Edit tour
Windows
Analysis Report
Acal BFi UK - Products List 020240704PDF.exe
Overview
General Information
| Sample name: | Acal BFi UK - Products List 020240704PDF.exe |
| Analysis ID: | 1467943 |
| MD5: | b7d9ebad39110de3ff89686962c3270b |
| SHA1: | a6e86e8d2ff174655eb1d30c62506db91e26c943 |
| SHA256: | 77ccc61481c9fa009dfb6af2f6293b604312d440df4338e757ad2df844d10e0b |
| Tags: | exeRedLineStealer |
| Infos: |  |
 | |
Detection
RedLine
| Score: | 100 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Found malware configuration
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected AntiVM3
Yara detected RedLine Stealer
.NET source code contains potential unpacker
.NET source code contains very large array initializations
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Injects a PE file into a foreign processes
Machine Learning detection for sample
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates processes with suspicious names
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Classification
- System is w10x64
Acal BFi UK - Products List 020240704PDF.exe (PID: 6456 cmdline: "C:\Users\ user\Deskt op\Acal BF i UK - Pro ducts List 020240704 PDF.exe" MD5: B7D9EBAD39110DE3FF89686962C3270B) - Acal BFi UK - Products List 020240704PDF.exe (PID: 4028 cmdline:
"C:\Users\ user\Deskt op\Acal BF i UK - Pro ducts List 020240704 PDF.exe" MD5: B7D9EBAD39110DE3FF89686962C3270B)
- cleanup
| Name | Description | Attribution | Blogpost URLs | Link |
|---|---|---|---|---|
| RedLine Stealer | RedLine Stealer is a malware available on underground forums for sale apparently as standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer. | No Attribution |
{"C2 url": ["79.110.62.16:1912"], "Bot Id": "foz", "Authorization Header": "c74790bd166600f1f665c8ce201776eb"}| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_RedLine_1 | Yara detected RedLine Stealer | Joe Security | ||
| JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security |
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
| JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
| JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
| JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
| JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
| Click to see the 5 entries | ||||
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
| JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
| JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
| JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
| JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security |
⊘No Sigma rule has matched
| Timestamp: | 07/05/24-06:01:59.399207 |
| SID: | 2043234 |
| Source Port: | 1912 |
| Destination Port: | 49706 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 07/05/24-06:01:59.217507 |
| SID: | 2046045 |
| Source Port: | 49706 |
| Destination Port: | 1912 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 07/05/24-06:02:04.460027 |
| SID: | 2043231 |
| Source Port: | 49706 |
| Destination Port: | 1912 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | Malware Configuration Extractor: | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | Integrated Neural Analysis Model: | ||
| Source: | Joe Sandbox ML: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 3_2_07320040 | |
| Source: | Code function: | 3_2_09246020 | |
| Source: | Code function: | 3_2_09246020 | |
| Source: | Code function: | 3_2_09242A50 | |
| Source: | Code function: | 3_2_09242418 | |
Networking | |
|---|
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | URLs: | ||
| Source: | TCP traffic: | ||
| Source: | ASN Name: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
System Summary | |
|---|
| Source: | Large array initialization: | ||
| Source: | Code function: | 0_2_00EDF2E4 | |
| Source: | Code function: | 0_2_06F10498 | |
| Source: | Code function: | 0_2_06F187C8 | |
| Source: | Code function: | 0_2_06F10489 | |
| Source: | Code function: | 0_2_06F1E070 | |
| Source: | Code function: | 0_2_06F19178 | |
| Source: | Code function: | 0_2_06F17120 | |
| Source: | Code function: | 0_2_06F17110 | |
| Source: | Code function: | 0_2_06F16CE8 | |
| Source: | Code function: | 0_2_06F168B0 | |
| Source: | Code function: | 3_2_018ADC74 | |
| Source: | Code function: | 3_2_07327738 | |
| Source: | Code function: | 3_2_0732B4A0 | |
| Source: | Code function: | 3_2_0732F1F0 | |
| Source: | Code function: | 3_2_07320040 | |
| Source: | Code function: | 3_2_07321E50 | |
| Source: | Code function: | 3_2_07322B98 | |
| Source: | Code function: | 3_2_0732B948 | |
| Source: | Code function: | 3_2_07320006 | |
| Source: | Code function: | 3_2_09246020 | |
| Source: | Code function: | 3_2_09243220 | |
| Source: | Code function: | 3_2_09242A50 | |
| Source: | Code function: | 3_2_092495A0 | |
| Source: | Code function: | 3_2_092455B8 | |
| Source: | Code function: | 3_2_09242418 | |
| Source: | Code function: | 3_2_09244C90 | |
| Source: | Code function: | 3_2_0924601C | |
| Source: | Code function: | 3_2_09243BA8 | |
| Source: | Code function: | 3_2_09240BB8 | |
| Source: | Code function: | 3_2_09240BC8 | |
| Source: | Code function: | 3_2_09242409 | |
| Source: | Code function: | 3_2_09244C80 | |
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Security API names: | ||
| Source: | Security API names: | ||
| Source: | Security API names: | ||
| Source: | Security API names: | ||
| Source: | Security API names: | ||
| Source: | Security API names: | ||
| Source: | Security API names: | ||
| Source: | Security API names: | ||
| Source: | Classification label: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Mutant created: | ||
| Source: | Static PE information: | ||
| Source: | Static file information: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Virustotal: | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Window detected: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
Data Obfuscation | |
|---|
| Source: | .Net Code: | ||
| Source: | .Net Code: | ||
| Source: | .Net Code: | ||
| Source: | Code function: | 0_2_06F1B84E | |
| Source: | Code function: | 3_2_0732B402 | |
| Source: | Code function: | 3_2_0732B31E | |
| Source: | Code function: | 3_2_0732B363 | |
| Source: | Static PE information: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | File created: | |||
| Source: | File created: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
Malware Analysis System Evasion | |
|---|
| Source: | File source: | ||
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | WMI Queries: | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Process information queried: | Jump to behavior | ||
| Source: | Process token adjusted: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
HIPS / PFW / Operating System Protection Evasion | |
|---|
| Source: | Memory written: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
Stealing of Sensitive Information | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File source: | ||
| Source: | File source: | ||
Remote Access Functionality | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 221 Windows Management Instrumentation | 1 DLL Side-Loading | 111 Process Injection | 1 Masquerading | 1 OS Credential Dumping | 221 Security Software Discovery | Remote Services | 1 Archive Collected Data | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 1 Disable or Modify Tools | LSASS Memory | 1 Process Discovery | Remote Desktop Protocol | 2 Data from Local System | 1 Non-Standard Port | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 241 Virtualization/Sandbox Evasion | Security Account Manager | 241 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 111 Process Injection | NTDS | 1 Application Window Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 3 Obfuscated Files or Information | LSA Secrets | 113 System Information Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
| Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 12 Software Packing | Cached Domain Credentials | Wi-Fi Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
| DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 1 DLL Side-Loading | DCSync | Remote System Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 34% | Virustotal | Browse | ||
| 100% | Joe Sandbox ML |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Virustotal | Browse | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Virustotal | Browse | ||
| 0% | Virustotal | Browse | ||
| 0% | Virustotal | Browse | ||
| 0% | Virustotal | Browse | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Virustotal | Browse | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 3% | Virustotal | Browse | ||
| 1% | Virustotal | Browse | ||
| 1% | Virustotal | Browse | ||
| 1% | Virustotal | Browse | ||
| 0% | Virustotal | Browse | ||
| 1% | Virustotal | Browse | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 1% | Virustotal | Browse | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Virustotal | Browse | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Virustotal | Browse | ||
| 0% | Virustotal | Browse | ||
| 0% | Virustotal | Browse | ||
| 0% | Virustotal | Browse | ||
| 0% | Avira URL Cloud | safe | ||
| 1% | Virustotal | Browse | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Virustotal | Browse | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Virustotal | Browse | ||
| 0% | Virustotal | Browse | ||
| 13% | Virustotal | Browse | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 1% | Virustotal | Browse | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Virustotal | Browse | ||
| 0% | Virustotal | Browse | ||
| 0% | Avira URL Cloud | safe | ||
| 1% | Virustotal | Browse | ||
| 0% | Virustotal | Browse | ||
| 1% | Virustotal | Browse | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Virustotal | Browse | ||
| 0% | Avira URL Cloud | safe |
⊘No contacted domains info
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| true |
| unknown |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 79.110.62.16 | unknown | Germany | 39180 | LASOTELFR | true |
| Joe Sandbox version: | 40.0.0 Tourmaline |
| Analysis ID: | 1467943 |
| Start date and time: | 2024-07-05 06:01:04 +02:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 6m 14s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 7 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | Acal BFi UK - Products List 020240704PDF.exe |
| Detection: | MAL |
| Classification: | mal100.troj.spyw.evad.winEXE@3/1@0/1 |
| EGA Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Report size getting too big, too many NtAllocateVirtualMemory calls found.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
| Time | Type | Description |
|---|---|---|
| 00:01:49 | API Interceptor |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 79.110.62.16 | Get hash | malicious | RedLine | Browse | ||
| Get hash | malicious | PureLog Stealer, RedLine | Browse | |||
| Get hash | malicious | PureLog Stealer, RedLine | Browse |
⊘No context
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| LASOTELFR | Get hash | malicious | AgentTesla, RedLine, StormKitty, XWorm | Browse |
| |
| Get hash | malicious | RedLine | Browse |
| ||
| Get hash | malicious | PureLog Stealer, RedLine | Browse |
| ||
| Get hash | malicious | PureLog Stealer, RedLine | Browse |
| ||
| Get hash | malicious | PureLog Stealer, RedLine | Browse |
| ||
| Get hash | malicious | Remcos, GuLoader | Browse |
| ||
| Get hash | malicious | Remcos | Browse |
| ||
| Get hash | malicious | Remcos | Browse |
| ||
| Get hash | malicious | Remcos | Browse |
| ||
| Get hash | malicious | Remcos | Browse |
|
⊘No context
⊘No context
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Acal BFi UK - Products List 020240704PDF.exe.log 
Download File
| Process: | C:\Users\user\Desktop\Acal BFi UK - Products List 020240704PDF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1216 |
| Entropy (8bit): | 5.34331486778365 |
| Encrypted: | false |
| SSDEEP: | 24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ |
| MD5: | 1330C80CAAC9A0FB172F202485E9B1E8 |
| SHA1: | 86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492 |
| SHA-256: | B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560 |
| SHA-512: | 75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2 |
| Malicious: | true |
| Reputation: | high, very likely benign file |
| Preview: |
| File type: | |
| Entropy (8bit): | 7.917500189223224 |
| TrID: |
|
| File name: | Acal BFi UK - Products List 020240704PDF.exe |
| File size: | 819'712 bytes |
| MD5: | b7d9ebad39110de3ff89686962c3270b |
| SHA1: | a6e86e8d2ff174655eb1d30c62506db91e26c943 |
| SHA256: | 77ccc61481c9fa009dfb6af2f6293b604312d440df4338e757ad2df844d10e0b |
| SHA512: | 33e0439e08deb2c35ddf27e1604efa75888509340b96a4e44f976f00a5cf5f61d2f209837c8a48850224bd08ceaa08b2137ddb1307b147d834e695c2fd573234 |
| SSDEEP: | 24576:87LxpIU55gevCR+vlum6CMQe5aFpBpLHLKRAwn:6vTPdkDl5u/FQBn |
| TLSH: | 7805128852BFAF1AD53D4BB5D0B1251417B0E41A9312F3671ED638EA1E21BC08AB5FC7 |
| File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...VO.f.................x............... ........@.. ....................................@................................ |
 | |
| Icon Hash: | 00928e8e8686b000 |
| Entrypoint: | 0x4c97ae |
| Entrypoint Section: | .text |
| Digitally signed: | false |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
| DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
| Time Stamp: | 0x66874F56 [Fri Jul 5 01:41:42 2024 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 4 |
| OS Version Minor: | 0 |
| File Version Major: | 4 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 4 |
| Subsystem Version Minor: | 0 |
| Import Hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
| Instruction |
|---|
| jmp dword ptr [00402000h] |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0xc975c | 0x4f | .text |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xca000 | 0x600 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0xcc000 | 0xc | .reloc |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x2000 | 0x8 | .text |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x2008 | 0x48 | .text |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|---|
| .text | 0x2000 | 0xc77b4 | 0xc7800 | ebdb97d24661661bbaf36a50446dd32d | False | 0.9425210976660401 | data | 7.923423628808881 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .rsrc | 0xca000 | 0x600 | 0x600 | 0e48bdb133eed7e85e06d1b6bc0f13a2 | False | 0.4231770833333333 | data | 4.107152535264838 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .reloc | 0xcc000 | 0xc | 0x200 | 3b4bbca91dd191585d385cd353a00f1e | False | 0.044921875 | data | 0.09800417566270775 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
|---|---|---|---|---|---|---|
| RT_VERSION | 0xca090 | 0x32c | data | 0.42610837438423643 | ||
| RT_MANIFEST | 0xca3cc | 0x1ea | XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators | 0.5489795918367347 |
| DLL | Import |
|---|---|
| mscoree.dll | _CorExeMain |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|---|---|---|
| 07/05/24-06:01:59.399207 | TCP | 2043234 | ET MALWARE Redline Stealer TCP CnC - Id1Response | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| 07/05/24-06:01:59.217507 | TCP | 2046045 | ET TROJAN [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) | 49706 | 1912 | 192.168.2.5 | 79.110.62.16 |
| 07/05/24-06:02:04.460027 | TCP | 2043231 | ET TROJAN Redline Stealer TCP CnC Activity | 49706 | 1912 | 192.168.2.5 | 79.110.62.16 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Jul 5, 2024 06:01:52.452286005 CEST | 49706 | 1912 | 192.168.2.5 | 79.110.62.16 |
| Jul 5, 2024 06:01:52.457345009 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:01:52.457421064 CEST | 49706 | 1912 | 192.168.2.5 | 79.110.62.16 |
| Jul 5, 2024 06:01:52.466340065 CEST | 49706 | 1912 | 192.168.2.5 | 79.110.62.16 |
| Jul 5, 2024 06:01:52.471187115 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:01:59.097208023 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:01:59.143275023 CEST | 49706 | 1912 | 192.168.2.5 | 79.110.62.16 |
| Jul 5, 2024 06:01:59.217506886 CEST | 49706 | 1912 | 192.168.2.5 | 79.110.62.16 |
| Jul 5, 2024 06:01:59.222377062 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:01:59.399207115 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:01:59.440148115 CEST | 49706 | 1912 | 192.168.2.5 | 79.110.62.16 |
| Jul 5, 2024 06:02:04.460026979 CEST | 49706 | 1912 | 192.168.2.5 | 79.110.62.16 |
| Jul 5, 2024 06:02:04.465547085 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:04.649739981 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:04.649785995 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:04.649800062 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:04.649811983 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:04.649826050 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:04.649951935 CEST | 49706 | 1912 | 192.168.2.5 | 79.110.62.16 |
| Jul 5, 2024 06:02:05.994570971 CEST | 49706 | 1912 | 192.168.2.5 | 79.110.62.16 |
| Jul 5, 2024 06:02:06.005740881 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.005762100 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.005825043 CEST | 49706 | 1912 | 192.168.2.5 | 79.110.62.16 |
| Jul 5, 2024 06:02:06.005975962 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.005986929 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.006026030 CEST | 49706 | 1912 | 192.168.2.5 | 79.110.62.16 |
| Jul 5, 2024 06:02:06.023941040 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.023953915 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.023962021 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.023971081 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.023977995 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.023986101 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.023993015 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.023997068 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.023998022 CEST | 49706 | 1912 | 192.168.2.5 | 79.110.62.16 |
| Jul 5, 2024 06:02:06.024004936 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.024013996 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.024028063 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.024036884 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.024036884 CEST | 49706 | 1912 | 192.168.2.5 | 79.110.62.16 |
| Jul 5, 2024 06:02:06.024044037 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.024063110 CEST | 49706 | 1912 | 192.168.2.5 | 79.110.62.16 |
| Jul 5, 2024 06:02:06.024090052 CEST | 49706 | 1912 | 192.168.2.5 | 79.110.62.16 |
| Jul 5, 2024 06:02:06.031033039 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.031043053 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.031050920 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.031059027 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.031100035 CEST | 49706 | 1912 | 192.168.2.5 | 79.110.62.16 |
| Jul 5, 2024 06:02:06.031141996 CEST | 49706 | 1912 | 192.168.2.5 | 79.110.62.16 |
| Jul 5, 2024 06:02:06.031303883 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.031418085 CEST | 49706 | 1912 | 192.168.2.5 | 79.110.62.16 |
| Jul 5, 2024 06:02:06.032140970 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.032187939 CEST | 49706 | 1912 | 192.168.2.5 | 79.110.62.16 |
| Jul 5, 2024 06:02:06.038398027 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.038470030 CEST | 49706 | 1912 | 192.168.2.5 | 79.110.62.16 |
| Jul 5, 2024 06:02:06.038754940 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.038813114 CEST | 49706 | 1912 | 192.168.2.5 | 79.110.62.16 |
| Jul 5, 2024 06:02:06.038885117 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.038933992 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.038959026 CEST | 49706 | 1912 | 192.168.2.5 | 79.110.62.16 |
| Jul 5, 2024 06:02:06.039045095 CEST | 49706 | 1912 | 192.168.2.5 | 79.110.62.16 |
| Jul 5, 2024 06:02:06.039047956 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.039057970 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.039110899 CEST | 49706 | 1912 | 192.168.2.5 | 79.110.62.16 |
| Jul 5, 2024 06:02:06.039140940 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.039169073 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.039169073 CEST | 49706 | 1912 | 192.168.2.5 | 79.110.62.16 |
| Jul 5, 2024 06:02:06.039179087 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.039186954 CEST | 49706 | 1912 | 192.168.2.5 | 79.110.62.16 |
| Jul 5, 2024 06:02:06.039213896 CEST | 49706 | 1912 | 192.168.2.5 | 79.110.62.16 |
| Jul 5, 2024 06:02:06.039232016 CEST | 49706 | 1912 | 192.168.2.5 | 79.110.62.16 |
| Jul 5, 2024 06:02:06.039254904 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.039316893 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.039325953 CEST | 49706 | 1912 | 192.168.2.5 | 79.110.62.16 |
| Jul 5, 2024 06:02:06.039326906 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.039369106 CEST | 49706 | 1912 | 192.168.2.5 | 79.110.62.16 |
| Jul 5, 2024 06:02:06.039427042 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.039437056 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.039484024 CEST | 49706 | 1912 | 192.168.2.5 | 79.110.62.16 |
| Jul 5, 2024 06:02:06.039654970 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.039664984 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.039674997 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.039685011 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.039701939 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.039710999 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.039711952 CEST | 49706 | 1912 | 192.168.2.5 | 79.110.62.16 |
| Jul 5, 2024 06:02:06.039742947 CEST | 49706 | 1912 | 192.168.2.5 | 79.110.62.16 |
| Jul 5, 2024 06:02:06.039769888 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.039779902 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.039797068 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.039807081 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.039822102 CEST | 49706 | 1912 | 192.168.2.5 | 79.110.62.16 |
| Jul 5, 2024 06:02:06.039829016 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.039839029 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.039846897 CEST | 49706 | 1912 | 192.168.2.5 | 79.110.62.16 |
| Jul 5, 2024 06:02:06.039858103 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.039868116 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.039870024 CEST | 49706 | 1912 | 192.168.2.5 | 79.110.62.16 |
| Jul 5, 2024 06:02:06.039880037 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.039889097 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.039905071 CEST | 49706 | 1912 | 192.168.2.5 | 79.110.62.16 |
| Jul 5, 2024 06:02:06.039937973 CEST | 49706 | 1912 | 192.168.2.5 | 79.110.62.16 |
| Jul 5, 2024 06:02:06.039957047 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.039967060 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.039973974 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.039983034 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.039994001 CEST | 49706 | 1912 | 192.168.2.5 | 79.110.62.16 |
| Jul 5, 2024 06:02:06.040004969 CEST | 49706 | 1912 | 192.168.2.5 | 79.110.62.16 |
| Jul 5, 2024 06:02:06.043179035 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.043190002 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.043229103 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.043237925 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.043349028 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.043665886 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.043673992 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.043780088 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.043788910 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.043875933 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.043935061 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.044039011 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.044049978 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.044059038 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.044068098 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.044222116 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.044233084 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.044251919 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.044260979 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.044271946 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.044346094 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.044400930 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.044410944 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.044507027 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.044557095 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.044637918 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.044648886 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.044651985 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.044706106 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.044765949 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.044770002 CEST | 49706 | 1912 | 192.168.2.5 | 79.110.62.16 |
| Jul 5, 2024 06:02:06.044775009 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.044806957 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.044842005 CEST | 49706 | 1912 | 192.168.2.5 | 79.110.62.16 |
| Jul 5, 2024 06:02:06.044874907 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.044918060 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.045068026 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.045077085 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.045146942 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.045156956 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.045166016 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.045291901 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.045301914 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.045309067 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.045319080 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.045325994 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.045335054 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.045351982 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.045361996 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.045368910 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.045377970 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.045424938 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.045434952 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.045505047 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.045514107 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.045552015 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.045665026 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.045674086 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.045681953 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.045691013 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.045701027 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.045710087 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.045727015 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.045736074 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.045758009 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.045768023 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.045778036 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.045825005 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.045835972 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.045886040 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.045896053 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.045922041 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.045983076 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.045991898 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.046088934 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.046107054 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.046116114 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.046164036 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.046241045 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.046256065 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.046282053 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.046461105 CEST | 49706 | 1912 | 192.168.2.5 | 79.110.62.16 |
| Jul 5, 2024 06:02:06.046521902 CEST | 49706 | 1912 | 192.168.2.5 | 79.110.62.16 |
| Jul 5, 2024 06:02:06.049598932 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.049844027 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.049853086 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.049896002 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.049913883 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.049968004 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.049978018 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.050128937 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.050137997 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.050189018 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.050198078 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.050251007 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.050260067 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.050307989 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.050384998 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.050425053 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.050432920 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.050493002 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.050502062 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.050509930 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.050525904 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.050544024 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.050554037 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.050606966 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.050616980 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.050627947 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.050719976 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.050729990 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.050738096 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.050751925 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.050761938 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.050770044 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.050779104 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.050796032 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.050803900 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.050812960 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.050822020 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.050831079 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.050838947 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.050848961 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.050858021 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.050873995 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.050883055 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.050890923 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.050899029 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.050906897 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.050915956 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.050924063 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.050934076 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.050941944 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.050954103 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.050964117 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.050973892 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.051419973 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.051429033 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.051435947 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.051445007 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.051462889 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.051472902 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.051484108 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.051512957 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.051548004 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.051610947 CEST | 49706 | 1912 | 192.168.2.5 | 79.110.62.16 |
| Jul 5, 2024 06:02:06.051625967 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.051635981 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.051666975 CEST | 49706 | 1912 | 192.168.2.5 | 79.110.62.16 |
| Jul 5, 2024 06:02:06.051672935 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.051702976 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.051712036 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.051738024 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.051866055 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.051875114 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.051882982 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.051892042 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.051902056 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.051928997 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.051939011 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.051948071 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.051979065 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.052045107 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.052053928 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.052062988 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.052072048 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.052089930 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.052098989 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.052105904 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.052114964 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.052123070 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.052131891 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.052144051 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.052153111 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.052160978 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.052169085 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.052179098 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.052195072 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.052202940 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.052212000 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.052222967 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.052232027 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.052239895 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.052258015 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.052268028 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.052274942 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.052284002 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.052294970 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.052335024 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.052345037 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.052352905 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.056444883 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.056500912 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.056510925 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.056554079 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.056606054 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.056611061 CEST | 49706 | 1912 | 192.168.2.5 | 79.110.62.16 |
| Jul 5, 2024 06:02:06.056658983 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.056668997 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.056678057 CEST | 49706 | 1912 | 192.168.2.5 | 79.110.62.16 |
| Jul 5, 2024 06:02:06.056680918 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.056723118 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.056835890 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.056844950 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.056849003 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.056853056 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.056924105 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.056931973 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.056953907 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.056962967 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.056974888 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.056984901 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.057065964 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.057075977 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.057082891 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.057092905 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.057166100 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.057176113 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.057183981 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.057192087 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.057209969 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.057219982 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.057226896 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.057235956 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.057244062 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.057254076 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.057280064 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.057290077 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.057296991 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.057312012 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.057322025 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.057328939 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.057347059 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.057356119 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.057365894 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.057375908 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.057411909 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.057420969 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.057429075 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.057432890 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.057461023 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.057470083 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.057487011 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.057496071 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.057512045 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.057521105 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.061650038 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.061698914 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.061743975 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.061815023 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.061825037 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.061825991 CEST | 49706 | 1912 | 192.168.2.5 | 79.110.62.16 |
| Jul 5, 2024 06:02:06.061904907 CEST | 49706 | 1912 | 192.168.2.5 | 79.110.62.16 |
| Jul 5, 2024 06:02:06.061918020 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.061928034 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.061964035 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.062020063 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.062149048 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.062195063 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.062231064 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.062241077 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.062262058 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.062304974 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.062364101 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.062374115 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.062432051 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.062439919 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.062473059 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.062500000 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.062563896 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.062572956 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.062580109 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.062598944 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.062608004 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.062618017 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.062649965 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.062659025 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.062674999 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.062683105 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.062700987 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.062714100 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.062726974 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.062768936 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.062778950 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.062863111 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.062871933 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.062973976 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.062983036 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.062990904 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.063000917 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.063009977 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.063018084 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.063025951 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.063043118 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.063051939 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.063059092 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.063066959 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.063076019 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.063092947 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.063102007 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.063143015 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.066782951 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.066793919 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.066926003 CEST | 49706 | 1912 | 192.168.2.5 | 79.110.62.16 |
| Jul 5, 2024 06:02:06.066987038 CEST | 49706 | 1912 | 192.168.2.5 | 79.110.62.16 |
| Jul 5, 2024 06:02:06.066993952 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.067019939 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.067079067 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.067092896 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.067116976 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.067126036 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.067171097 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.067178965 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.067187071 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.067189932 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.067224979 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.067241907 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.067279100 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.067287922 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.067296028 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.067305088 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.067322016 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.067331076 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.067359924 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.067368984 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.067400932 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.067459106 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.067467928 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.067476034 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.067492962 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.067502022 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.067536116 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.067544937 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.067585945 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.067595005 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.067682981 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.067692995 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.067732096 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.080780029 CEST | 49706 | 1912 | 192.168.2.5 | 79.110.62.16 |
| Jul 5, 2024 06:02:06.086414099 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.086594105 CEST | 49706 | 1912 | 192.168.2.5 | 79.110.62.16 |
| Jul 5, 2024 06:02:06.086654902 CEST | 49706 | 1912 | 192.168.2.5 | 79.110.62.16 |
| Jul 5, 2024 06:02:06.086654902 CEST | 49706 | 1912 | 192.168.2.5 | 79.110.62.16 |
| Jul 5, 2024 06:02:06.086710930 CEST | 49706 | 1912 | 192.168.2.5 | 79.110.62.16 |
| Jul 5, 2024 06:02:06.091883898 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.091979027 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.091989040 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.091998100 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.092008114 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.092016935 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.092022896 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.092061996 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.092071056 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.092080116 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.092259884 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.092324972 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.092533112 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.092541933 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.092591047 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.098275900 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.098412991 CEST | 49706 | 1912 | 192.168.2.5 | 79.110.62.16 |
| Jul 5, 2024 06:02:06.103418112 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.127636909 CEST | 49706 | 1912 | 192.168.2.5 | 79.110.62.16 |
| Jul 5, 2024 06:02:06.132515907 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.970685959 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:06.971504927 CEST | 49706 | 1912 | 192.168.2.5 | 79.110.62.16 |
| Jul 5, 2024 06:02:06.976341963 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:07.659764051 CEST | 1912 | 49706 | 79.110.62.16 | 192.168.2.5 |
| Jul 5, 2024 06:02:07.705898046 CEST | 49706 | 1912 | 192.168.2.5 | 79.110.62.16 |
| Jul 5, 2024 06:02:07.747241020 CEST | 49706 | 1912 | 192.168.2.5 | 79.110.62.16 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Jul 5, 2024 06:02:13.728471994 CEST | 53 | 56366 | 1.1.1.1 | 192.168.2.5 |
| Jul 5, 2024 06:02:15.229121923 CEST | 53 | 57903 | 1.1.1.1 | 192.168.2.5 |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 00:01:48 |
| Start date: | 05/07/2024 |
| Path: | C:\Users\user\Desktop\Acal BFi UK - Products List 020240704PDF.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x3a0000 |
| File size: | 819'712 bytes |
| MD5 hash: | B7D9EBAD39110DE3FF89686962C3270B |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
| Has exited: | true |
| Target ID: | 3 |
| Start time: | 00:01:49 |
| Start date: | 05/07/2024 |
| Path: | C:\Users\user\Desktop\Acal BFi UK - Products List 020240704PDF.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xeb0000 |
| File size: | 819'712 bytes |
| MD5 hash: | B7D9EBAD39110DE3FF89686962C3270B |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
| Has exited: | true |
Execution Graph
| Execution Coverage: | 9.4% |
| Dynamic/Decrypted Code Coverage: | 100% |
| Signature Coverage: | 0% |
| Total number of Nodes: | 225 |
| Total number of Limit Nodes: | 20 |
Graph
Function 06F10489 Relevance: 1.4, Strings: 1, Instructions: 121COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06F10498 Relevance: 1.4, Strings: 1, Instructions: 116COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00EDD7F0 Relevance: 6.1, APIs: 4, Instructions: 129threadCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00EDD800 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00ED4AD0 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00ED5EB4 Relevance: 1.6, APIs: 1, Instructions: 94COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06F19758 Relevance: 1.6, APIs: 1, Instructions: 68COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06F19098 Relevance: 1.6, APIs: 1, Instructions: 68threadCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06F19760 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06F190A0 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00EDDA48 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00EDDA40 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06F195A8 Relevance: 1.6, APIs: 1, Instructions: 57memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00EDA548 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00EDB9DB Relevance: 1.6, APIs: 1, Instructions: 53libraryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06F195B0 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06F18FE8 Relevance: 1.6, APIs: 1, Instructions: 51threadCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06F1DEC4 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06F1DE24 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06F18FF0 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00EDB358 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06F1C0E2 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06F1BA58 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E7D3D8 Relevance: .1, Instructions: 75COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E8D01C Relevance: .1, Instructions: 72COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E8D1D4 Relevance: .1, Instructions: 72COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E8D005 Relevance: .1, Instructions: 62COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E7D3D3 Relevance: .1, Instructions: 56COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E8D1CF Relevance: .1, Instructions: 53COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E7D759 Relevance: .0, Instructions: 45COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E7D758 Relevance: .0, Instructions: 36COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06F1E070 Relevance: 2.8, Strings: 2, Instructions: 298COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06F187C8 Relevance: .3, Instructions: 312COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06F19178 Relevance: .3, Instructions: 312COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06F17120 Relevance: .3, Instructions: 312COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06F16CE8 Relevance: .3, Instructions: 312COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06F168B0 Relevance: .3, Instructions: 312COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00EDF2E4 Relevance: .3, Instructions: 264COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 06F17110 Relevance: .1, Instructions: 133COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Execution Graph
| Execution Coverage: | 11.6% |
| Dynamic/Decrypted Code Coverage: | 100% |
| Signature Coverage: | 0% |
| Total number of Nodes: | 75 |
| Total number of Limit Nodes: | 10 |
Graph
Function 09246020 Relevance: 5.5, Strings: 4, Instructions: 496COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 09242418 Relevance: 5.3, Strings: 4, Instructions: 271COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 07320040 Relevance: 2.9, Strings: 2, Instructions: 364COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 09242A50 Relevance: 2.7, Strings: 2, Instructions: 219COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 018AD0A8 Relevance: 6.1, APIs: 4, Instructions: 133threadCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 018AD0B8 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 018AAE30 Relevance: 1.7, APIs: 1, Instructions: 209COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 018A5935 Relevance: 1.6, APIs: 1, Instructions: 99COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 018A4248 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 018AD2F9 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 018AD300 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 018AA870 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 018AB2A0 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 07325468 Relevance: 1.6, APIs: 1, Instructions: 53libraryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 073259DE Relevance: 1.6, APIs: 1, Instructions: 52libraryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 09248B3C Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 018AB020 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 09248B71 Relevance: 1.5, APIs: 1, Instructions: 30windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0147D654 Relevance: .1, Instructions: 77COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0147D1FC Relevance: .1, Instructions: 76COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0147D4C4 Relevance: .1, Instructions: 75COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0148D01C Relevance: .1, Instructions: 72COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0148D006 Relevance: .1, Instructions: 62COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0147D64F Relevance: .1, Instructions: 58COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0147D1F7 Relevance: .1, Instructions: 57COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0147D4BF Relevance: .1, Instructions: 56COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0147DA59 Relevance: .0, Instructions: 45COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0147DA58 Relevance: .0, Instructions: 36COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|