery, LoadLibraryExA, GetStringTypeW, LocalFree, LocalAlloc, SetUnhandledExceptionFilter, FileTimeToSystemTime, GetEnvironmentVariableW, GetSystemTime, GetDateFormatW, GetTimeFormatW, GetLocaleInfoW, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, FormatMessageW, GetEnvironmentStringsW, InitializeCriticalSectionEx, CloseHandle, GetModuleFileNameA, GetCurrentThread, GetConsoleOutputCP, FlushFileBuffers, Wow64DisableWow64FsRedirection, Wow64RevertWow64FsRedirection, IsWow64Process, SetConsoleTextAttribute, GetStdHandle, GetConsoleScreenBufferInfo, OutputDebugStringW, GetTickCount, GetCommandLineW, SetCurrentDirectoryW, SetEndOfFile, EnumResourceLanguagesW, GetSystemDefaultLangID, GetUserDefaultLangID, GetLocalTime, ResetEvent, GlobalFree, GetPrivateProfileStringW, GetPrivateProfileSectionNamesW, WritePrivateProfileStringW, CreateNamedPipeW, ConnectNamedPipe, TerminateThread, CompareFileTime, CopyFileExW, OpenEventW, PeekNamedPipe, WaitForSingleObjectEx, QueryPerformanceCounter, QueryPerformanceFrequency, ReleaseSRWLockExclusive, AcquireSRWLockExclusive, WakeAllConditionVariable, SleepConditionVariableSRW, EncodePointer, LCMapStringEx, CompareStringEx, GetCPInfo, GetSystemTimeAsFileTime, IsDebuggerPresent, InitializeSListHead, InterlockedPopEntrySList, InterlockedPushEntrySList, FlushInstructionCache, IsProcessorFeaturePresent, VirtualAlloc, VirtualFree, UnhandledExceptionFilter, TerminateProcess, GetStartupInfoW, RtlUnwind, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, ExitThread, FreeLibraryAndExitThread, GetModuleHandleExW, ExitProcess, GetFileType, LCMapStringW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, GetTimeZoneInformation, GetConsoleMode, GetFileSizeEx, SetFilePointerEx, FindFirstFileExW, IsValidCodePage, GetACP, GetOEMCP, GetCommandLineA, FreeEnvironmentStringsW, SetEnvironmentVariableW, SetStdHandle, ReadConsoleW, WriteConsoleW, LoadLibraryA, CreateFileW |
| imagehlp.dll | SymGetModuleBase, SymFunctionTableAccess, SymGetLineFromAddr, SymSetSearchPath, SymCleanup, SymInitialize, SymSetOptions, StackWalk |
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| English | United States |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|---|---|---|
| 07/01/24-08:47:32.504841 | TCP | 2046045 | ET TROJAN [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) | 49737 | 8732 | 192.168.2.4 | 5.161.190.139 |
| 07/01/24-08:47:39.139186 | TCP | 2046056 | ET TROJAN Redline Stealer/MetaStealer Family Activity (Response) | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| 07/01/24-08:47:46.398128 | TCP | 2043231 | ET TROJAN Redline Stealer TCP CnC Activity | 49737 | 8732 | 192.168.2.4 | 5.161.190.139 |
| 07/01/24-08:47:32.607724 | TCP | 2043234 | ET MALWARE Redline Stealer TCP CnC - Id1Response | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Jul 1, 2024 08:47:30.910645008 CEST | 49737 | 8732 | 192.168.2.4 | 5.161.190.139 |
| Jul 1, 2024 08:47:30.915456057 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:30.917887926 CEST | 49737 | 8732 | 192.168.2.4 | 5.161.190.139 |
| Jul 1, 2024 08:47:31.266604900 CEST | 49737 | 8732 | 192.168.2.4 | 5.161.190.139 |
| Jul 1, 2024 08:47:31.272547960 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:31.385631084 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:31.435139894 CEST | 49737 | 8732 | 192.168.2.4 | 5.161.190.139 |
| Jul 1, 2024 08:47:32.504841089 CEST | 49737 | 8732 | 192.168.2.4 | 5.161.190.139 |
| Jul 1, 2024 08:47:32.509671926 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:32.607723951 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:32.653928041 CEST | 49737 | 8732 | 192.168.2.4 | 5.161.190.139 |
| Jul 1, 2024 08:47:39.033618927 CEST | 49737 | 8732 | 192.168.2.4 | 5.161.190.139 |
| Jul 1, 2024 08:47:39.038450956 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:39.139185905 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:39.139231920 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:39.139241934 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:39.139251947 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:39.139262915 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:39.139283895 CEST | 49737 | 8732 | 192.168.2.4 | 5.161.190.139 |
| Jul 1, 2024 08:47:39.139345884 CEST | 49737 | 8732 | 192.168.2.4 | 5.161.190.139 |
| Jul 1, 2024 08:47:39.185159922 CEST | 49737 | 8732 | 192.168.2.4 | 5.161.190.139 |
| Jul 1, 2024 08:47:40.006119013 CEST | 49737 | 8732 | 192.168.2.4 | 5.161.190.139 |
| Jul 1, 2024 08:47:40.011168957 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:40.110004902 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:40.124138117 CEST | 49737 | 8732 | 192.168.2.4 | 5.161.190.139 |
| Jul 1, 2024 08:47:40.128932953 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:40.226454973 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:40.245136976 CEST | 49737 | 8732 | 192.168.2.4 | 5.161.190.139 |
| Jul 1, 2024 08:47:40.252286911 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:40.350320101 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:40.371150017 CEST | 49737 | 8732 | 192.168.2.4 | 5.161.190.139 |
| Jul 1, 2024 08:47:40.376569986 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:40.474334955 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:40.485517025 CEST | 49737 | 8732 | 192.168.2.4 | 5.161.190.139 |
| Jul 1, 2024 08:47:40.490328074 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:40.588082075 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:40.590353966 CEST | 49737 | 8732 | 192.168.2.4 | 5.161.190.139 |
| Jul 1, 2024 08:47:40.595185041 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:40.692997932 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:40.747628927 CEST | 49737 | 8732 | 192.168.2.4 | 5.161.190.139 |
| Jul 1, 2024 08:47:40.792191029 CEST | 49737 | 8732 | 192.168.2.4 | 5.161.190.139 |
| Jul 1, 2024 08:47:40.797164917 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:40.797175884 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:40.797214031 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:40.797223091 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:40.797234058 CEST | 49737 | 8732 | 192.168.2.4 | 5.161.190.139 |
| Jul 1, 2024 08:47:40.797338009 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:40.797405005 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:40.797430038 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:40.802270889 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:40.802320957 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:40.802329063 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:41.066373110 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:41.107034922 CEST | 49737 | 8732 | 192.168.2.4 | 5.161.190.139 |
| Jul 1, 2024 08:47:41.332055092 CEST | 49737 | 8732 | 192.168.2.4 | 5.161.190.139 |
| Jul 1, 2024 08:47:41.336982012 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:41.434650898 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:41.443778992 CEST | 49737 | 8732 | 192.168.2.4 | 5.161.190.139 |
| Jul 1, 2024 08:47:41.448586941 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:41.547449112 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:41.565918922 CEST | 49737 | 8732 | 192.168.2.4 | 5.161.190.139 |
| Jul 1, 2024 08:47:41.570868969 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:41.668555975 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:41.716384888 CEST | 49737 | 8732 | 192.168.2.4 | 5.161.190.139 |
| Jul 1, 2024 08:47:42.146190882 CEST | 49737 | 8732 | 192.168.2.4 | 5.161.190.139 |
| Jul 1, 2024 08:47:42.151185989 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:42.249062061 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:42.256036997 CEST | 49737 | 8732 | 192.168.2.4 | 5.161.190.139 |
| Jul 1, 2024 08:47:42.260804892 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:42.358704090 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:42.388199091 CEST | 49737 | 8732 | 192.168.2.4 | 5.161.190.139 |
| Jul 1, 2024 08:47:42.393140078 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:42.393151999 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:42.393161058 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:42.393198967 CEST | 49737 | 8732 | 192.168.2.4 | 5.161.190.139 |
| Jul 1, 2024 08:47:42.393228054 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:42.393238068 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:42.393279076 CEST | 49737 | 8732 | 192.168.2.4 | 5.161.190.139 |
| Jul 1, 2024 08:47:42.393326998 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:42.393337011 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:42.393345118 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:42.393382072 CEST | 49737 | 8732 | 192.168.2.4 | 5.161.190.139 |
| Jul 1, 2024 08:47:42.393414021 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:42.393424988 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:42.393464088 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:42.393464088 CEST | 49737 | 8732 | 192.168.2.4 | 5.161.190.139 |
| Jul 1, 2024 08:47:42.393560886 CEST | 49737 | 8732 | 192.168.2.4 | 5.161.190.139 |
| Jul 1, 2024 08:47:42.398271084 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:42.398422956 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:42.398432016 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:42.398442030 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:42.398451090 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:42.398648977 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:42.398658037 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:42.398665905 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:42.398674965 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:42.398684978 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:42.403081894 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:42.403090954 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:42.403106928 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:42.403115034 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:42.403151989 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:42.403161049 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:42.403177023 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:42.403184891 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:42.403197050 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:42.403206110 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:42.403258085 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:42.403265953 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:42.403289080 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:42.797054052 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:42.806741953 CEST | 49737 | 8732 | 192.168.2.4 | 5.161.190.139 |
| Jul 1, 2024 08:47:42.811534882 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:42.914407969 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:42.966370106 CEST | 49737 | 8732 | 192.168.2.4 | 5.161.190.139 |
| Jul 1, 2024 08:47:43.206640959 CEST | 49737 | 8732 | 192.168.2.4 | 5.161.190.139 |
| Jul 1, 2024 08:47:43.211494923 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:43.309596062 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:43.357012033 CEST | 49737 | 8732 | 192.168.2.4 | 5.161.190.139 |
| Jul 1, 2024 08:47:43.368031979 CEST | 49737 | 8732 | 192.168.2.4 | 5.161.190.139 |
| Jul 1, 2024 08:47:43.372781038 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:43.471086025 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:43.528894901 CEST | 49737 | 8732 | 192.168.2.4 | 5.161.190.139 |
| Jul 1, 2024 08:47:45.618731022 CEST | 49737 | 8732 | 192.168.2.4 | 5.161.190.139 |
| Jul 1, 2024 08:47:45.623599052 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.623619080 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.623630047 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.730051994 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.779627085 CEST | 49737 | 8732 | 192.168.2.4 | 5.161.190.139 |
| Jul 1, 2024 08:47:45.864243031 CEST | 49737 | 8732 | 192.168.2.4 | 5.161.190.139 |
| Jul 1, 2024 08:47:45.864322901 CEST | 49737 | 8732 | 192.168.2.4 | 5.161.190.139 |
| Jul 1, 2024 08:47:45.864757061 CEST | 49737 | 8732 | 192.168.2.4 | 5.161.190.139 |
| Jul 1, 2024 08:47:45.869196892 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.869254112 CEST | 49737 | 8732 | 192.168.2.4 | 5.161.190.139 |
| Jul 1, 2024 08:47:45.869286060 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.869343996 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.869354010 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.869375944 CEST | 49737 | 8732 | 192.168.2.4 | 5.161.190.139 |
| Jul 1, 2024 08:47:45.869395018 CEST | 49737 | 8732 | 192.168.2.4 | 5.161.190.139 |
| Jul 1, 2024 08:47:45.869401932 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.869445086 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.869496107 CEST | 49737 | 8732 | 192.168.2.4 | 5.161.190.139 |
| Jul 1, 2024 08:47:45.869527102 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.869569063 CEST | 49737 | 8732 | 192.168.2.4 | 5.161.190.139 |
| Jul 1, 2024 08:47:45.869585991 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.869612932 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.869621992 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.869631052 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.869640112 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.869642973 CEST | 49737 | 8732 | 192.168.2.4 | 5.161.190.139 |
| Jul 1, 2024 08:47:45.869651079 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.869667053 CEST | 49737 | 8732 | 192.168.2.4 | 5.161.190.139 |
| Jul 1, 2024 08:47:45.869693995 CEST | 49737 | 8732 | 192.168.2.4 | 5.161.190.139 |
| Jul 1, 2024 08:47:45.874054909 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.874063015 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.874104977 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.874114037 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.874125957 CEST | 49737 | 8732 | 192.168.2.4 | 5.161.190.139 |
| Jul 1, 2024 08:47:45.874150991 CEST | 49737 | 8732 | 192.168.2.4 | 5.161.190.139 |
| Jul 1, 2024 08:47:45.874171972 CEST | 49737 | 8732 | 192.168.2.4 | 5.161.190.139 |
| Jul 1, 2024 08:47:45.874174118 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.874182940 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.874228001 CEST | 49737 | 8732 | 192.168.2.4 | 5.161.190.139 |
| Jul 1, 2024 08:47:45.874254942 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.874268055 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.874322891 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.874331951 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.874381065 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.874388933 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.874470949 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.874479055 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.874483109 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.874500990 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.874507904 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.874516010 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.874557018 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.874563932 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.874615908 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.874624968 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.874656916 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.874665976 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.874710083 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.874716997 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.878721952 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.878731966 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.878771067 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.878797054 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.878868103 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.878881931 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.878926039 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.878933907 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.879013062 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.879021883 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.879061937 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.879070044 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.879117012 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.879177094 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.879185915 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.879246950 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.879255056 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.879286051 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.879293919 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.879338026 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.879388094 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.879396915 CEST | 49737 | 8732 | 192.168.2.4 | 5.161.190.139 |
| Jul 1, 2024 08:47:45.879414082 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.879456997 CEST | 49737 | 8732 | 192.168.2.4 | 5.161.190.139 |
| Jul 1, 2024 08:47:45.879471064 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.879509926 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.879518986 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.879571915 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.879580975 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.879610062 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.879617929 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.879663944 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.879712105 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.879725933 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.879734039 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.879756927 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.879765034 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.879833937 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.879842997 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.879904985 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.879914045 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.879964113 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.879972935 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.880012035 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.880075932 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.880084991 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.880093098 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.880111933 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.880120993 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.880193949 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.880253077 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.880260944 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.880269051 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.880306959 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.880321026 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.880373955 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.880382061 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.883492947 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.883502007 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.883536100 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.883543968 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.883594036 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.883603096 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.883665085 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.883675098 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.883729935 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.883738041 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.883771896 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.883794069 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.883853912 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.883862972 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.884095907 CEST | 49737 | 8732 | 192.168.2.4 | 5.161.190.139 |
| Jul 1, 2024 08:47:45.884151936 CEST | 49737 | 8732 | 192.168.2.4 | 5.161.190.139 |
| Jul 1, 2024 08:47:45.884205103 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.884219885 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.884238958 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.884253979 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.884315968 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.884325027 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.884366989 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.884376049 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.884473085 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.884486914 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.884507895 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.884540081 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.884579897 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.884588957 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.884632111 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.884640932 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.884701967 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.884710073 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.884774923 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.884783983 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.884824038 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.884860992 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.884908915 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.884917021 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.884960890 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.884968996 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.885013103 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.885021925 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.885072947 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.885082006 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.885097980 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.885107040 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.885160923 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.885169983 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.885234118 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.885243893 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.885282993 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.885291100 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.885328054 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.885380983 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.885390043 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.885401011 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.885447025 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.885454893 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.885574102 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.885582924 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.885617018 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.885664940 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.885679960 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.885689020 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.885710955 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.885719061 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.885757923 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.885766983 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.885945082 CEST | 49737 | 8732 | 192.168.2.4 | 5.161.190.139 |
| Jul 1, 2024 08:47:45.886008978 CEST | 49737 | 8732 | 192.168.2.4 | 5.161.190.139 |
| Jul 1, 2024 08:47:45.888914108 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.888957977 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.888967037 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.888982058 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.888991117 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.889031887 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.889040947 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.889106035 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.889115095 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.889122963 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.889132023 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.889189005 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.889197111 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.889247894 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.889257908 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.889266968 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.889307976 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.889323950 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.889332056 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.889425993 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.889435053 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.889450073 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.889458895 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.889502048 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.889509916 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.889553070 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.889561892 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.889609098 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.889617920 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.889668941 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.889677048 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.889709949 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.889719009 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.889759064 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.889766932 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.889775038 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.889784098 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.889816999 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.889826059 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.889864922 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.889873981 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.889915943 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.889924049 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.889949083 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.889956951 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.889971972 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.889980078 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.890024900 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.890033007 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.890048981 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.890062094 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.890094995 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.890104055 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.890113115 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.890312910 CEST | 49737 | 8732 | 192.168.2.4 | 5.161.190.139 |
| Jul 1, 2024 08:47:45.890379906 CEST | 49737 | 8732 | 192.168.2.4 | 5.161.190.139 |
| Jul 1, 2024 08:47:45.890755892 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.890791893 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.890799999 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.890810013 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.890914917 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.890923023 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.890976906 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.890985966 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.891002893 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.891011953 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.891113043 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.891122103 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.891130924 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.891155005 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.891163111 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.891212940 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.891226053 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.891233921 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.891311884 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.891321898 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.891330004 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.891338110 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.891357899 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.891366959 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.891372919 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.891376972 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.891422987 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.891432047 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.891446114 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.891453981 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.891499043 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.891509056 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.891518116 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.891525984 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.891557932 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.891566992 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.891599894 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.891627073 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.891659975 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.891669035 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.891716957 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.891726017 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.891732931 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.891741991 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.891757965 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.891767979 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.891803980 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.891813040 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.891828060 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.891835928 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.891850948 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.891860008 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.891937971 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.891946077 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.892129898 CEST | 49737 | 8732 | 192.168.2.4 | 5.161.190.139 |
| Jul 1, 2024 08:47:45.892195940 CEST | 49737 | 8732 | 192.168.2.4 | 5.161.190.139 |
| Jul 1, 2024 08:47:45.895239115 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.895248890 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.895339966 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.895348072 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.895387888 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.895435095 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.895443916 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.895451069 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.895545959 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.895555019 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.895562887 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.895565987 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.895575047 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.895653009 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.895662069 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.895668983 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.895678997 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.895687103 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.895703077 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.895711899 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.895720005 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.895728111 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.895742893 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.895750999 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.895791054 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.895800114 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.895839930 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.895849943 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.895867109 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.895874977 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.895905018 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.895914078 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.895960093 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.895968914 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.895983934 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.895992041 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.896037102 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.896045923 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.896106958 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.896114111 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.896153927 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.896162033 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.896174908 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.896183014 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.896229029 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.896236897 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.896245003 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.896258116 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.896306038 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.896312952 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.896321058 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.896328926 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.896363974 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.896372080 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.896565914 CEST | 49737 | 8732 | 192.168.2.4 | 5.161.190.139 |
| Jul 1, 2024 08:47:45.896627903 CEST | 49737 | 8732 | 192.168.2.4 | 5.161.190.139 |
| Jul 1, 2024 08:47:45.896934986 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.896943092 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.896951914 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.896990061 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.897034883 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.897042990 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.897058010 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.897069931 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.897088051 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.897114038 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.897205114 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.897212982 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.897219896 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.897228003 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.897234917 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.897243023 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.897257090 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.897264957 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.897273064 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.897279978 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.897295952 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.897304058 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.897316933 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.897325039 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.897346020 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.897353888 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.897402048 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.897409916 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.897418022 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.897425890 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.897485018 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.897491932 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.897536993 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.897545099 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.897553921 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.897557020 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.897602081 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.897609949 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.897617102 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.897624016 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.897631884 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.897639990 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.897648096 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.897655964 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.897713900 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.897721052 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.897727966 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.897736073 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.897742987 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.897752047 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.897761106 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.897767067 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.897773981 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.897780895 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.897949934 CEST | 49737 | 8732 | 192.168.2.4 | 5.161.190.139 |
| Jul 1, 2024 08:47:45.898005009 CEST | 49737 | 8732 | 192.168.2.4 | 5.161.190.139 |
| Jul 1, 2024 08:47:45.901483059 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.901493073 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.901540041 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.901549101 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.901618004 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.901627064 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.901657104 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.901664972 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.901704073 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.901711941 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.901722908 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.901731968 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.901755095 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.901763916 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.901813984 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.901823044 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.901885986 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.901894093 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.901920080 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.901927948 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.901977062 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.901985884 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.902004004 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.902012110 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.902046919 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.902055979 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.902116060 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.902124882 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.902133942 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.902142048 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.902158022 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.902165890 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.902180910 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.902189016 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.902240992 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.902249098 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.902266979 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.902276039 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.902291059 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.902299881 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.902313948 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.902323008 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.902371883 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.902379990 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.902400970 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.902410030 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.902443886 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.902452946 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.902467966 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.902477026 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.902508974 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.902517080 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.902559042 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.902568102 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.902693987 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.902748108 CEST | 49737 | 8732 | 192.168.2.4 | 5.161.190.139 |
| Jul 1, 2024 08:47:45.902781010 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.902795076 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.902803898 CEST | 49737 | 8732 | 192.168.2.4 | 5.161.190.139 |
| Jul 1, 2024 08:47:45.902822018 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.902832031 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.902848005 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.902873993 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.902884007 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.902930975 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.902940035 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.902947903 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.902983904 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.902992964 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.903059006 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.903067112 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.903212070 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.903227091 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.903306007 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.903315067 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.903323889 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.903386116 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.903394938 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.903426886 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.903434992 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.903443098 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.903491020 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.903508902 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.903609991 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.903620005 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.903629065 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.903633118 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.903683901 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.903693914 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.903709888 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.903717995 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.903758049 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.903767109 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.903786898 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.903795958 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.903810978 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.903821945 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.903871059 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.903879881 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.903897047 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.903904915 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.903985023 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.903994083 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.904000998 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.904009104 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.904023886 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.904031038 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.904059887 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.904067993 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.904148102 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.904309988 CEST | 49737 | 8732 | 192.168.2.4 | 5.161.190.139 |
| Jul 1, 2024 08:47:45.907577038 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.907665968 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.907675982 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.907685995 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.907701015 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.907778978 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.907834053 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.907911062 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.907919884 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.907943010 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.907951117 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.908000946 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.908010006 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.908191919 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.908200979 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.908247948 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.908256054 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.908309937 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.908318043 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.908332109 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.908339977 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.908354044 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.908360958 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.908405066 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.908411980 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.908422947 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.908503056 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.908512115 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.908518076 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.908591032 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.908598900 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.908607006 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.908613920 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.908621073 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.908627987 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.908634901 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.908643007 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.908724070 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.908731937 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.908739090 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.908741951 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.908746004 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.908751965 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.908760071 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.908767939 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.908775091 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.908782005 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.908853054 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.908860922 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.908868074 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.908870935 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.908874035 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.908880949 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.908888102 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.909145117 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.909152985 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.909187078 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.909194946 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.909243107 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.909250975 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.909259081 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.909311056 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.909320116 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.909327030 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.909354925 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.909363031 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.909396887 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.909404993 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.909413099 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.909473896 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.909482002 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.909488916 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.909502983 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.909512043 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.909575939 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.909584045 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.909637928 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.909646034 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.909719944 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.909728050 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.909735918 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.909779072 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.909818888 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.909827948 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:45.909863949 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:46.294169903 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:46.294950962 CEST | 49737 | 8732 | 192.168.2.4 | 5.161.190.139 |
| Jul 1, 2024 08:47:46.299772978 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:46.397349119 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:46.398128033 CEST | 49737 | 8732 | 192.168.2.4 | 5.161.190.139 |
| Jul 1, 2024 08:47:46.402921915 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:46.501074076 CEST | 8732 | 49737 | 5.161.190.139 | 192.168.2.4 |
| Jul 1, 2024 08:47:46.544504881 CEST | 49737 | 8732 | 192.168.2.4 | 5.161.190.139 |
| Jul 1, 2024 08:47:46.843913078 CEST | 49737 | 8732 | 192.168.2.4 | 5.161.190.139 |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 02:47:02 |
| Start date: | 01/07/2024 |
| Path: | C:\Users\user\Desktop\NI0Y4iB1ON.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 4'686'848 bytes |
| MD5 hash: | 375E9ACDE29BEEE941AA2706285F34B1 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
| Has exited: | true |
| Target ID: | 2 |
| Start time: | 02:47:21 |
| Start date: | 01/07/2024 |
| Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x9a0000 |
| File size: | 2'141'552 bytes |
| MD5 hash: | EB80BB1CA9B9C7F516FF69AFCFD75B7D |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | moderate |
| Has exited: | true |
Execution Graph
| Execution Coverage: | 8% |
| Dynamic/Decrypted Code Coverage: | 100% |
| Signature Coverage: | 0% |
| Total number of Nodes: | 88 |
| Total number of Limit Nodes: | 7 |
Graph
Function 098F6948 Relevance: .5, Instructions: 499COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 098F8D18 Relevance: .3, Instructions: 293COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 098F8D28 Relevance: .3, Instructions: 289COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 057AAE30 Relevance: 1.7, APIs: 1, Instructions: 209COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 057A5935 Relevance: 1.6, APIs: 1, Instructions: 97COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 098F0BFC Relevance: 1.6, APIs: 1, Instructions: 97COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 057A4248 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 057AC9A0 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 057AD2F9 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 057AA870 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 057AB2A0 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 057AB020 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0536D3D8 Relevance: .1, Instructions: 75COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0536D4C4 Relevance: .1, Instructions: 75COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0537D01C Relevance: .1, Instructions: 72COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0537D006 Relevance: .1, Instructions: 62COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0536D4BF Relevance: .1, Instructions: 56COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0536D3D3 Relevance: .1, Instructions: 56COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 098F0040 Relevance: .3, Instructions: 315COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 057ADC74 Relevance: .3, Instructions: 264COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 098F001B Relevance: .2, Instructions: 230COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|