Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
gfehgfwveg.exe

Overview

General Information

Sample name:gfehgfwveg.exe
Analysis ID:1580519
MD5:43ec2649e1b173b6e8b3800e18cceeb4
SHA1:e864b2d11a7c9c7497b22af930b31db1e2061244
SHA256:4e906e880e35e4bc0de7e9375fc0feb5757374ca0bb628dff6366174536d6183
Tags:exeuser-SquiblydooBlog
Infos:

Detection

DanaBot
Score:92
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected DanaBot stealer dll
AI detected suspicious sample
Found potential dummy code loops (likely to delay analysis)
Machine Learning detection for sample
May use the Tor software to hide its network traffic
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Abnormal high CPU Usage
Creates a process in suspended mode (likely to inject code)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Internet Provider seen in connection with other malware
PE file contains more sections than normal
PE file contains sections with non-standard names
Potential time zone aware malware
Program does not show much activity (idle)
Queries information about the installed CPU (vendor, model number etc)
Queries the installation date of Windows
Queries the product ID of Windows
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Yara detected Credential Stealer

Classification

Process Tree

  • System is w10x64
  • gfehgfwveg.exe (PID: 6464 cmdline: "C:\Users\user\Desktop\gfehgfwveg.exe" MD5: 43EC2649E1B173B6E8B3800E18CCEEB4)
    • cmd.exe (PID: 940 cmdline: cmd.exe /C wmic diskdrive where "DeviceID=\'c:\'" get SerialNumber /value MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 5512 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • WMIC.exe (PID: 1532 cmdline: wmic diskdrive where "DeviceID=\'c:\'" get SerialNumber /value MD5: E2DE6500DE1148C7F6027AD50AC8B891)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
DanaBotProofpoints describes DanaBot as the latest example of malware focused on persistence and stealing useful information that can later be monetized rather than demanding an immediate ransom from victims. The social engineering in the low-volume DanaBot campaigns we have observed so far has been well-crafted, again pointing to a renewed focus on quality over quantity in email-based threats. DanaBots modular nature enables it to download additional components, increasing the flexibility and robust stealing and remote monitoring capabilities of this banker.
  • SCULLY SPIDER
https://malpedia.caad.fkie.fraunhofer.de/details/win.danabot

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000003.2094443248.000000007E960000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_DanaBot_stealer_dllYara detected DanaBot stealer dllJoe Security
    Process Memory Space: gfehgfwveg.exe PID: 6464JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
      Process Memory Space: gfehgfwveg.exe PID: 6464JoeSecurity_DanaBot_stealer_dllYara detected DanaBot stealer dllJoe Security

        Sigma Signatures

        No Sigma rule has matched

        Suricata Signatures

        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
        2024-12-24T20:49:57.437474+010020344651Malware Command and Control Activity Detected192.168.2.54980034.34.145.103443TCP
        2024-12-24T20:49:58.536827+010020344651Malware Command and Control Activity Detected192.168.2.54980334.169.99.17443TCP
        2024-12-24T20:49:59.665387+010020344651Malware Command and Control Activity Detected192.168.2.54980434.83.67.185443TCP
        2024-12-24T20:50:00.749409+010020344651Malware Command and Control Activity Detected192.168.2.54981035.195.45.98443TCP
        2024-12-24T20:50:08.252668+010020344651Malware Command and Control Activity Detected192.168.2.54983034.34.145.103443TCP
        2024-12-24T20:50:09.525522+010020344651Malware Command and Control Activity Detected192.168.2.54983434.169.99.17443TCP
        2024-12-24T20:50:10.603924+010020344651Malware Command and Control Activity Detected192.168.2.54983734.83.67.185443TCP
        2024-12-24T20:50:11.730286+010020344651Malware Command and Control Activity Detected192.168.2.54984135.195.45.98443TCP
        2024-12-24T20:50:17.308243+010020344651Malware Command and Control Activity Detected192.168.2.54985834.34.145.103443TCP
        2024-12-24T20:50:17.396534+010020344651Malware Command and Control Activity Detected192.168.2.54985934.169.99.17443TCP
        2024-12-24T20:50:17.477840+010020344651Malware Command and Control Activity Detected192.168.2.54986034.83.67.185443TCP
        2024-12-24T20:50:17.587969+010020344651Malware Command and Control Activity Detected192.168.2.54986135.195.45.98443TCP
        2024-12-24T20:50:26.896409+010020344651Malware Command and Control Activity Detected192.168.2.54988634.34.145.103443TCP
        2024-12-24T20:50:28.769519+010020344651Malware Command and Control Activity Detected192.168.2.54989034.169.99.17443TCP
        2024-12-24T20:50:30.353915+010020344651Malware Command and Control Activity Detected192.168.2.54989634.83.67.185443TCP
        2024-12-24T20:50:32.149921+010020344651Malware Command and Control Activity Detected192.168.2.54989935.195.45.98443TCP
        2024-12-24T20:50:35.421217+010020344651Malware Command and Control Activity Detected192.168.2.54991234.34.145.103443TCP
        2024-12-24T20:50:37.234985+010020344651Malware Command and Control Activity Detected192.168.2.54991834.169.99.17443TCP
        2024-12-24T20:50:38.845690+010020344651Malware Command and Control Activity Detected192.168.2.54992134.83.67.185443TCP
        2024-12-24T20:50:40.365380+010020344651Malware Command and Control Activity Detected192.168.2.54992735.195.45.98443TCP
        2024-12-24T20:50:49.840728+010020344651Malware Command and Control Activity Detected192.168.2.54995234.34.145.103443TCP
        2024-12-24T20:50:49.950089+010020344651Malware Command and Control Activity Detected192.168.2.54995534.169.99.17443TCP
        2024-12-24T20:50:50.101927+010020344651Malware Command and Control Activity Detected192.168.2.54995634.83.67.185443TCP
        2024-12-24T20:50:50.286070+010020344651Malware Command and Control Activity Detected192.168.2.54995735.195.45.98443TCP
        2024-12-24T20:51:01.351951+010020344651Malware Command and Control Activity Detected192.168.2.54998334.34.145.103443TCP
        2024-12-24T20:51:03.495105+010020344651Malware Command and Control Activity Detected192.168.2.54998834.169.99.17443TCP
        2024-12-24T20:51:04.974891+010020344651Malware Command and Control Activity Detected192.168.2.54999134.83.67.185443TCP
        2024-12-24T20:51:07.388822+010020344651Malware Command and Control Activity Detected192.168.2.54999835.195.45.98443TCP
        2024-12-24T20:51:10.773407+010020344651Malware Command and Control Activity Detected192.168.2.55001134.34.145.103443TCP
        2024-12-24T20:51:13.480850+010020344651Malware Command and Control Activity Detected192.168.2.55001834.169.99.17443TCP
        2024-12-24T20:51:16.231070+010020344651Malware Command and Control Activity Detected192.168.2.55002334.83.67.185443TCP
        2024-12-24T20:51:17.843648+010020344651Malware Command and Control Activity Detected192.168.2.55002835.195.45.98443TCP
        2024-12-24T20:51:30.006700+010020344651Malware Command and Control Activity Detected192.168.2.55004434.34.145.103443TCP
        2024-12-24T20:51:30.084499+010020344651Malware Command and Control Activity Detected192.168.2.55004534.169.99.17443TCP
        2024-12-24T20:51:30.147283+010020344651Malware Command and Control Activity Detected192.168.2.55004634.83.67.185443TCP
        2024-12-24T20:51:30.274087+010020344651Malware Command and Control Activity Detected192.168.2.55004735.195.45.98443TCP
        2024-12-24T20:51:42.384115+010020344651Malware Command and Control Activity Detected192.168.2.55005234.34.145.103443TCP
        2024-12-24T20:51:45.127272+010020344651Malware Command and Control Activity Detected192.168.2.55005334.169.99.17443TCP
        2024-12-24T20:51:47.363251+010020344651Malware Command and Control Activity Detected192.168.2.55005434.83.67.185443TCP
        2024-12-24T20:51:49.543295+010020344651Malware Command and Control Activity Detected192.168.2.55005535.195.45.98443TCP
        2024-12-24T20:51:53.492437+010020344651Malware Command and Control Activity Detected192.168.2.55006034.34.145.103443TCP
        2024-12-24T20:51:56.140020+010020344651Malware Command and Control Activity Detected192.168.2.55006134.169.99.17443TCP
        2024-12-24T20:51:58.720024+010020344651Malware Command and Control Activity Detected192.168.2.55006234.83.67.185443TCP
        2024-12-24T20:52:00.858456+010020344651Malware Command and Control Activity Detected192.168.2.55006335.195.45.98443TCP
        2024-12-24T20:52:14.200139+010020344651Malware Command and Control Activity Detected192.168.2.55006834.34.145.103443TCP
        2024-12-24T20:52:14.310341+010020344651Malware Command and Control Activity Detected192.168.2.55006934.169.99.17443TCP
        2024-12-24T20:52:14.394340+010020344651Malware Command and Control Activity Detected192.168.2.55007034.83.67.185443TCP
        2024-12-24T20:52:14.471379+010020344651Malware Command and Control Activity Detected192.168.2.55007135.195.45.98443TCP
        2024-12-24T20:52:26.921628+010020344651Malware Command and Control Activity Detected192.168.2.55007634.34.145.103443TCP
        2024-12-24T20:52:29.172493+010020344651Malware Command and Control Activity Detected192.168.2.55007734.169.99.17443TCP
        2024-12-24T20:52:31.469787+010020344651Malware Command and Control Activity Detected192.168.2.55007834.83.67.185443TCP
        2024-12-24T20:52:33.819170+010020344651Malware Command and Control Activity Detected192.168.2.55007935.195.45.98443TCP
        2024-12-24T20:52:39.115081+010020344651Malware Command and Control Activity Detected192.168.2.55008434.34.145.103443TCP
        2024-12-24T20:52:41.407909+010020344651Malware Command and Control Activity Detected192.168.2.55008534.169.99.17443TCP
        2024-12-24T20:52:43.802047+010020344651Malware Command and Control Activity Detected192.168.2.55008634.83.67.185443TCP
        2024-12-24T20:52:45.270054+010020344651Malware Command and Control Activity Detected192.168.2.55008735.195.45.98443TCP
        2024-12-24T20:52:50.668751+010020344651Malware Command and Control Activity Detected192.168.2.55009234.34.145.103443TCP
        2024-12-24T20:52:50.725016+010020344651Malware Command and Control Activity Detected192.168.2.55009334.169.99.17443TCP
        2024-12-24T20:52:50.800171+010020344651Malware Command and Control Activity Detected192.168.2.55009434.83.67.185443TCP
        2024-12-24T20:52:50.851757+010020344651Malware Command and Control Activity Detected192.168.2.55009535.195.45.98443TCP
        2024-12-24T20:52:58.374899+010020344651Malware Command and Control Activity Detected192.168.2.55010034.34.145.103443TCP
        2024-12-24T20:52:59.434077+010020344651Malware Command and Control Activity Detected192.168.2.55010134.169.99.17443TCP
        2024-12-24T20:53:00.520563+010020344651Malware Command and Control Activity Detected192.168.2.55010234.83.67.185443TCP
        2024-12-24T20:53:01.628273+010020344651Malware Command and Control Activity Detected192.168.2.55010335.195.45.98443TCP
        2024-12-24T20:53:03.916416+010020344651Malware Command and Control Activity Detected192.168.2.55010834.34.145.103443TCP
        2024-12-24T20:53:04.997393+010020344651Malware Command and Control Activity Detected192.168.2.55010934.169.99.17443TCP
        2024-12-24T20:53:06.099941+010020344651Malware Command and Control Activity Detected192.168.2.55011034.83.67.185443TCP
        2024-12-24T20:53:07.154378+010020344651Malware Command and Control Activity Detected192.168.2.55011135.195.45.98443TCP

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Antivirus / Scanner detection for submitted sample
        Source: gfehgfwveg.exeAvira: detected
        Multi AV Scanner detection for submitted file
        Source: gfehgfwveg.exeReversingLabs: Detection: 55%
        Yara detected DanaBot stealer dll
        Source: Yara matchFile source: 00000000.00000003.2094443248.000000007E960000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: gfehgfwveg.exe PID: 6464, type: MEMORYSTR
        AI detected suspicious sample
        Source: Submited SampleIntegrated Neural Analysis Model: Matched 94.9% probability
        Machine Learning detection for sample
        Source: gfehgfwveg.exeJoe Sandbox ML: detected
        Source: gfehgfwveg.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
        Source: C:\Users\user\Desktop\gfehgfwveg.exeFile opened: C:\Users\userJump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeFile opened: C:\Users\user\AppDataJump to behavior

        Networking

        barindex
        Suricata IDS alerts for network traffic
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.5:49800 -> 34.34.145.103:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.5:49803 -> 34.169.99.17:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.5:49804 -> 34.83.67.185:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.5:49834 -> 34.169.99.17:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.5:49810 -> 35.195.45.98:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.5:49830 -> 34.34.145.103:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.5:49841 -> 35.195.45.98:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.5:49859 -> 34.169.99.17:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.5:49861 -> 35.195.45.98:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.5:49837 -> 34.83.67.185:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.5:49858 -> 34.34.145.103:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.5:49886 -> 34.34.145.103:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.5:49890 -> 34.169.99.17:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.5:49896 -> 34.83.67.185:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.5:49860 -> 34.83.67.185:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.5:49899 -> 35.195.45.98:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.5:49912 -> 34.34.145.103:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.5:49918 -> 34.169.99.17:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.5:49921 -> 34.83.67.185:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.5:49927 -> 35.195.45.98:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.5:49955 -> 34.169.99.17:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.5:49952 -> 34.34.145.103:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.5:49957 -> 35.195.45.98:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.5:49956 -> 34.83.67.185:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.5:49983 -> 34.34.145.103:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.5:49988 -> 34.169.99.17:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.5:49991 -> 34.83.67.185:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.5:49998 -> 35.195.45.98:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.5:50011 -> 34.34.145.103:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.5:50018 -> 34.169.99.17:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.5:50023 -> 34.83.67.185:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.5:50028 -> 35.195.45.98:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.5:50044 -> 34.34.145.103:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.5:50045 -> 34.169.99.17:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.5:50046 -> 34.83.67.185:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.5:50047 -> 35.195.45.98:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.5:50053 -> 34.169.99.17:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.5:50052 -> 34.34.145.103:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.5:50054 -> 34.83.67.185:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.5:50055 -> 35.195.45.98:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.5:50060 -> 34.34.145.103:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.5:50062 -> 34.83.67.185:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.5:50063 -> 35.195.45.98:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.5:50061 -> 34.169.99.17:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.5:50069 -> 34.169.99.17:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.5:50070 -> 34.83.67.185:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.5:50071 -> 35.195.45.98:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.5:50076 -> 34.34.145.103:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.5:50077 -> 34.169.99.17:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.5:50068 -> 34.34.145.103:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.5:50079 -> 35.195.45.98:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.5:50086 -> 34.83.67.185:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.5:50078 -> 34.83.67.185:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.5:50085 -> 34.169.99.17:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.5:50084 -> 34.34.145.103:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.5:50087 -> 35.195.45.98:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.5:50092 -> 34.34.145.103:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.5:50093 -> 34.169.99.17:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.5:50095 -> 35.195.45.98:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.5:50100 -> 34.34.145.103:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.5:50101 -> 34.169.99.17:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.5:50102 -> 34.83.67.185:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.5:50103 -> 35.195.45.98:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.5:50094 -> 34.83.67.185:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.5:50109 -> 34.169.99.17:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.5:50110 -> 34.83.67.185:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.5:50111 -> 35.195.45.98:443
        Source: Network trafficSuricata IDS: 2034465 - Severity 1 - ET MALWARE Danabot Key Exchange Request : 192.168.2.5:50108 -> 34.34.145.103:443
        Source: Joe Sandbox ViewASN Name: ATGS-MMD-ASUS ATGS-MMD-ASUS
        Source: Joe Sandbox ViewASN Name: ATGS-MMD-ASUS ATGS-MMD-ASUS
        Source: unknownTCP traffic detected without corresponding DNS query: 34.34.145.103
        Source: unknownTCP traffic detected without corresponding DNS query: 34.34.145.103
        Source: unknownTCP traffic detected without corresponding DNS query: 34.34.145.103
        Source: unknownTCP traffic detected without corresponding DNS query: 34.34.145.103
        Source: unknownTCP traffic detected without corresponding DNS query: 34.169.99.17
        Source: unknownTCP traffic detected without corresponding DNS query: 34.169.99.17
        Source: unknownTCP traffic detected without corresponding DNS query: 34.169.99.17
        Source: unknownTCP traffic detected without corresponding DNS query: 34.83.67.185
        Source: unknownTCP traffic detected without corresponding DNS query: 34.83.67.185
        Source: unknownTCP traffic detected without corresponding DNS query: 34.83.67.185
        Source: unknownTCP traffic detected without corresponding DNS query: 35.195.45.98
        Source: unknownTCP traffic detected without corresponding DNS query: 35.195.45.98
        Source: unknownTCP traffic detected without corresponding DNS query: 35.195.45.98
        Source: unknownTCP traffic detected without corresponding DNS query: 35.195.45.98
        Source: unknownTCP traffic detected without corresponding DNS query: 34.34.145.103
        Source: unknownTCP traffic detected without corresponding DNS query: 34.34.145.103
        Source: unknownTCP traffic detected without corresponding DNS query: 34.34.145.103
        Source: unknownTCP traffic detected without corresponding DNS query: 34.34.145.103
        Source: unknownTCP traffic detected without corresponding DNS query: 34.169.99.17
        Source: unknownTCP traffic detected without corresponding DNS query: 34.169.99.17
        Source: unknownTCP traffic detected without corresponding DNS query: 34.169.99.17
        Source: unknownTCP traffic detected without corresponding DNS query: 34.169.99.17
        Source: unknownTCP traffic detected without corresponding DNS query: 34.83.67.185
        Source: unknownTCP traffic detected without corresponding DNS query: 34.83.67.185
        Source: unknownTCP traffic detected without corresponding DNS query: 34.83.67.185
        Source: unknownTCP traffic detected without corresponding DNS query: 34.83.67.185
        Source: unknownTCP traffic detected without corresponding DNS query: 35.195.45.98
        Source: unknownTCP traffic detected without corresponding DNS query: 35.195.45.98
        Source: unknownTCP traffic detected without corresponding DNS query: 35.195.45.98
        Source: unknownTCP traffic detected without corresponding DNS query: 35.195.45.98
        Source: unknownTCP traffic detected without corresponding DNS query: 34.34.145.103
        Source: unknownTCP traffic detected without corresponding DNS query: 34.34.145.103
        Source: unknownTCP traffic detected without corresponding DNS query: 34.34.145.103
        Source: unknownTCP traffic detected without corresponding DNS query: 34.34.145.103
        Source: unknownTCP traffic detected without corresponding DNS query: 34.169.99.17
        Source: unknownTCP traffic detected without corresponding DNS query: 34.169.99.17
        Source: unknownTCP traffic detected without corresponding DNS query: 34.169.99.17
        Source: unknownTCP traffic detected without corresponding DNS query: 34.169.99.17
        Source: unknownTCP traffic detected without corresponding DNS query: 34.83.67.185
        Source: unknownTCP traffic detected without corresponding DNS query: 34.83.67.185
        Source: unknownTCP traffic detected without corresponding DNS query: 34.83.67.185
        Source: unknownTCP traffic detected without corresponding DNS query: 34.83.67.185
        Source: unknownTCP traffic detected without corresponding DNS query: 35.195.45.98
        Source: unknownTCP traffic detected without corresponding DNS query: 35.195.45.98
        Source: unknownTCP traffic detected without corresponding DNS query: 35.195.45.98
        Source: unknownTCP traffic detected without corresponding DNS query: 35.195.45.98
        Source: unknownTCP traffic detected without corresponding DNS query: 34.34.145.103
        Source: unknownTCP traffic detected without corresponding DNS query: 34.34.145.103
        Source: unknownTCP traffic detected without corresponding DNS query: 34.34.145.103
        Source: unknownTCP traffic detected without corresponding DNS query: 34.34.145.103
        Source: gfehgfwveg.exe, 00000000.00000003.2094443248.000000007E960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://.css
        Source: gfehgfwveg.exe, 00000000.00000003.2094443248.000000007E960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://.jpg
        Source: gfehgfwveg.exe, 00000000.00000003.2094443248.000000007E960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://html4/loose.dtd
        Source: gfehgfwveg.exe, 00000000.00000003.2097989940.000000007EB44000.00000004.00001000.00020000.00000000.sdmp, gfehgfwveg.exe, 00000000.00000003.2099321079.000000007EB1A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.openssl.org/V
        Source: gfehgfwveg.exe, 00000000.00000003.2097140713.000000007ECF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.openssl.org/support/faq.html
        Source: gfehgfwveg.exe, 00000000.00000003.2097140713.000000007ECF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.openssl.org/support/faq.htmlRAND
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49983
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49861
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49860
        Source: unknownNetwork traffic detected: HTTP traffic on port 49949 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50054
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50053
        Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50056
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50055
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50058
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50057
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50059
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50061
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50060
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50063
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50062
        Source: unknownNetwork traffic detected: HTTP traffic on port 50068 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 50102 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 50045 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49859
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49858
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49857
        Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49854
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49975
        Source: unknownNetwork traffic detected: HTTP traffic on port 50085 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49850
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49970
        Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50065
        Source: unknownNetwork traffic detected: HTTP traffic on port 49858 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50064
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50067
        Source: unknownNetwork traffic detected: HTTP traffic on port 50091 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 50056 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50066
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50069
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50068
        Source: unknownNetwork traffic detected: HTTP traffic on port 50074 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50070
        Source: unknownNetwork traffic detected: HTTP traffic on port 50107 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 50004 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50072
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50071
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50074
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50073
        Source: unknownNetwork traffic detected: HTTP traffic on port 50080 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49847
        Source: unknownNetwork traffic detected: HTTP traffic on port 49886 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49965
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49841
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49962
        Source: unknownNetwork traffic detected: HTTP traffic on port 50034 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 50040 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50076
        Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50075
        Source: unknownNetwork traffic detected: HTTP traffic on port 50057 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50078
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50077
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50079
        Source: unknownNetwork traffic detected: HTTP traffic on port 50096 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 50108 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50081
        Source: unknownNetwork traffic detected: HTTP traffic on port 50073 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50080
        Source: unknownNetwork traffic detected: HTTP traffic on port 49933 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 50028 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50083
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50082
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50085
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50084
        Source: unknownNetwork traffic detected: HTTP traffic on port 49847 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49837
        Source: unknownNetwork traffic detected: HTTP traffic on port 49921 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49957
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49956
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49834
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49955
        Source: unknownNetwork traffic detected: HTTP traffic on port 50062 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49952
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
        Source: unknownNetwork traffic detected: HTTP traffic on port 49927 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50087
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50086
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50089
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50088
        Source: unknownNetwork traffic detected: HTTP traffic on port 50079 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50090
        Source: unknownNetwork traffic detected: HTTP traffic on port 50051 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50092
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50091
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50094
        Source: unknownNetwork traffic detected: HTTP traffic on port 49983 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50093
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50096
        Source: unknownNetwork traffic detected: HTTP traffic on port 49955 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 50023 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50095
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
        Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49949
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49945
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50018
        Source: unknownNetwork traffic detected: HTTP traffic on port 50061 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49945 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50011
        Source: unknownNetwork traffic detected: HTTP traffic on port 50055 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 50090 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 50078 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 50049 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49939 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49899
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50028
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49896
        Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49890
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50023
        Source: unknownNetwork traffic detected: HTTP traffic on port 50095 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49957 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49991 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 50067 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 50103 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 50084 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49886
        Source: unknownNetwork traffic detected: HTTP traffic on port 50011 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49880
        Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50034
        Source: unknownNetwork traffic detected: HTTP traffic on port 49896 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 50050 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 50110 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49956 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50040
        Source: unknownNetwork traffic detected: HTTP traffic on port 50066 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 50104 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 50083 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 50089 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49877
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49998
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49871
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49991
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50043
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50042
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50045
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50044
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50047
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50046
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50049
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50048
        Source: unknownNetwork traffic detected: HTTP traffic on port 50109 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49880 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 50072 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50050
        Source: unknownNetwork traffic detected: HTTP traffic on port 49962 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50052
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50051
        Source: unknownNetwork traffic detected: HTTP traffic on port 50044 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49988
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49867
        Source: unknownNetwork traffic detected: HTTP traffic on port 49890 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49970 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 50042 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 50059 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 50094 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49912 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 50071 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49906 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50106
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50105
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50108
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50107
        Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49975 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 50060 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50109
        Source: unknownNetwork traffic detected: HTTP traffic on port 50018 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50100
        Source: unknownNetwork traffic detected: HTTP traffic on port 50077 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50102
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50101
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50104
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50103
        Source: unknownNetwork traffic detected: HTTP traffic on port 50053 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49861 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 50088 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49918 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50111
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50110
        Source: unknownNetwork traffic detected: HTTP traffic on port 50076 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 50099 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49850 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 50043 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 50100 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50006
        Source: unknownNetwork traffic detected: HTTP traffic on port 49952 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 50093 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 50054 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50003
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50002
        Source: unknownNetwork traffic detected: HTTP traffic on port 50111 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50004
        Source: unknownNetwork traffic detected: HTTP traffic on port 50048 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 50006 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49907 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 50082 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 50065 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 50105 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49867 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50098
        Source: unknownNetwork traffic detected: HTTP traffic on port 49859 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50097
        Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49871 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50099
        Source: unknownNetwork traffic detected: HTTP traffic on port 50075 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 50106 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 50003 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 50052 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49965 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49939
        Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 50081 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49814
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49933
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
        Source: unknownNetwork traffic detected: HTTP traffic on port 50087 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49810
        Source: unknownNetwork traffic detected: HTTP traffic on port 50064 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 50070 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49988 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 50098 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 50046 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49927
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49921
        Source: unknownNetwork traffic detected: HTTP traffic on port 50086 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 50063 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 50092 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49877 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49854 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 50047 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49908 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49918
        Source: unknownNetwork traffic detected: HTTP traffic on port 49860 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49912
        Source: unknownNetwork traffic detected: HTTP traffic on port 49998 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 50058 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49899 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 50097 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 50002 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49908
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49907
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49906
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49903
        Source: unknownNetwork traffic detected: HTTP traffic on port 49903 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 50069 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 50101 -> 443

        E-Banking Fraud

        barindex
        Yara detected DanaBot stealer dll
        Source: Yara matchFile source: 00000000.00000003.2094443248.000000007E960000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: gfehgfwveg.exe PID: 6464, type: MEMORYSTR
        Source: C:\Users\user\Desktop\gfehgfwveg.exeProcess Stats: CPU usage > 49%
        Source: gfehgfwveg.exeStatic PE information: Number of sections : 11 > 10
        Source: gfehgfwveg.exe, 00000000.00000003.2097989940.000000007EB44000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibeay32.dllH vs gfehgfwveg.exe
        Source: gfehgfwveg.exe, 00000000.00000003.2099321079.000000007EB1A000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamessleay32.dllH vs gfehgfwveg.exe
        Source: gfehgfwveg.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
        Source: classification engineClassification label: mal92.troj.evad.winEXE@6/0@0/4
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5512:120:WilError_03
        Source: C:\Users\user\Desktop\gfehgfwveg.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeFile read: C:\Users\desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: gfehgfwveg.exe, 00000000.00000003.2094443248.000000007E960000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
        Source: gfehgfwveg.exe, 00000000.00000003.2094443248.000000007E960000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
        Source: gfehgfwveg.exe, 00000000.00000003.2094443248.000000007E960000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
        Source: gfehgfwveg.exe, 00000000.00000003.2094443248.000000007E960000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
        Source: gfehgfwveg.exeReversingLabs: Detection: 55%
        Source: unknownProcess created: C:\Users\user\Desktop\gfehgfwveg.exe "C:\Users\user\Desktop\gfehgfwveg.exe"
        Source: C:\Users\user\Desktop\gfehgfwveg.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C wmic diskdrive where "DeviceID=\'c:\'" get SerialNumber /value
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic diskdrive where "DeviceID=\'c:\'" get SerialNumber /value
        Source: C:\Users\user\Desktop\gfehgfwveg.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C wmic diskdrive where "DeviceID=\'c:\'" get SerialNumber /valueJump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic diskdrive where "DeviceID=\'c:\'" get SerialNumber /valueJump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeSection loaded: version.dllJump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeSection loaded: netapi32.dllJump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeSection loaded: winmm.dllJump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeSection loaded: winmmbase.dllJump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeSection loaded: mmdevapi.dllJump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeSection loaded: devobj.dllJump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeSection loaded: ksuser.dllJump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeSection loaded: avrt.dllJump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeSection loaded: audioses.dllJump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeSection loaded: powrprof.dllJump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeSection loaded: umpdc.dllJump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeSection loaded: msacm32.dllJump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeSection loaded: midimap.dllJump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeSection loaded: rsaenh.dllJump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeSection loaded: mpr.dllJump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeSection loaded: wsock32.dllJump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeSection loaded: rasapi32.dllJump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeSection loaded: rasman.dllJump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeSection loaded: samcli.dllJump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeSection loaded: avifil32.dllJump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeSection loaded: msvfw32.dllJump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeSection loaded: cryptui.dllJump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeSection loaded: wtsapi32.dllJump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeSection loaded: pstorec.dllJump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeSection loaded: winsta.dllJump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeSection loaded: firewallapi.dllJump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeSection loaded: fwbase.dllJump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeSection loaded: sxs.dllJump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeSection loaded: fwpolicyiomgr.dllJump to behavior
        Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: framedynos.dllJump to behavior
        Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: wbemcomn.dllJump to behavior
        Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: msxml6.dllJump to behavior
        Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: urlmon.dllJump to behavior
        Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: vcruntime140.dllJump to behavior
        Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: amsi.dllJump to behavior
        Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: version.dllJump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BCDE0395-E52F-467C-8E3D-C4579291692E}\InprocServer32Jump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwnerJump to behavior
        Source: gfehgfwveg.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
        Source: gfehgfwveg.exeStatic file information: File size 4276224 > 1048576
        Source: gfehgfwveg.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x3ec600
        Source: gfehgfwveg.exeStatic PE information: section name: .didata

        Hooking and other Techniques for Hiding and Protection

        barindex
        May use the Tor software to hide its network traffic
        Source: gfehgfwveg.exe, 00000000.00000003.2093905422.000000007E870000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: torConnect
        Source: C:\Users\user\Desktop\gfehgfwveg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

        Malware Analysis System Evasion

        barindex
        Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
        Source: C:\Windows\SysWOW64\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber FROM Win32_DiskDrive WHERE DeviceID=\&apos;c:\&apos;
        Source: C:\Windows\SysWOW64\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber FROM Win32_DiskDrive WHERE DeviceID=\&apos;c:\&apos;
        Source: C:\Users\user\Desktop\gfehgfwveg.exeWindow / User API: threadDelayed 9960Jump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeSystem information queried: CurrentTimeZoneInformationJump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeSystem information queried: CurrentTimeZoneInformationJump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeSystem information queried: CurrentTimeZoneInformationJump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeSystem information queried: CurrentTimeZoneInformationJump to behavior
        Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
        Source: C:\Users\user\Desktop\gfehgfwveg.exeFile opened: C:\Users\userJump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeFile opened: C:\Users\user\AppDataJump to behavior
        Source: gfehgfwveg.exe, 00000000.00000003.2100996287.00000000008B7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}l
        Source: gfehgfwveg.exe, 00000000.00000003.2100996287.00000000008B7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\Y
        Source: C:\Windows\SysWOW64\wbem\WMIC.exeProcess information queried: ProcessInformationJump to behavior

        Anti Debugging

        barindex
        Found potential dummy code loops (likely to delay analysis)
        Source: C:\Users\user\Desktop\gfehgfwveg.exeProcess Stats: CPU usage > 42% for more than 60s
        Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
        Source: C:\Users\user\Desktop\gfehgfwveg.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C wmic diskdrive where "DeviceID=\'c:\'" get SerialNumber /valueJump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic diskdrive where "DeviceID=\'c:\'" get SerialNumber /valueJump to behavior
        Source: gfehgfwveg.exe, 00000000.00000003.2093905422.000000007E870000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: Shell_TrayWndTrayNotifyWndSysPagerToolbarWindow32U
        Source: gfehgfwveg.exe, 00000000.00000003.2093905422.000000007E870000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: explorer.exeShell_TrayWnd
        Source: C:\Users\user\Desktop\gfehgfwveg.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1Jump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1Jump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1Jump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1Jump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1Jump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1Jump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1Jump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1Jump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1Jump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1Jump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1Jump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion InstallDateJump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion ProductIdJump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion ProductIdJump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion ProductIdJump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\gfehgfwveg.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

        Stealing of Sensitive Information

        barindex
        Yara detected DanaBot stealer dll
        Source: Yara matchFile source: 00000000.00000003.2094443248.000000007E960000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: gfehgfwveg.exe PID: 6464, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: gfehgfwveg.exe PID: 6464, type: MEMORYSTR

        Remote Access Functionality

        barindex
        Yara detected DanaBot stealer dll
        Source: Yara matchFile source: 00000000.00000003.2094443248.000000007E960000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: gfehgfwveg.exe PID: 6464, type: MEMORYSTR

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
        Windows Management Instrumentation        		1
        DLL Side-Loading        		12
        Process Injection        		21
        Virtualization/Sandbox Evasion        		OS Credential Dumping1
        System Time Discovery        		Remote ServicesData from Local System2
        Encrypted Channel        		Exfiltration Over Other Network MediumAbuse Accessibility Features
        CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
        DLL Side-Loading        		12
        Process Injection        		LSASS Memory21
        Security Software Discovery        		Remote Desktop ProtocolData from Removable Media1
        Multi-hop Proxy        		Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
        DLL Side-Loading        		Security Account Manager21
        Virtualization/Sandbox Evasion        		SMB/Windows Admin SharesData from Network Shared Drive1
        Application Layer Protocol        		Automated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDS2
        Process Discovery        		Distributed Component Object ModelInput Capture1
        Proxy        		Traffic DuplicationData Destruction
        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA Secrets1
        Application Window Discovery        		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
        Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC ScriptsSteganographyCached Domain Credentials1
        System Owner/User Discovery        		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
        DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync2
        File and Directory Discovery        		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
        Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem142
        System Information Discovery        		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        gfehgfwveg.exe55%ReversingLabsWin32.Trojan.Danabot
        gfehgfwveg.exe100%AviraTR/ATRAPS.Gen
        gfehgfwveg.exe100%Joe Sandbox ML

        Dropped Files

        No Antivirus matches

        Unpacked PE Files

        No Antivirus matches

        Domains

        No Antivirus matches

        URLs

        No Antivirus matches

        Domains and IPs

        Contacted Domains

        No contacted domains info

        URLs from Memory and Binaries

        NameSourceMaliciousAntivirus DetectionReputation
        http://html4/loose.dtdgfehgfwveg.exe, 00000000.00000003.2094443248.000000007E960000.00000004.00001000.00020000.00000000.sdmpfalse
          		high
          http://www.openssl.org/support/faq.htmlRANDgfehgfwveg.exe, 00000000.00000003.2097140713.000000007ECF0000.00000004.00001000.00020000.00000000.sdmpfalse
            		high
            http://.cssgfehgfwveg.exe, 00000000.00000003.2094443248.000000007E960000.00000004.00001000.00020000.00000000.sdmpfalse
              		high
              http://www.openssl.org/Vgfehgfwveg.exe, 00000000.00000003.2097989940.000000007EB44000.00000004.00001000.00020000.00000000.sdmp, gfehgfwveg.exe, 00000000.00000003.2099321079.000000007EB1A000.00000004.00001000.00020000.00000000.sdmpfalse
                		high
                http://.jpggfehgfwveg.exe, 00000000.00000003.2094443248.000000007E960000.00000004.00001000.00020000.00000000.sdmpfalse
                  		high
                  http://www.openssl.org/support/faq.htmlgfehgfwveg.exe, 00000000.00000003.2097140713.000000007ECF0000.00000004.00001000.00020000.00000000.sdmpfalse
                    		high

                    World Map of Contacted IPs

                    • No. of IPs < 25%
                    • 25% < No. of IPs < 50%
                    • 50% < No. of IPs < 75%
                    • 75% < No. of IPs

                    Public IPs

                    IPDomainCountryFlagASNASN NameMalicious
                    35.195.45.98
                    		unknownUnited States
                    		15169GOOGLEUSfalse
                    34.83.67.185
                    		unknownUnited States
                    		15169GOOGLEUSfalse
                    34.34.145.103
                    		unknownUnited States
                    		2686ATGS-MMD-ASUStrue
                    34.169.99.17
                    		unknownUnited States
                    		2686ATGS-MMD-ASUStrue

                    General Information

                    Joe Sandbox version:41.0.0 Charoite
                    Analysis ID:1580519
                    Start date and time:2024-12-24 20:48:06 +01:00
                    Joe Sandbox product:CloudBasic
                    Overall analysis duration:0h 7m 32s
                    Hypervisor based Inspection enabled:false
                    Report type:full
                    Cookbook file name:default.jbs
                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                    Number of analysed new started processes analysed:7
                    Number of new started drivers analysed:0
                    Number of existing processes analysed:0
                    Number of existing drivers analysed:0
                    Number of injected processes analysed:0
                    Technologies:
                    • HCA enabled
                    • EGA enabled
                    • AMSI enabled
                    Analysis Mode:default
                    Analysis stop reason:Timeout
                    Sample name:gfehgfwveg.exe
                    Detection:MAL
                    Classification:mal92.troj.evad.winEXE@6/0@0/4
                    EGA Information:Failed
                    HCA Information:
                    • Successful, ratio: 100%
                    • Number of executed functions: 0
                    • Number of non-executed functions: 0
                    Cookbook Comments:
                    • Found application associated with file extension: .exe
                    • Override analysis time to 240000 for current running targets taking high CPU consumption

                    Warnings

                    • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                    • Excluded IPs from analysis (whitelisted): 20.109.210.53, 13.107.246.63
                    • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                    • Not all processes where analyzed, report is missing behavior information
                    • Report size getting too big, too many NtDeviceIoControlFile calls found.
                    • Report size getting too big, too many NtEnumerateKey calls found.
                    • Report size getting too big, too many NtEnumerateValueKey calls found.
                    • Report size getting too big, too many NtOpenKeyEx calls found.
                    • Report size getting too big, too many NtQueryValueKey calls found.
                    • VT rate limit hit for: gfehgfwveg.exe

                    Simulations

                    Behavior and APIs

                    TimeTypeDescription
                    14:49:00API Interceptor1x Sleep call for process: WMIC.exe modified
                    14:49:38API Interceptor11300372x Sleep call for process: gfehgfwveg.exe modified

                    Joe Sandbox View / Context

                    IPs

                    No context

                    Domains

                    No context

                    ASNs

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    ATGS-MMD-ASUSloligang.spc.elfGet hashmaliciousMiraiBrowse
                    • 32.27.52.57
                    loligang.ppc.elfGet hashmaliciousMiraiBrowse
                    • 57.54.62.198
                    loligang.sh4.elfGet hashmaliciousMiraiBrowse
                    • 34.133.187.81
                    loligang.mpsl.elfGet hashmaliciousMiraiBrowse
                    • 48.209.59.149
                    loligang.arm7.elfGet hashmaliciousMiraiBrowse
                    • 57.210.138.22
                    loligang.arm.elfGet hashmaliciousMiraiBrowse
                    • 48.123.52.22
                    loligang.x86.elfGet hashmaliciousMiraiBrowse
                    • 48.168.135.209
                    armv7l.elfGet hashmaliciousMiraiBrowse
                    • 34.17.113.87
                    armv4l.elfGet hashmaliciousMiraiBrowse
                    • 48.252.70.235
                    armv5l.elfGet hashmaliciousMiraiBrowse
                    • 48.240.60.37
                    ATGS-MMD-ASUSloligang.spc.elfGet hashmaliciousMiraiBrowse
                    • 32.27.52.57
                    loligang.ppc.elfGet hashmaliciousMiraiBrowse
                    • 57.54.62.198
                    loligang.sh4.elfGet hashmaliciousMiraiBrowse
                    • 34.133.187.81
                    loligang.mpsl.elfGet hashmaliciousMiraiBrowse
                    • 48.209.59.149
                    loligang.arm7.elfGet hashmaliciousMiraiBrowse
                    • 57.210.138.22
                    loligang.arm.elfGet hashmaliciousMiraiBrowse
                    • 48.123.52.22
                    loligang.x86.elfGet hashmaliciousMiraiBrowse
                    • 48.168.135.209
                    armv7l.elfGet hashmaliciousMiraiBrowse
                    • 34.17.113.87
                    armv4l.elfGet hashmaliciousMiraiBrowse
                    • 48.252.70.235
                    armv5l.elfGet hashmaliciousMiraiBrowse
                    • 48.240.60.37

                    JA3 Fingerprints

                    No context

                    Dropped Files

                    No context

                    Created / dropped Files

                    No created / dropped files found

                    Static File Info

                    General

                    File type:PE32 executable (GUI) Intel 80386, for MS Windows
                    Entropy (8bit):7.797143844212164
                    TrID:
                    • Win32 Executable (generic) a (10002005/4) 99.53%
                    • Win32 EXE PECompact compressed (generic) (41571/9) 0.41%
                    • Win16/32 Executable Delphi generic (2074/23) 0.02%
                    • Generic Win/DOS Executable (2004/3) 0.02%
                    • DOS Executable Generic (2002/1) 0.02%
                    File name:gfehgfwveg.exe
                    File size:4'276'224 bytes
                    MD5:43ec2649e1b173b6e8b3800e18cceeb4
                    SHA1:e864b2d11a7c9c7497b22af930b31db1e2061244
                    SHA256:4e906e880e35e4bc0de7e9375fc0feb5757374ca0bb628dff6366174536d6183
                    SHA512:83ec8f330986807a7b927c47f6becf26fd926bbfac096b9160c36e30c3a30fd7e05ebdef2556dc1aab3c61bf01e1f633ab6e9535440d95bdfcfa418bf139f086
                    SSDEEP:98304:nNLjlVuxN0obg4MLp6bsYOYQyLmZwPoyAkDnZ:n5lVuxNvglisVyLZPJDnZ
                    TLSH:9F16F122F64C667ED4AF0E395877B594583F77A1B99ADC1B47E0098CCE35880363A24F
                    File Content Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

                    File Icon

                    Icon Hash:00928e8e8686b000

                    Static PE Info

                    General

                    Entrypoint:0x7eee00
                    Entrypoint Section:.itext
                    Digitally signed:false
                    Imagebase:0x400000
                    Subsystem:windows gui
                    Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                    DLL Characteristics:
                    Time Stamp:0x676AEC85 [Tue Dec 24 17:16:53 2024 UTC]
                    TLS Callbacks:
                    CLR (.Net) Version:
                    OS Version Major:5
                    OS Version Minor:0
                    File Version Major:5
                    File Version Minor:0
                    Subsystem Version Major:5
                    Subsystem Version Minor:0
                    Import Hash:29e05b1fea10173c5bcc5ba6150988ec

                    Entrypoint Preview

                    Instruction
                    push ebp
                    mov ebp, esp
                    add esp, FFFFFFE4h
                    xor eax, eax
                    mov dword ptr [ebp-1Ch], eax
                    mov dword ptr [ebp-18h], eax
                    mov eax, 007E9C9Ch
                    call 00007FBA6082083Dh
                    xor eax, eax
                    push ebp
                    push 007EEF1Dh
                    push dword ptr fs:[eax]
                    mov dword ptr fs:[eax], esp
                    call 00007FBA60BF937Ah
                    cmp eax, 000000FAh
                    jnl 00007FBA60BFF232h
                    call 00007FBA60BF93C6h
                    cmp eax, 78h
                    jnl 00007FBA60BFF224h
                    mov dword ptr [007FCFA0h], 00000001h
                    mov dword ptr [007FCF9Ch], 001DBCD7h
                    mov eax, dword ptr [007FCF9Ch]
                    mov dword ptr [007FCFA4h], eax
                    mov eax, dword ptr [007FCF9Ch]
                    test eax, eax
                    jl 00007FBA60BFF18Eh
                    inc eax
                    mov dword ptr [ebp-14h], eax
                    mov dword ptr [007FCF98h], 00000000h
                    inc dword ptr [007FCFA0h]
                    dec dword ptr [007FCFA4h]
                    push 00000000h
                    call 00007FBA60838839h
                    inc dword ptr [007FCF98h]
                    dec dword ptr [ebp-14h]
                    jne 00007FBA60BFF144h
                    cmp dword ptr [007FCFA4h], FFFFFFFFh
                    jne 00007FBA60BFF1C4h
                    lea edx, dword ptr [ebp-18h]
                    mov ax, 0063h
                    call 00007FBA60BF96A1h
                    mov eax, dword ptr [ebp-18h]
                    mov edx, 007EEF38h
                    call 00007FBA6081AD6Ch
                    je 00007FBA60BFF1A9h
                    call 00007FBA60BF98E1h
                    cmp eax, 0Ah
                    jbe 00007FBA60BFF19Fh
                    call 00007FBA60C098F7h

                    Data Directories

                    NameVirtual AddressVirtual Size Is in Section
                    IMAGE_DIRECTORY_ENTRY_EXPORT0x4000000x96.edata
                    IMAGE_DIRECTORY_ENTRY_IMPORT0x3fd0000x16c6.idata
                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x41d0000x3600.rsrc
                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x4030000x191c0.reloc
                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                    IMAGE_DIRECTORY_ENTRY_TLS0x4020000x18.rdata
                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                    IMAGE_DIRECTORY_ENTRY_IAT0x3fd4cc0x364.idata
                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x3ff0000x278.didata
                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                    Sections

                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                    .text0x10000x3ec5440x3ec600d7aefb5d6e6de984e994dc7c45754b87unknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    .itext0x3ee0000xf500x1000aada5a4a7410fe967643c3d004a17c32False0.558349609375data6.162614752272672IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    .data0x3ef0000x7d680x7e0072410db874b473bfd55dbb3785831cd6False0.5638950892857143data6.356179507417859IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                    .bss0x3f70000x5fac0x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                    .idata0x3fd0000x16c60x1800f83dfbc7a8d8169726b5b3aba8787951False0.3240559895833333data4.895786587173563IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                    .didata0x3ff0000x2780x4007a0cace727c21d6b42ac476919254aa3False0.26953125firmware 100 v0 (revision 2733719296) X\361? , version 54304.16640.10270 (region 2297446144), 0 bytes or less, UNKNOWN1 0x88f03f00, at 0 0 bytes , at 0 0 bytes , at 0x60524000 3629203456 bytes2.7239518130953684IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                    .edata0x4000000x960x20009704f1006f905baccdf053cd9af9689False0.248046875data1.738190464085354IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                    .tls0x4010000x200x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                    .rdata0x4020000x5c0x200610e9cb9d596ddf3f8481c9e9885e5feFalse0.1875data1.343433641850296IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                    .reloc0x4030000x191c00x192002d0a440ed47b481783a33f1e4c0e5378False0.5856071206467661data6.706934385109459IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                    .rsrc0x41d0000x36000x3600d77787dd189e78a674c960d21fa4faceFalse0.2931857638888889data3.7312727777990213IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                    Resources

                    NameRVASizeTypeLanguageCountryZLIB Complexity
                    RT_STRING0x41d3680x4e0data0.3333333333333333
                    RT_STRING0x41d8480x310data0.35331632653061223
                    RT_STRING0x41db580x330data0.39215686274509803
                    RT_STRING0x41de880x4c4data0.3983606557377049
                    RT_STRING0x41e34c0x4acdata0.32274247491638797
                    RT_STRING0x41e7f80x3b4data0.3628691983122363
                    RT_STRING0x41ebac0x440data0.38235294117647056
                    RT_STRING0x41efec0x21cdata0.40555555555555556
                    RT_STRING0x41f2080xbcdata0.6542553191489362
                    RT_STRING0x41f2c40x100data0.62890625
                    RT_STRING0x41f3c40x338data0.4223300970873786
                    RT_STRING0x41f6fc0x478data0.29895104895104896
                    RT_STRING0x41fb740x354data0.4107981220657277
                    RT_STRING0x41fec80x2b8data0.4367816091954023
                    RT_RCDATA0x4201800x10data1.5
                    RT_RCDATA0x4201900x3ecdata0.6125498007968128

                    Imports

                    DLLImport
                    oleaut32.dllSysFreeString, SysReAllocStringLen, SysAllocStringLen
                    advapi32.dllRegQueryValueExW, RegOpenKeyExW, RegCloseKey
                    user32.dllCharNextW, LoadStringW
                    kernel32.dllSleep, VirtualFree, VirtualAlloc, lstrlenW, VirtualQuery, QueryPerformanceCounter, GetTickCount, GetSystemInfo, GetVersion, CompareStringW, IsValidLocale, SetThreadLocale, GetSystemDefaultUILanguage, GetUserDefaultUILanguage, GetLocaleInfoW, WideCharToMultiByte, MultiByteToWideChar, GetACP, LoadLibraryExW, GetStartupInfoW, GetProcAddress, GetModuleHandleW, GetModuleFileNameW, GetCommandLineW, FreeLibrary, GetLastError, UnhandledExceptionFilter, RtlUnwind, RaiseException, ExitProcess, ExitThread, SwitchToThread, GetCurrentThreadId, CreateThread, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, FindFirstFileW, FindClose, WriteFile, GetStdHandle, CloseHandle
                    kernel32.dllGetProcAddress, RaiseException, LoadLibraryA, GetLastError, TlsSetValue, TlsGetValue, LocalFree, LocalAlloc, GetModuleHandleW, FreeLibrary
                    user32.dllCreateWindowExW, UpdateWindow, TranslateMessage, SystemParametersInfoW, ShowWindow, RegisterClassW, PeekMessageW, MsgWaitForMultipleObjects, MessageBoxW, LoadStringW, GetSystemMetrics, GetMessageW, EndPaint, DispatchMessageW, DefWindowProcW, CharUpperBuffW, CharUpperW, CharLowerBuffW, BeginPaint
                    gdi32.dllSetBkColor, Rectangle
                    version.dllVerQueryValueW, GetFileVersionInfoSizeW, GetFileVersionInfoW
                    kernel32.dllWriteFile, WideCharToMultiByte, WaitForSingleObject, VirtualQueryEx, VirtualQuery, VirtualProtect, VirtualFree, VirtualAlloc, VerSetConditionMask, VerifyVersionInfoW, UnmapViewOfFile, SwitchToThread, SuspendThread, Sleep, SetThreadPriority, SetLastError, SetFileTime, SetFilePointer, SetEvent, SetEndOfFile, ResumeThread, ResetEvent, ReleaseSemaphore, ReadFile, RaiseException, QueryDosDeviceW, IsDebuggerPresent, MapViewOfFile, LocalFree, LoadLibraryA, LoadLibraryW, LeaveCriticalSection, IsValidLocale, InitializeCriticalSection, HeapSize, HeapFree, HeapDestroy, HeapCreate, HeapAlloc, GetVolumeInformationW, GetVersionExW, GetTimeZoneInformation, GetTickCount64, GetTickCount, GetThreadPriority, GetThreadLocale, GetSystemInfo, GetStdHandle, GetProcAddress, GetModuleHandleW, GetModuleFileNameW, GetLogicalDrives, GetLogicalDriveStringsW, GetLocaleInfoW, GetLocalTime, GetLastError, GetFullPathNameW, GetFileSize, GetFileAttributesExW, GetFileAttributesW, GetExitCodeThread, GetDriveTypeW, GetDiskFreeSpaceW, GetDateFormatW, GetCurrentThreadId, GetCurrentThread, GetCurrentProcess, GetCPInfoExW, GetCPInfo, GetACP, FreeLibrary, FormatMessageW, FlushInstructionCache, FindNextFileW, FindFirstFileW, FindClose, FileTimeToSystemTime, FileTimeToLocalFileTime, FileTimeToDosDateTime, ExitProcess, EnumSystemLocalesW, EnumCalendarInfoW, EnterCriticalSection, DeleteCriticalSection, CreateSemaphoreA, CreateProcessW, CreatePipe, CreateFileMappingW, CreateFileW, CreateEventA, CreateEventW, CreateDirectoryW, CompareStringW, CloseHandle
                    kernel32.dllSleep
                    netapi32.dllNetApiBufferFree, NetWkstaGetInfo
                    oleaut32.dllSafeArrayPtrOfIndex, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopy, VariantClear, VariantInit
                    oleaut32.dllGetErrorInfo, SysFreeString
                    ole32.dllCoCreateInstance, CoUninitialize, CoInitialize
                    msvcrt.dllmemset, memmove, memcpy
                    msvcrt.dll_beginthreadex
                    winmm.dllwaveOutGetVolume

                    Exports

                    NameOrdinalAddress
                    TMethodImplementationIntercept30x7824b4
                    __dbk_fcall_wrapper20x4103c4
                    dbkFCallWrapperAddr10x7fa630

                    Network Behavior

                    Suricata IDS Alerts

                    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                    2024-12-24T20:49:57.437474+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.54980034.34.145.103443TCP
                    2024-12-24T20:49:58.536827+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.54980334.169.99.17443TCP
                    2024-12-24T20:49:59.665387+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.54980434.83.67.185443TCP
                    2024-12-24T20:50:00.749409+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.54981035.195.45.98443TCP
                    2024-12-24T20:50:08.252668+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.54983034.34.145.103443TCP
                    2024-12-24T20:50:09.525522+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.54983434.169.99.17443TCP
                    2024-12-24T20:50:10.603924+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.54983734.83.67.185443TCP
                    2024-12-24T20:50:11.730286+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.54984135.195.45.98443TCP
                    2024-12-24T20:50:17.308243+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.54985834.34.145.103443TCP
                    2024-12-24T20:50:17.396534+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.54985934.169.99.17443TCP
                    2024-12-24T20:50:17.477840+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.54986034.83.67.185443TCP
                    2024-12-24T20:50:17.587969+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.54986135.195.45.98443TCP
                    2024-12-24T20:50:26.896409+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.54988634.34.145.103443TCP
                    2024-12-24T20:50:28.769519+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.54989034.169.99.17443TCP
                    2024-12-24T20:50:30.353915+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.54989634.83.67.185443TCP
                    2024-12-24T20:50:32.149921+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.54989935.195.45.98443TCP
                    2024-12-24T20:50:35.421217+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.54991234.34.145.103443TCP
                    2024-12-24T20:50:37.234985+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.54991834.169.99.17443TCP
                    2024-12-24T20:50:38.845690+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.54992134.83.67.185443TCP
                    2024-12-24T20:50:40.365380+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.54992735.195.45.98443TCP
                    2024-12-24T20:50:49.840728+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.54995234.34.145.103443TCP
                    2024-12-24T20:50:49.950089+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.54995534.169.99.17443TCP
                    2024-12-24T20:50:50.101927+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.54995634.83.67.185443TCP
                    2024-12-24T20:50:50.286070+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.54995735.195.45.98443TCP
                    2024-12-24T20:51:01.351951+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.54998334.34.145.103443TCP
                    2024-12-24T20:51:03.495105+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.54998834.169.99.17443TCP
                    2024-12-24T20:51:04.974891+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.54999134.83.67.185443TCP
                    2024-12-24T20:51:07.388822+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.54999835.195.45.98443TCP
                    2024-12-24T20:51:10.773407+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.55001134.34.145.103443TCP
                    2024-12-24T20:51:13.480850+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.55001834.169.99.17443TCP
                    2024-12-24T20:51:16.231070+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.55002334.83.67.185443TCP
                    2024-12-24T20:51:17.843648+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.55002835.195.45.98443TCP
                    2024-12-24T20:51:30.006700+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.55004434.34.145.103443TCP
                    2024-12-24T20:51:30.084499+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.55004534.169.99.17443TCP
                    2024-12-24T20:51:30.147283+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.55004634.83.67.185443TCP
                    2024-12-24T20:51:30.274087+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.55004735.195.45.98443TCP
                    2024-12-24T20:51:42.384115+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.55005234.34.145.103443TCP
                    2024-12-24T20:51:45.127272+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.55005334.169.99.17443TCP
                    2024-12-24T20:51:47.363251+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.55005434.83.67.185443TCP
                    2024-12-24T20:51:49.543295+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.55005535.195.45.98443TCP
                    2024-12-24T20:51:53.492437+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.55006034.34.145.103443TCP
                    2024-12-24T20:51:56.140020+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.55006134.169.99.17443TCP
                    2024-12-24T20:51:58.720024+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.55006234.83.67.185443TCP
                    2024-12-24T20:52:00.858456+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.55006335.195.45.98443TCP
                    2024-12-24T20:52:14.200139+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.55006834.34.145.103443TCP
                    2024-12-24T20:52:14.310341+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.55006934.169.99.17443TCP
                    2024-12-24T20:52:14.394340+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.55007034.83.67.185443TCP
                    2024-12-24T20:52:14.471379+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.55007135.195.45.98443TCP
                    2024-12-24T20:52:26.921628+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.55007634.34.145.103443TCP
                    2024-12-24T20:52:29.172493+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.55007734.169.99.17443TCP
                    2024-12-24T20:52:31.469787+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.55007834.83.67.185443TCP
                    2024-12-24T20:52:33.819170+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.55007935.195.45.98443TCP
                    2024-12-24T20:52:39.115081+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.55008434.34.145.103443TCP
                    2024-12-24T20:52:41.407909+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.55008534.169.99.17443TCP
                    2024-12-24T20:52:43.802047+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.55008634.83.67.185443TCP
                    2024-12-24T20:52:45.270054+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.55008735.195.45.98443TCP
                    2024-12-24T20:52:50.668751+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.55009234.34.145.103443TCP
                    2024-12-24T20:52:50.725016+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.55009334.169.99.17443TCP
                    2024-12-24T20:52:50.800171+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.55009434.83.67.185443TCP
                    2024-12-24T20:52:50.851757+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.55009535.195.45.98443TCP
                    2024-12-24T20:52:58.374899+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.55010034.34.145.103443TCP
                    2024-12-24T20:52:59.434077+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.55010134.169.99.17443TCP
                    2024-12-24T20:53:00.520563+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.55010234.83.67.185443TCP
                    2024-12-24T20:53:01.628273+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.55010335.195.45.98443TCP
                    2024-12-24T20:53:03.916416+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.55010834.34.145.103443TCP
                    2024-12-24T20:53:04.997393+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.55010934.169.99.17443TCP
                    2024-12-24T20:53:06.099941+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.55011034.83.67.185443TCP
                    2024-12-24T20:53:07.154378+01002034465ET MALWARE Danabot Key Exchange Request1192.168.2.55011135.195.45.98443TCP

                    Network Port Distribution

                    TCP Packets

                    TimestampSource PortDest PortSource IPDest IP
                    Dec 24, 2024 20:49:05.113316059 CET49704443192.168.2.534.34.145.103
                    Dec 24, 2024 20:49:05.113344908 CET4434970434.34.145.103192.168.2.5
                    Dec 24, 2024 20:49:05.113426924 CET49704443192.168.2.534.34.145.103
                    Dec 24, 2024 20:49:05.197771072 CET49704443192.168.2.534.34.145.103
                    Dec 24, 2024 20:49:05.197782040 CET4434970434.34.145.103192.168.2.5
                    Dec 24, 2024 20:49:05.197958946 CET4434970434.34.145.103192.168.2.5
                    Dec 24, 2024 20:49:05.197971106 CET49704443192.168.2.534.34.145.103
                    Dec 24, 2024 20:49:05.197979927 CET4434970434.34.145.103192.168.2.5
                    Dec 24, 2024 20:49:06.309802055 CET49705443192.168.2.534.169.99.17
                    Dec 24, 2024 20:49:06.309894085 CET4434970534.169.99.17192.168.2.5
                    Dec 24, 2024 20:49:06.309999943 CET49705443192.168.2.534.169.99.17
                    Dec 24, 2024 20:49:07.401005983 CET49705443192.168.2.534.169.99.17
                    Dec 24, 2024 20:49:07.401032925 CET4434970534.169.99.17192.168.2.5
                    Dec 24, 2024 20:49:07.401132107 CET4434970534.169.99.17192.168.2.5
                    Dec 24, 2024 20:49:08.425440073 CET49706443192.168.2.534.83.67.185
                    Dec 24, 2024 20:49:08.425487995 CET4434970634.83.67.185192.168.2.5
                    Dec 24, 2024 20:49:08.425576925 CET49706443192.168.2.534.83.67.185
                    Dec 24, 2024 20:49:08.518367052 CET49706443192.168.2.534.83.67.185
                    Dec 24, 2024 20:49:08.518392086 CET4434970634.83.67.185192.168.2.5
                    Dec 24, 2024 20:49:08.518443108 CET4434970634.83.67.185192.168.2.5
                    Dec 24, 2024 20:49:09.569377899 CET49707443192.168.2.535.195.45.98
                    Dec 24, 2024 20:49:09.569420099 CET4434970735.195.45.98192.168.2.5
                    Dec 24, 2024 20:49:09.569495916 CET49707443192.168.2.535.195.45.98
                    Dec 24, 2024 20:49:09.665699005 CET49707443192.168.2.535.195.45.98
                    Dec 24, 2024 20:49:09.665715933 CET4434970735.195.45.98192.168.2.5
                    Dec 24, 2024 20:49:09.665771008 CET49707443192.168.2.535.195.45.98
                    Dec 24, 2024 20:49:09.665776014 CET4434970735.195.45.98192.168.2.5
                    Dec 24, 2024 20:49:09.665817976 CET4434970735.195.45.98192.168.2.5
                    Dec 24, 2024 20:49:57.376652002 CET49800443192.168.2.534.34.145.103
                    Dec 24, 2024 20:49:57.376688957 CET4434980034.34.145.103192.168.2.5
                    Dec 24, 2024 20:49:57.376750946 CET49800443192.168.2.534.34.145.103
                    Dec 24, 2024 20:49:57.437474012 CET49800443192.168.2.534.34.145.103
                    Dec 24, 2024 20:49:57.437485933 CET4434980034.34.145.103192.168.2.5
                    Dec 24, 2024 20:49:57.437540054 CET49800443192.168.2.534.34.145.103
                    Dec 24, 2024 20:49:57.437546015 CET4434980034.34.145.103192.168.2.5
                    Dec 24, 2024 20:49:57.437575102 CET4434980034.34.145.103192.168.2.5
                    Dec 24, 2024 20:49:58.455090046 CET49803443192.168.2.534.169.99.17
                    Dec 24, 2024 20:49:58.455152988 CET4434980334.169.99.17192.168.2.5
                    Dec 24, 2024 20:49:58.455358982 CET49803443192.168.2.534.169.99.17
                    Dec 24, 2024 20:49:58.536827087 CET49803443192.168.2.534.169.99.17
                    Dec 24, 2024 20:49:58.536864042 CET4434980334.169.99.17192.168.2.5
                    Dec 24, 2024 20:49:58.536921978 CET4434980334.169.99.17192.168.2.5
                    Dec 24, 2024 20:49:58.536931038 CET49803443192.168.2.534.169.99.17
                    Dec 24, 2024 20:49:58.536948919 CET4434980334.169.99.17192.168.2.5
                    Dec 24, 2024 20:49:59.565937042 CET49804443192.168.2.534.83.67.185
                    Dec 24, 2024 20:49:59.565995932 CET4434980434.83.67.185192.168.2.5
                    Dec 24, 2024 20:49:59.566112995 CET49804443192.168.2.534.83.67.185
                    Dec 24, 2024 20:49:59.665386915 CET49804443192.168.2.534.83.67.185
                    Dec 24, 2024 20:49:59.665415049 CET4434980434.83.67.185192.168.2.5
                    Dec 24, 2024 20:49:59.665491104 CET49804443192.168.2.534.83.67.185
                    Dec 24, 2024 20:49:59.665498018 CET4434980434.83.67.185192.168.2.5
                    Dec 24, 2024 20:49:59.665505886 CET4434980434.83.67.185192.168.2.5
                    Dec 24, 2024 20:50:00.689996958 CET49810443192.168.2.535.195.45.98
                    Dec 24, 2024 20:50:00.690098047 CET4434981035.195.45.98192.168.2.5
                    Dec 24, 2024 20:50:00.690202951 CET49810443192.168.2.535.195.45.98
                    Dec 24, 2024 20:50:00.749408960 CET49810443192.168.2.535.195.45.98
                    Dec 24, 2024 20:50:00.749452114 CET4434981035.195.45.98192.168.2.5
                    Dec 24, 2024 20:50:00.749535084 CET4434981035.195.45.98192.168.2.5
                    Dec 24, 2024 20:50:00.749537945 CET49810443192.168.2.535.195.45.98
                    Dec 24, 2024 20:50:00.749567032 CET4434981035.195.45.98192.168.2.5
                    Dec 24, 2024 20:50:00.757499933 CET49811443192.168.2.534.34.145.103
                    Dec 24, 2024 20:50:00.757556915 CET4434981134.34.145.103192.168.2.5
                    Dec 24, 2024 20:50:00.757626057 CET49811443192.168.2.534.34.145.103
                    Dec 24, 2024 20:50:00.848030090 CET49811443192.168.2.534.34.145.103
                    Dec 24, 2024 20:50:00.848052979 CET4434981134.34.145.103192.168.2.5
                    Dec 24, 2024 20:50:00.848088026 CET49811443192.168.2.534.34.145.103
                    Dec 24, 2024 20:50:00.848094940 CET4434981134.34.145.103192.168.2.5
                    Dec 24, 2024 20:50:00.848119974 CET4434981134.34.145.103192.168.2.5
                    Dec 24, 2024 20:50:00.859141111 CET49812443192.168.2.534.169.99.17
                    Dec 24, 2024 20:50:00.859231949 CET4434981234.169.99.17192.168.2.5
                    Dec 24, 2024 20:50:00.859344959 CET49812443192.168.2.534.169.99.17
                    Dec 24, 2024 20:50:00.922425985 CET49812443192.168.2.534.169.99.17
                    Dec 24, 2024 20:50:00.922468901 CET4434981234.169.99.17192.168.2.5
                    Dec 24, 2024 20:50:00.922538042 CET4434981234.169.99.17192.168.2.5
                    Dec 24, 2024 20:50:00.922580004 CET49812443192.168.2.534.169.99.17
                    Dec 24, 2024 20:50:00.922601938 CET4434981234.169.99.17192.168.2.5
                    Dec 24, 2024 20:50:00.930737972 CET49813443192.168.2.534.83.67.185
                    Dec 24, 2024 20:50:00.930802107 CET4434981334.83.67.185192.168.2.5
                    Dec 24, 2024 20:50:00.930895090 CET49813443192.168.2.534.83.67.185
                    Dec 24, 2024 20:50:01.005402088 CET49813443192.168.2.534.83.67.185
                    Dec 24, 2024 20:50:01.005455971 CET4434981334.83.67.185192.168.2.5
                    Dec 24, 2024 20:50:01.005485058 CET49813443192.168.2.534.83.67.185
                    Dec 24, 2024 20:50:01.005496025 CET4434981334.83.67.185192.168.2.5
                    Dec 24, 2024 20:50:01.005517006 CET4434981334.83.67.185192.168.2.5
                    Dec 24, 2024 20:50:01.012564898 CET49814443192.168.2.535.195.45.98
                    Dec 24, 2024 20:50:01.012610912 CET4434981435.195.45.98192.168.2.5
                    Dec 24, 2024 20:50:01.012700081 CET49814443192.168.2.535.195.45.98
                    Dec 24, 2024 20:50:01.080221891 CET49814443192.168.2.535.195.45.98
                    Dec 24, 2024 20:50:01.080238104 CET4434981435.195.45.98192.168.2.5
                    Dec 24, 2024 20:50:01.080291033 CET4434981435.195.45.98192.168.2.5
                    Dec 24, 2024 20:50:01.080302954 CET49814443192.168.2.535.195.45.98
                    Dec 24, 2024 20:50:01.080317020 CET4434981435.195.45.98192.168.2.5
                    Dec 24, 2024 20:50:08.189711094 CET49830443192.168.2.534.34.145.103
                    Dec 24, 2024 20:50:08.189764977 CET4434983034.34.145.103192.168.2.5
                    Dec 24, 2024 20:50:08.189846039 CET49830443192.168.2.534.34.145.103
                    Dec 24, 2024 20:50:08.252667904 CET49830443192.168.2.534.34.145.103
                    Dec 24, 2024 20:50:08.252708912 CET4434983034.34.145.103192.168.2.5
                    Dec 24, 2024 20:50:08.252751112 CET4434983034.34.145.103192.168.2.5
                    Dec 24, 2024 20:50:08.252769947 CET49830443192.168.2.534.34.145.103
                    Dec 24, 2024 20:50:08.252791882 CET4434983034.34.145.103192.168.2.5
                    Dec 24, 2024 20:50:09.425524950 CET49834443192.168.2.534.169.99.17
                    Dec 24, 2024 20:50:09.425612926 CET4434983434.169.99.17192.168.2.5
                    Dec 24, 2024 20:50:09.425693035 CET49834443192.168.2.534.169.99.17
                    Dec 24, 2024 20:50:09.525521994 CET49834443192.168.2.534.169.99.17
                    Dec 24, 2024 20:50:09.525583029 CET4434983434.169.99.17192.168.2.5
                    Dec 24, 2024 20:50:09.525629997 CET4434983434.169.99.17192.168.2.5
                    Dec 24, 2024 20:50:09.525651932 CET49834443192.168.2.534.169.99.17
                    Dec 24, 2024 20:50:09.525674105 CET4434983434.169.99.17192.168.2.5
                    Dec 24, 2024 20:50:10.549550056 CET49837443192.168.2.534.83.67.185
                    Dec 24, 2024 20:50:10.549617052 CET4434983734.83.67.185192.168.2.5
                    Dec 24, 2024 20:50:10.549776077 CET49837443192.168.2.534.83.67.185
                    Dec 24, 2024 20:50:10.603924036 CET49837443192.168.2.534.83.67.185
                    Dec 24, 2024 20:50:10.603940010 CET4434983734.83.67.185192.168.2.5
                    Dec 24, 2024 20:50:10.603996038 CET4434983734.83.67.185192.168.2.5
                    Dec 24, 2024 20:50:10.604034901 CET49837443192.168.2.534.83.67.185
                    Dec 24, 2024 20:50:10.604053974 CET4434983734.83.67.185192.168.2.5
                    Dec 24, 2024 20:50:11.643038988 CET49841443192.168.2.535.195.45.98
                    Dec 24, 2024 20:50:11.643084049 CET4434984135.195.45.98192.168.2.5
                    Dec 24, 2024 20:50:11.643196106 CET49841443192.168.2.535.195.45.98
                    Dec 24, 2024 20:50:11.730285883 CET49841443192.168.2.535.195.45.98
                    Dec 24, 2024 20:50:11.730361938 CET4434984135.195.45.98192.168.2.5
                    Dec 24, 2024 20:50:11.730422020 CET4434984135.195.45.98192.168.2.5
                    Dec 24, 2024 20:50:11.730443954 CET49841443192.168.2.535.195.45.98
                    Dec 24, 2024 20:50:11.730477095 CET4434984135.195.45.98192.168.2.5
                    Dec 24, 2024 20:50:13.768246889 CET49847443192.168.2.534.34.145.103
                    Dec 24, 2024 20:50:13.768273115 CET4434984734.34.145.103192.168.2.5
                    Dec 24, 2024 20:50:13.768343925 CET49847443192.168.2.534.34.145.103
                    Dec 24, 2024 20:50:13.881983042 CET49847443192.168.2.534.34.145.103
                    Dec 24, 2024 20:50:13.881983042 CET49847443192.168.2.534.34.145.103
                    Dec 24, 2024 20:50:13.882002115 CET4434984734.34.145.103192.168.2.5
                    Dec 24, 2024 20:50:13.882008076 CET4434984734.34.145.103192.168.2.5
                    Dec 24, 2024 20:50:13.882050991 CET4434984734.34.145.103192.168.2.5
                    Dec 24, 2024 20:50:14.941849947 CET49850443192.168.2.534.169.99.17
                    Dec 24, 2024 20:50:14.941891909 CET4434985034.169.99.17192.168.2.5
                    Dec 24, 2024 20:50:14.941975117 CET49850443192.168.2.534.169.99.17
                    Dec 24, 2024 20:50:15.026504040 CET49850443192.168.2.534.169.99.17
                    Dec 24, 2024 20:50:15.026521921 CET4434985034.169.99.17192.168.2.5
                    Dec 24, 2024 20:50:15.026563883 CET4434985034.169.99.17192.168.2.5
                    Dec 24, 2024 20:50:15.026571989 CET49850443192.168.2.534.169.99.17
                    Dec 24, 2024 20:50:15.026587009 CET4434985034.169.99.17192.168.2.5
                    Dec 24, 2024 20:50:16.050988913 CET49854443192.168.2.534.83.67.185
                    Dec 24, 2024 20:50:16.051053047 CET4434985434.83.67.185192.168.2.5
                    Dec 24, 2024 20:50:16.051304102 CET49854443192.168.2.534.83.67.185
                    Dec 24, 2024 20:50:16.117863894 CET49854443192.168.2.534.83.67.185
                    Dec 24, 2024 20:50:16.117908001 CET4434985434.83.67.185192.168.2.5
                    Dec 24, 2024 20:50:16.117954969 CET4434985434.83.67.185192.168.2.5
                    Dec 24, 2024 20:50:17.143454075 CET49857443192.168.2.535.195.45.98
                    Dec 24, 2024 20:50:17.143479109 CET4434985735.195.45.98192.168.2.5
                    Dec 24, 2024 20:50:17.143551111 CET49857443192.168.2.535.195.45.98
                    Dec 24, 2024 20:50:17.208451986 CET49857443192.168.2.535.195.45.98
                    Dec 24, 2024 20:50:17.208465099 CET4434985735.195.45.98192.168.2.5
                    Dec 24, 2024 20:50:17.208476067 CET49857443192.168.2.535.195.45.98
                    Dec 24, 2024 20:50:17.208481073 CET4434985735.195.45.98192.168.2.5
                    Dec 24, 2024 20:50:17.208622932 CET4434985735.195.45.98192.168.2.5
                    Dec 24, 2024 20:50:17.218420982 CET49858443192.168.2.534.34.145.103
                    Dec 24, 2024 20:50:17.218497992 CET4434985834.34.145.103192.168.2.5
                    Dec 24, 2024 20:50:17.218569040 CET49858443192.168.2.534.34.145.103
                    Dec 24, 2024 20:50:17.308243036 CET49858443192.168.2.534.34.145.103
                    Dec 24, 2024 20:50:17.308279037 CET4434985834.34.145.103192.168.2.5
                    Dec 24, 2024 20:50:17.308316946 CET4434985834.34.145.103192.168.2.5
                    Dec 24, 2024 20:50:17.308360100 CET49858443192.168.2.534.34.145.103
                    Dec 24, 2024 20:50:17.308379889 CET4434985834.34.145.103192.168.2.5
                    Dec 24, 2024 20:50:17.318921089 CET49859443192.168.2.534.169.99.17
                    Dec 24, 2024 20:50:17.319005966 CET4434985934.169.99.17192.168.2.5
                    Dec 24, 2024 20:50:17.319117069 CET49859443192.168.2.534.169.99.17
                    Dec 24, 2024 20:50:17.396533966 CET49859443192.168.2.534.169.99.17
                    Dec 24, 2024 20:50:17.396600962 CET4434985934.169.99.17192.168.2.5
                    Dec 24, 2024 20:50:17.396632910 CET4434985934.169.99.17192.168.2.5
                    Dec 24, 2024 20:50:17.396677017 CET49859443192.168.2.534.169.99.17
                    Dec 24, 2024 20:50:17.396707058 CET4434985934.169.99.17192.168.2.5
                    Dec 24, 2024 20:50:17.406979084 CET49860443192.168.2.534.83.67.185
                    Dec 24, 2024 20:50:17.407047987 CET4434986034.83.67.185192.168.2.5
                    Dec 24, 2024 20:50:17.407121897 CET49860443192.168.2.534.83.67.185
                    Dec 24, 2024 20:50:17.477839947 CET49860443192.168.2.534.83.67.185
                    Dec 24, 2024 20:50:17.477886915 CET4434986034.83.67.185192.168.2.5
                    Dec 24, 2024 20:50:17.477910042 CET4434986034.83.67.185192.168.2.5
                    Dec 24, 2024 20:50:17.477937937 CET49860443192.168.2.534.83.67.185
                    Dec 24, 2024 20:50:17.477957010 CET4434986034.83.67.185192.168.2.5
                    Dec 24, 2024 20:50:17.488410950 CET49861443192.168.2.535.195.45.98
                    Dec 24, 2024 20:50:17.488440990 CET4434986135.195.45.98192.168.2.5
                    Dec 24, 2024 20:50:17.488501072 CET49861443192.168.2.535.195.45.98
                    Dec 24, 2024 20:50:17.587969065 CET49861443192.168.2.535.195.45.98
                    Dec 24, 2024 20:50:17.587989092 CET4434986135.195.45.98192.168.2.5
                    Dec 24, 2024 20:50:17.588027954 CET4434986135.195.45.98192.168.2.5
                    Dec 24, 2024 20:50:19.611884117 CET49867443192.168.2.534.34.145.103
                    Dec 24, 2024 20:50:19.611923933 CET4434986734.34.145.103192.168.2.5
                    Dec 24, 2024 20:50:19.611994028 CET49867443192.168.2.534.34.145.103
                    Dec 24, 2024 20:50:19.680938959 CET49867443192.168.2.534.34.145.103
                    Dec 24, 2024 20:50:19.680958986 CET4434986734.34.145.103192.168.2.5
                    Dec 24, 2024 20:50:19.681004047 CET49867443192.168.2.534.34.145.103
                    Dec 24, 2024 20:50:19.681010962 CET4434986734.34.145.103192.168.2.5
                    Dec 24, 2024 20:50:19.681047916 CET4434986734.34.145.103192.168.2.5
                    Dec 24, 2024 20:50:21.377067089 CET49871443192.168.2.534.169.99.17
                    Dec 24, 2024 20:50:21.377094984 CET4434987134.169.99.17192.168.2.5
                    Dec 24, 2024 20:50:21.377180099 CET49871443192.168.2.534.169.99.17
                    Dec 24, 2024 20:50:21.429577112 CET49871443192.168.2.534.169.99.17
                    Dec 24, 2024 20:50:21.429590940 CET4434987134.169.99.17192.168.2.5
                    Dec 24, 2024 20:50:21.429630995 CET4434987134.169.99.17192.168.2.5
                    Dec 24, 2024 20:50:21.429639101 CET49871443192.168.2.534.169.99.17
                    Dec 24, 2024 20:50:21.429646969 CET4434987134.169.99.17192.168.2.5
                    Dec 24, 2024 20:50:22.709908009 CET49877443192.168.2.534.83.67.185
                    Dec 24, 2024 20:50:22.709969044 CET4434987734.83.67.185192.168.2.5
                    Dec 24, 2024 20:50:22.710177898 CET49877443192.168.2.534.83.67.185
                    Dec 24, 2024 20:50:22.780937910 CET49877443192.168.2.534.83.67.185
                    Dec 24, 2024 20:50:22.780937910 CET49877443192.168.2.534.83.67.185
                    Dec 24, 2024 20:50:22.781007051 CET4434987734.83.67.185192.168.2.5
                    Dec 24, 2024 20:50:22.781047106 CET4434987734.83.67.185192.168.2.5
                    Dec 24, 2024 20:50:22.781080961 CET4434987734.83.67.185192.168.2.5
                    Dec 24, 2024 20:50:24.085915089 CET49880443192.168.2.535.195.45.98
                    Dec 24, 2024 20:50:24.085942984 CET4434988035.195.45.98192.168.2.5
                    Dec 24, 2024 20:50:24.086205006 CET49880443192.168.2.535.195.45.98
                    Dec 24, 2024 20:50:24.264812946 CET49880443192.168.2.535.195.45.98
                    Dec 24, 2024 20:50:24.264828920 CET4434988035.195.45.98192.168.2.5
                    Dec 24, 2024 20:50:24.264864922 CET4434988035.195.45.98192.168.2.5
                    Dec 24, 2024 20:50:26.798753977 CET49886443192.168.2.534.34.145.103
                    Dec 24, 2024 20:50:26.798809052 CET4434988634.34.145.103192.168.2.5
                    Dec 24, 2024 20:50:26.799144983 CET49886443192.168.2.534.34.145.103
                    Dec 24, 2024 20:50:26.896409035 CET49886443192.168.2.534.34.145.103
                    Dec 24, 2024 20:50:26.896441936 CET4434988634.34.145.103192.168.2.5
                    Dec 24, 2024 20:50:26.896497011 CET49886443192.168.2.534.34.145.103
                    Dec 24, 2024 20:50:26.896497011 CET4434988634.34.145.103192.168.2.5
                    Dec 24, 2024 20:50:26.896512985 CET4434988634.34.145.103192.168.2.5
                    Dec 24, 2024 20:50:28.321902990 CET49890443192.168.2.534.169.99.17
                    Dec 24, 2024 20:50:28.321954966 CET4434989034.169.99.17192.168.2.5
                    Dec 24, 2024 20:50:28.325992107 CET49890443192.168.2.534.169.99.17
                    Dec 24, 2024 20:50:28.769519091 CET49890443192.168.2.534.169.99.17
                    Dec 24, 2024 20:50:28.769548893 CET4434989034.169.99.17192.168.2.5
                    Dec 24, 2024 20:50:28.769601107 CET4434989034.169.99.17192.168.2.5
                    Dec 24, 2024 20:50:30.149914980 CET49896443192.168.2.534.83.67.185
                    Dec 24, 2024 20:50:30.149985075 CET4434989634.83.67.185192.168.2.5
                    Dec 24, 2024 20:50:30.150157928 CET49896443192.168.2.534.83.67.185
                    Dec 24, 2024 20:50:30.353914976 CET49896443192.168.2.534.83.67.185
                    Dec 24, 2024 20:50:30.353964090 CET4434989634.83.67.185192.168.2.5
                    Dec 24, 2024 20:50:30.354012012 CET4434989634.83.67.185192.168.2.5
                    Dec 24, 2024 20:50:31.940151930 CET49899443192.168.2.535.195.45.98
                    Dec 24, 2024 20:50:31.940228939 CET4434989935.195.45.98192.168.2.5
                    Dec 24, 2024 20:50:31.940421104 CET49899443192.168.2.535.195.45.98
                    Dec 24, 2024 20:50:32.149920940 CET49899443192.168.2.535.195.45.98
                    Dec 24, 2024 20:50:32.149950027 CET4434989935.195.45.98192.168.2.5
                    Dec 24, 2024 20:50:32.149987936 CET4434989935.195.45.98192.168.2.5
                    Dec 24, 2024 20:50:32.949562073 CET49903443192.168.2.534.34.145.103
                    Dec 24, 2024 20:50:32.949628115 CET4434990334.34.145.103192.168.2.5
                    Dec 24, 2024 20:50:32.949781895 CET49903443192.168.2.534.34.145.103
                    Dec 24, 2024 20:50:33.085118055 CET49903443192.168.2.534.34.145.103
                    Dec 24, 2024 20:50:33.085144997 CET4434990334.34.145.103192.168.2.5
                    Dec 24, 2024 20:50:33.085177898 CET4434990334.34.145.103192.168.2.5
                    Dec 24, 2024 20:50:33.085211039 CET49903443192.168.2.534.34.145.103
                    Dec 24, 2024 20:50:33.085226059 CET4434990334.34.145.103192.168.2.5
                    Dec 24, 2024 20:50:33.095480919 CET49906443192.168.2.534.169.99.17
                    Dec 24, 2024 20:50:33.095556974 CET4434990634.169.99.17192.168.2.5
                    Dec 24, 2024 20:50:33.095642090 CET49906443192.168.2.534.169.99.17
                    Dec 24, 2024 20:50:33.165271997 CET49906443192.168.2.534.169.99.17
                    Dec 24, 2024 20:50:33.165313005 CET4434990634.169.99.17192.168.2.5
                    Dec 24, 2024 20:50:33.165344000 CET4434990634.169.99.17192.168.2.5
                    Dec 24, 2024 20:50:33.165376902 CET49906443192.168.2.534.169.99.17
                    Dec 24, 2024 20:50:33.165414095 CET4434990634.169.99.17192.168.2.5
                    Dec 24, 2024 20:50:33.174943924 CET49907443192.168.2.534.83.67.185
                    Dec 24, 2024 20:50:33.174989939 CET4434990734.83.67.185192.168.2.5
                    Dec 24, 2024 20:50:33.175046921 CET49907443192.168.2.534.83.67.185
                    Dec 24, 2024 20:50:33.237133026 CET49907443192.168.2.534.83.67.185
                    Dec 24, 2024 20:50:33.237158060 CET4434990734.83.67.185192.168.2.5
                    Dec 24, 2024 20:50:33.237193108 CET4434990734.83.67.185192.168.2.5
                    Dec 24, 2024 20:50:33.239068031 CET49908443192.168.2.535.195.45.98
                    Dec 24, 2024 20:50:33.239115000 CET4434990835.195.45.98192.168.2.5
                    Dec 24, 2024 20:50:33.239242077 CET49908443192.168.2.535.195.45.98
                    Dec 24, 2024 20:50:33.309129000 CET49908443192.168.2.535.195.45.98
                    Dec 24, 2024 20:50:33.309161901 CET4434990835.195.45.98192.168.2.5
                    Dec 24, 2024 20:50:33.309195042 CET4434990835.195.45.98192.168.2.5
                    Dec 24, 2024 20:50:35.349474907 CET49912443192.168.2.534.34.145.103
                    Dec 24, 2024 20:50:35.349533081 CET4434991234.34.145.103192.168.2.5
                    Dec 24, 2024 20:50:35.349601030 CET49912443192.168.2.534.34.145.103
                    Dec 24, 2024 20:50:35.421216965 CET49912443192.168.2.534.34.145.103
                    Dec 24, 2024 20:50:35.421233892 CET4434991234.34.145.103192.168.2.5
                    Dec 24, 2024 20:50:35.421273947 CET4434991234.34.145.103192.168.2.5
                    Dec 24, 2024 20:50:35.421274900 CET49912443192.168.2.534.34.145.103
                    Dec 24, 2024 20:50:35.421284914 CET4434991234.34.145.103192.168.2.5
                    Dec 24, 2024 20:50:37.096441031 CET49918443192.168.2.534.169.99.17
                    Dec 24, 2024 20:50:37.096493959 CET4434991834.169.99.17192.168.2.5
                    Dec 24, 2024 20:50:37.096576929 CET49918443192.168.2.534.169.99.17
                    Dec 24, 2024 20:50:37.234985113 CET49918443192.168.2.534.169.99.17
                    Dec 24, 2024 20:50:37.235001087 CET4434991834.169.99.17192.168.2.5
                    Dec 24, 2024 20:50:37.235042095 CET4434991834.169.99.17192.168.2.5
                    Dec 24, 2024 20:50:37.235047102 CET49918443192.168.2.534.169.99.17
                    Dec 24, 2024 20:50:37.235055923 CET4434991834.169.99.17192.168.2.5
                    Dec 24, 2024 20:50:38.631104946 CET49921443192.168.2.534.83.67.185
                    Dec 24, 2024 20:50:38.631162882 CET4434992134.83.67.185192.168.2.5
                    Dec 24, 2024 20:50:38.633985996 CET49921443192.168.2.534.83.67.185
                    Dec 24, 2024 20:50:38.845690012 CET49921443192.168.2.534.83.67.185
                    Dec 24, 2024 20:50:38.845705986 CET4434992134.83.67.185192.168.2.5
                    Dec 24, 2024 20:50:38.845740080 CET4434992134.83.67.185192.168.2.5
                    Dec 24, 2024 20:50:38.845750093 CET49921443192.168.2.534.83.67.185
                    Dec 24, 2024 20:50:38.845758915 CET4434992134.83.67.185192.168.2.5
                    Dec 24, 2024 20:50:40.301912069 CET49927443192.168.2.535.195.45.98
                    Dec 24, 2024 20:50:40.301968098 CET4434992735.195.45.98192.168.2.5
                    Dec 24, 2024 20:50:40.302505016 CET49927443192.168.2.535.195.45.98
                    Dec 24, 2024 20:50:40.365380049 CET49927443192.168.2.535.195.45.98
                    Dec 24, 2024 20:50:40.365396976 CET4434992735.195.45.98192.168.2.5
                    Dec 24, 2024 20:50:40.365442038 CET4434992735.195.45.98192.168.2.5
                    Dec 24, 2024 20:50:40.365462065 CET49927443192.168.2.535.195.45.98
                    Dec 24, 2024 20:50:40.365473032 CET4434992735.195.45.98192.168.2.5
                    Dec 24, 2024 20:50:43.064954996 CET49933443192.168.2.534.34.145.103
                    Dec 24, 2024 20:50:43.064999104 CET4434993334.34.145.103192.168.2.5
                    Dec 24, 2024 20:50:43.065062046 CET49933443192.168.2.534.34.145.103
                    Dec 24, 2024 20:50:43.130433083 CET49933443192.168.2.534.34.145.103
                    Dec 24, 2024 20:50:43.130445004 CET4434993334.34.145.103192.168.2.5
                    Dec 24, 2024 20:50:43.130487919 CET4434993334.34.145.103192.168.2.5
                    Dec 24, 2024 20:50:43.130510092 CET49933443192.168.2.534.34.145.103
                    Dec 24, 2024 20:50:43.130517006 CET4434993334.34.145.103192.168.2.5
                    Dec 24, 2024 20:50:45.048758984 CET49939443192.168.2.534.169.99.17
                    Dec 24, 2024 20:50:45.048839092 CET4434993934.169.99.17192.168.2.5
                    Dec 24, 2024 20:50:45.048928022 CET49939443192.168.2.534.169.99.17
                    Dec 24, 2024 20:50:45.109795094 CET49939443192.168.2.534.169.99.17
                    Dec 24, 2024 20:50:45.109853029 CET4434993934.169.99.17192.168.2.5
                    Dec 24, 2024 20:50:45.109885931 CET4434993934.169.99.17192.168.2.5
                    Dec 24, 2024 20:50:46.741918087 CET49945443192.168.2.534.83.67.185
                    Dec 24, 2024 20:50:46.741940975 CET4434994534.83.67.185192.168.2.5
                    Dec 24, 2024 20:50:46.742058039 CET49945443192.168.2.534.83.67.185
                    Dec 24, 2024 20:50:46.807586908 CET49945443192.168.2.534.83.67.185
                    Dec 24, 2024 20:50:46.807586908 CET49945443192.168.2.534.83.67.185
                    Dec 24, 2024 20:50:46.807600021 CET4434994534.83.67.185192.168.2.5
                    Dec 24, 2024 20:50:46.807609081 CET4434994534.83.67.185192.168.2.5
                    Dec 24, 2024 20:50:46.807636023 CET4434994534.83.67.185192.168.2.5
                    Dec 24, 2024 20:50:48.417948961 CET49949443192.168.2.535.195.45.98
                    Dec 24, 2024 20:50:48.418030024 CET4434994935.195.45.98192.168.2.5
                    Dec 24, 2024 20:50:48.422019005 CET49949443192.168.2.535.195.45.98
                    Dec 24, 2024 20:50:48.476212978 CET49949443192.168.2.535.195.45.98
                    Dec 24, 2024 20:50:48.476252079 CET4434994935.195.45.98192.168.2.5
                    Dec 24, 2024 20:50:48.476305962 CET4434994935.195.45.98192.168.2.5
                    Dec 24, 2024 20:50:49.581162930 CET49952443192.168.2.534.34.145.103
                    Dec 24, 2024 20:50:49.581185102 CET4434995234.34.145.103192.168.2.5
                    Dec 24, 2024 20:50:49.581269026 CET49952443192.168.2.534.34.145.103
                    Dec 24, 2024 20:50:49.840728045 CET49952443192.168.2.534.34.145.103
                    Dec 24, 2024 20:50:49.840740919 CET4434995234.34.145.103192.168.2.5
                    Dec 24, 2024 20:50:49.840776920 CET4434995234.34.145.103192.168.2.5
                    Dec 24, 2024 20:50:49.840832949 CET49952443192.168.2.534.34.145.103
                    Dec 24, 2024 20:50:49.840842962 CET4434995234.34.145.103192.168.2.5
                    Dec 24, 2024 20:50:49.854979038 CET49955443192.168.2.534.169.99.17
                    Dec 24, 2024 20:50:49.855016947 CET4434995534.169.99.17192.168.2.5
                    Dec 24, 2024 20:50:49.855160952 CET49955443192.168.2.534.169.99.17
                    Dec 24, 2024 20:50:49.950088978 CET49955443192.168.2.534.169.99.17
                    Dec 24, 2024 20:50:49.950120926 CET4434995534.169.99.17192.168.2.5
                    Dec 24, 2024 20:50:49.950149059 CET4434995534.169.99.17192.168.2.5
                    Dec 24, 2024 20:50:49.950186014 CET49955443192.168.2.534.169.99.17
                    Dec 24, 2024 20:50:49.950201035 CET4434995534.169.99.17192.168.2.5
                    Dec 24, 2024 20:50:49.963987112 CET49956443192.168.2.534.83.67.185
                    Dec 24, 2024 20:50:49.964086056 CET4434995634.83.67.185192.168.2.5
                    Dec 24, 2024 20:50:49.964350939 CET49956443192.168.2.534.83.67.185
                    Dec 24, 2024 20:50:50.101927042 CET49956443192.168.2.534.83.67.185
                    Dec 24, 2024 20:50:50.101967096 CET4434995634.83.67.185192.168.2.5
                    Dec 24, 2024 20:50:50.101996899 CET4434995634.83.67.185192.168.2.5
                    Dec 24, 2024 20:50:50.129928112 CET49957443192.168.2.535.195.45.98
                    Dec 24, 2024 20:50:50.129957914 CET4434995735.195.45.98192.168.2.5
                    Dec 24, 2024 20:50:50.130157948 CET49957443192.168.2.535.195.45.98
                    Dec 24, 2024 20:50:50.286070108 CET49957443192.168.2.535.195.45.98
                    Dec 24, 2024 20:50:50.286106110 CET4434995735.195.45.98192.168.2.5
                    Dec 24, 2024 20:50:50.286134958 CET4434995735.195.45.98192.168.2.5
                    Dec 24, 2024 20:50:52.330362082 CET49962443192.168.2.534.34.145.103
                    Dec 24, 2024 20:50:52.330379963 CET4434996234.34.145.103192.168.2.5
                    Dec 24, 2024 20:50:52.330558062 CET49962443192.168.2.534.34.145.103
                    Dec 24, 2024 20:50:52.450418949 CET49962443192.168.2.534.34.145.103
                    Dec 24, 2024 20:50:52.450438023 CET4434996234.34.145.103192.168.2.5
                    Dec 24, 2024 20:50:52.450453997 CET49962443192.168.2.534.34.145.103
                    Dec 24, 2024 20:50:52.450459957 CET4434996234.34.145.103192.168.2.5
                    Dec 24, 2024 20:50:52.450483084 CET4434996234.34.145.103192.168.2.5
                    Dec 24, 2024 20:50:53.971259117 CET49965443192.168.2.534.169.99.17
                    Dec 24, 2024 20:50:53.971302032 CET4434996534.169.99.17192.168.2.5
                    Dec 24, 2024 20:50:53.971399069 CET49965443192.168.2.534.169.99.17
                    Dec 24, 2024 20:50:54.028805971 CET49965443192.168.2.534.169.99.17
                    Dec 24, 2024 20:50:54.028825998 CET4434996534.169.99.17192.168.2.5
                    Dec 24, 2024 20:50:54.028861046 CET4434996534.169.99.17192.168.2.5
                    Dec 24, 2024 20:50:54.028863907 CET49965443192.168.2.534.169.99.17
                    Dec 24, 2024 20:50:54.028875113 CET4434996534.169.99.17192.168.2.5
                    Dec 24, 2024 20:50:56.380928040 CET49970443192.168.2.534.83.67.185
                    Dec 24, 2024 20:50:56.380942106 CET4434997034.83.67.185192.168.2.5
                    Dec 24, 2024 20:50:56.381025076 CET49970443192.168.2.534.83.67.185
                    Dec 24, 2024 20:50:56.533667088 CET49970443192.168.2.534.83.67.185
                    Dec 24, 2024 20:50:56.533679008 CET4434997034.83.67.185192.168.2.5
                    Dec 24, 2024 20:50:56.533719063 CET4434997034.83.67.185192.168.2.5
                    Dec 24, 2024 20:50:56.533742905 CET49970443192.168.2.534.83.67.185
                    Dec 24, 2024 20:50:56.533749104 CET4434997034.83.67.185192.168.2.5
                    Dec 24, 2024 20:50:58.549103975 CET49975443192.168.2.535.195.45.98
                    Dec 24, 2024 20:50:58.549129963 CET4434997535.195.45.98192.168.2.5
                    Dec 24, 2024 20:50:58.549199104 CET49975443192.168.2.535.195.45.98
                    Dec 24, 2024 20:50:58.597234011 CET49975443192.168.2.535.195.45.98
                    Dec 24, 2024 20:50:58.597245932 CET4434997535.195.45.98192.168.2.5
                    Dec 24, 2024 20:50:58.597321033 CET4434997535.195.45.98192.168.2.5
                    Dec 24, 2024 20:50:58.597351074 CET49975443192.168.2.535.195.45.98
                    Dec 24, 2024 20:50:58.597358942 CET4434997535.195.45.98192.168.2.5
                    Dec 24, 2024 20:51:01.300910950 CET49983443192.168.2.534.34.145.103
                    Dec 24, 2024 20:51:01.300964117 CET4434998334.34.145.103192.168.2.5
                    Dec 24, 2024 20:51:01.301054001 CET49983443192.168.2.534.34.145.103
                    Dec 24, 2024 20:51:01.351950884 CET49983443192.168.2.534.34.145.103
                    Dec 24, 2024 20:51:01.351968050 CET4434998334.34.145.103192.168.2.5
                    Dec 24, 2024 20:51:01.352011919 CET4434998334.34.145.103192.168.2.5
                    Dec 24, 2024 20:51:01.352039099 CET49983443192.168.2.534.34.145.103
                    Dec 24, 2024 20:51:01.352047920 CET4434998334.34.145.103192.168.2.5
                    Dec 24, 2024 20:51:03.236548901 CET49988443192.168.2.534.169.99.17
                    Dec 24, 2024 20:51:03.236591101 CET4434998834.169.99.17192.168.2.5
                    Dec 24, 2024 20:51:03.236676931 CET49988443192.168.2.534.169.99.17
                    Dec 24, 2024 20:51:03.495105028 CET49988443192.168.2.534.169.99.17
                    Dec 24, 2024 20:51:03.495126963 CET4434998834.169.99.17192.168.2.5
                    Dec 24, 2024 20:51:03.495165110 CET4434998834.169.99.17192.168.2.5
                    Dec 24, 2024 20:51:04.912034035 CET49991443192.168.2.534.83.67.185
                    Dec 24, 2024 20:51:04.912060022 CET4434999134.83.67.185192.168.2.5
                    Dec 24, 2024 20:51:04.916066885 CET49991443192.168.2.534.83.67.185
                    Dec 24, 2024 20:51:04.974890947 CET49991443192.168.2.534.83.67.185
                    Dec 24, 2024 20:51:04.974903107 CET4434999134.83.67.185192.168.2.5
                    Dec 24, 2024 20:51:04.974932909 CET4434999134.83.67.185192.168.2.5
                    Dec 24, 2024 20:51:07.317938089 CET49998443192.168.2.535.195.45.98
                    Dec 24, 2024 20:51:07.317954063 CET4434999835.195.45.98192.168.2.5
                    Dec 24, 2024 20:51:07.318080902 CET49998443192.168.2.535.195.45.98
                    Dec 24, 2024 20:51:07.388822079 CET49998443192.168.2.535.195.45.98
                    Dec 24, 2024 20:51:07.388844013 CET4434999835.195.45.98192.168.2.5
                    Dec 24, 2024 20:51:07.388870955 CET4434999835.195.45.98192.168.2.5
                    Dec 24, 2024 20:51:08.247093916 CET50002443192.168.2.534.34.145.103
                    Dec 24, 2024 20:51:08.247138023 CET4435000234.34.145.103192.168.2.5
                    Dec 24, 2024 20:51:08.247227907 CET50002443192.168.2.534.34.145.103
                    Dec 24, 2024 20:51:08.411003113 CET50002443192.168.2.534.34.145.103
                    Dec 24, 2024 20:51:08.411041021 CET4435000234.34.145.103192.168.2.5
                    Dec 24, 2024 20:51:08.411077023 CET4435000234.34.145.103192.168.2.5
                    Dec 24, 2024 20:51:08.411102057 CET50002443192.168.2.534.34.145.103
                    Dec 24, 2024 20:51:08.411124945 CET4435000234.34.145.103192.168.2.5
                    Dec 24, 2024 20:51:08.423268080 CET50003443192.168.2.534.169.99.17
                    Dec 24, 2024 20:51:08.423293114 CET4435000334.169.99.17192.168.2.5
                    Dec 24, 2024 20:51:08.423362017 CET50003443192.168.2.534.169.99.17
                    Dec 24, 2024 20:51:08.512926102 CET50003443192.168.2.534.169.99.17
                    Dec 24, 2024 20:51:08.512939930 CET4435000334.169.99.17192.168.2.5
                    Dec 24, 2024 20:51:08.512963057 CET4435000334.169.99.17192.168.2.5
                    Dec 24, 2024 20:51:08.512980938 CET50003443192.168.2.534.169.99.17
                    Dec 24, 2024 20:51:08.512991905 CET4435000334.169.99.17192.168.2.5
                    Dec 24, 2024 20:51:08.526294947 CET50004443192.168.2.534.83.67.185
                    Dec 24, 2024 20:51:08.526314974 CET4435000434.83.67.185192.168.2.5
                    Dec 24, 2024 20:51:08.526372910 CET50004443192.168.2.534.83.67.185
                    Dec 24, 2024 20:51:08.596965075 CET50004443192.168.2.534.83.67.185
                    Dec 24, 2024 20:51:08.596977949 CET4435000434.83.67.185192.168.2.5
                    Dec 24, 2024 20:51:08.596997023 CET50004443192.168.2.534.83.67.185
                    Dec 24, 2024 20:51:08.597001076 CET4435000434.83.67.185192.168.2.5
                    Dec 24, 2024 20:51:08.597012043 CET4435000434.83.67.185192.168.2.5
                    Dec 24, 2024 20:51:08.608191013 CET50006443192.168.2.535.195.45.98
                    Dec 24, 2024 20:51:08.608256102 CET4435000635.195.45.98192.168.2.5
                    Dec 24, 2024 20:51:08.608318090 CET50006443192.168.2.535.195.45.98
                    Dec 24, 2024 20:51:08.678807974 CET50006443192.168.2.535.195.45.98
                    Dec 24, 2024 20:51:08.678853989 CET4435000635.195.45.98192.168.2.5
                    Dec 24, 2024 20:51:08.678881884 CET50006443192.168.2.535.195.45.98
                    Dec 24, 2024 20:51:08.678883076 CET4435000635.195.45.98192.168.2.5
                    Dec 24, 2024 20:51:08.678901911 CET4435000635.195.45.98192.168.2.5
                    Dec 24, 2024 20:51:10.720818043 CET50011443192.168.2.534.34.145.103
                    Dec 24, 2024 20:51:10.720868111 CET4435001134.34.145.103192.168.2.5
                    Dec 24, 2024 20:51:10.720931053 CET50011443192.168.2.534.34.145.103
                    Dec 24, 2024 20:51:10.773406982 CET50011443192.168.2.534.34.145.103
                    Dec 24, 2024 20:51:10.773432970 CET4435001134.34.145.103192.168.2.5
                    Dec 24, 2024 20:51:10.773472071 CET4435001134.34.145.103192.168.2.5
                    Dec 24, 2024 20:51:10.773474932 CET50011443192.168.2.534.34.145.103
                    Dec 24, 2024 20:51:10.773483992 CET4435001134.34.145.103192.168.2.5
                    Dec 24, 2024 20:51:13.002011061 CET50018443192.168.2.534.169.99.17
                    Dec 24, 2024 20:51:13.002059937 CET4435001834.169.99.17192.168.2.5
                    Dec 24, 2024 20:51:13.002202034 CET50018443192.168.2.534.169.99.17
                    Dec 24, 2024 20:51:13.480849981 CET50018443192.168.2.534.169.99.17
                    Dec 24, 2024 20:51:13.480874062 CET4435001834.169.99.17192.168.2.5
                    Dec 24, 2024 20:51:13.480911016 CET4435001834.169.99.17192.168.2.5
                    Dec 24, 2024 20:51:16.033751011 CET50023443192.168.2.534.83.67.185
                    Dec 24, 2024 20:51:16.033791065 CET4435002334.83.67.185192.168.2.5
                    Dec 24, 2024 20:51:16.033852100 CET50023443192.168.2.534.83.67.185
                    Dec 24, 2024 20:51:16.231070042 CET50023443192.168.2.534.83.67.185
                    Dec 24, 2024 20:51:16.231106043 CET4435002334.83.67.185192.168.2.5
                    Dec 24, 2024 20:51:16.231139898 CET4435002334.83.67.185192.168.2.5
                    Dec 24, 2024 20:51:17.783122063 CET50028443192.168.2.535.195.45.98
                    Dec 24, 2024 20:51:17.783149004 CET4435002835.195.45.98192.168.2.5
                    Dec 24, 2024 20:51:17.783276081 CET50028443192.168.2.535.195.45.98
                    Dec 24, 2024 20:51:17.843647957 CET50028443192.168.2.535.195.45.98
                    Dec 24, 2024 20:51:17.843668938 CET4435002835.195.45.98192.168.2.5
                    Dec 24, 2024 20:51:17.843715906 CET4435002835.195.45.98192.168.2.5
                    Dec 24, 2024 20:51:20.561896086 CET50034443192.168.2.534.34.145.103
                    Dec 24, 2024 20:51:20.561947107 CET4435003434.34.145.103192.168.2.5
                    Dec 24, 2024 20:51:20.562014103 CET50034443192.168.2.534.34.145.103
                    Dec 24, 2024 20:51:20.667224884 CET50034443192.168.2.534.34.145.103
                    Dec 24, 2024 20:51:20.667258978 CET4435003434.34.145.103192.168.2.5
                    Dec 24, 2024 20:51:20.667273045 CET50034443192.168.2.534.34.145.103
                    Dec 24, 2024 20:51:20.667282104 CET4435003434.34.145.103192.168.2.5
                    Dec 24, 2024 20:51:20.667299986 CET4435003434.34.145.103192.168.2.5
                    Dec 24, 2024 20:51:22.982012987 CET50040443192.168.2.534.169.99.17
                    Dec 24, 2024 20:51:22.982038021 CET4435004034.169.99.17192.168.2.5
                    Dec 24, 2024 20:51:22.982151031 CET50040443192.168.2.534.169.99.17
                    Dec 24, 2024 20:51:23.045958042 CET50040443192.168.2.534.169.99.17
                    Dec 24, 2024 20:51:23.045969963 CET4435004034.169.99.17192.168.2.5
                    Dec 24, 2024 20:51:23.046005011 CET4435004034.169.99.17192.168.2.5
                    Dec 24, 2024 20:51:23.046037912 CET50040443192.168.2.534.169.99.17
                    Dec 24, 2024 20:51:23.046046019 CET4435004034.169.99.17192.168.2.5
                    Dec 24, 2024 20:51:25.788566113 CET50042443192.168.2.534.83.67.185
                    Dec 24, 2024 20:51:25.788626909 CET4435004234.83.67.185192.168.2.5
                    Dec 24, 2024 20:51:25.792948008 CET50042443192.168.2.534.83.67.185
                    Dec 24, 2024 20:51:25.847791910 CET50042443192.168.2.534.83.67.185
                    Dec 24, 2024 20:51:25.847829103 CET4435004234.83.67.185192.168.2.5
                    Dec 24, 2024 20:51:25.847918987 CET4435004234.83.67.185192.168.2.5
                    Dec 24, 2024 20:51:25.847949028 CET50042443192.168.2.534.83.67.185
                    Dec 24, 2024 20:51:25.847970009 CET4435004234.83.67.185192.168.2.5
                    Dec 24, 2024 20:51:28.049335003 CET50043443192.168.2.535.195.45.98
                    Dec 24, 2024 20:51:28.049422026 CET4435004335.195.45.98192.168.2.5
                    Dec 24, 2024 20:51:28.049505949 CET50043443192.168.2.535.195.45.98
                    Dec 24, 2024 20:51:28.110039949 CET50043443192.168.2.535.195.45.98
                    Dec 24, 2024 20:51:28.110088110 CET4435004335.195.45.98192.168.2.5
                    Dec 24, 2024 20:51:28.110117912 CET50043443192.168.2.535.195.45.98
                    Dec 24, 2024 20:51:28.110133886 CET4435004335.195.45.98192.168.2.5
                    Dec 24, 2024 20:51:28.110240936 CET4435004335.195.45.98192.168.2.5
                    Dec 24, 2024 20:51:29.464008093 CET50044443192.168.2.534.34.145.103
                    Dec 24, 2024 20:51:29.464041948 CET4435004434.34.145.103192.168.2.5
                    Dec 24, 2024 20:51:29.464406967 CET50044443192.168.2.534.34.145.103
                    Dec 24, 2024 20:51:30.006700039 CET50044443192.168.2.534.34.145.103
                    Dec 24, 2024 20:51:30.006725073 CET4435004434.34.145.103192.168.2.5
                    Dec 24, 2024 20:51:30.006769896 CET50044443192.168.2.534.34.145.103
                    Dec 24, 2024 20:51:30.006808996 CET4435004434.34.145.103192.168.2.5
                    Dec 24, 2024 20:51:30.006908894 CET4435004434.34.145.103192.168.2.5
                    Dec 24, 2024 20:51:30.020215034 CET50045443192.168.2.534.169.99.17
                    Dec 24, 2024 20:51:30.020313025 CET4435004534.169.99.17192.168.2.5
                    Dec 24, 2024 20:51:30.020378113 CET50045443192.168.2.534.169.99.17
                    Dec 24, 2024 20:51:30.084498882 CET50045443192.168.2.534.169.99.17
                    Dec 24, 2024 20:51:30.084541082 CET4435004534.169.99.17192.168.2.5
                    Dec 24, 2024 20:51:30.084588051 CET4435004534.169.99.17192.168.2.5
                    Dec 24, 2024 20:51:30.084589958 CET50045443192.168.2.534.169.99.17
                    Dec 24, 2024 20:51:30.084609985 CET4435004534.169.99.17192.168.2.5
                    Dec 24, 2024 20:51:30.095045090 CET50046443192.168.2.534.83.67.185
                    Dec 24, 2024 20:51:30.095093012 CET4435004634.83.67.185192.168.2.5
                    Dec 24, 2024 20:51:30.095144987 CET50046443192.168.2.534.83.67.185
                    Dec 24, 2024 20:51:30.147283077 CET50046443192.168.2.534.83.67.185
                    Dec 24, 2024 20:51:30.147301912 CET4435004634.83.67.185192.168.2.5
                    Dec 24, 2024 20:51:30.147346973 CET50046443192.168.2.534.83.67.185
                    Dec 24, 2024 20:51:30.147352934 CET4435004634.83.67.185192.168.2.5
                    Dec 24, 2024 20:51:30.147383928 CET4435004634.83.67.185192.168.2.5
                    Dec 24, 2024 20:51:30.160613060 CET50047443192.168.2.535.195.45.98
                    Dec 24, 2024 20:51:30.160624027 CET4435004735.195.45.98192.168.2.5
                    Dec 24, 2024 20:51:30.160681963 CET50047443192.168.2.535.195.45.98
                    Dec 24, 2024 20:51:30.274086952 CET50047443192.168.2.535.195.45.98
                    Dec 24, 2024 20:51:30.274112940 CET4435004735.195.45.98192.168.2.5
                    Dec 24, 2024 20:51:30.274158955 CET50047443192.168.2.535.195.45.98
                    Dec 24, 2024 20:51:30.274163961 CET4435004735.195.45.98192.168.2.5
                    Dec 24, 2024 20:51:30.274184942 CET4435004735.195.45.98192.168.2.5
                    Dec 24, 2024 20:51:32.315785885 CET50048443192.168.2.534.34.145.103
                    Dec 24, 2024 20:51:32.315859079 CET4435004834.34.145.103192.168.2.5
                    Dec 24, 2024 20:51:32.315927982 CET50048443192.168.2.534.34.145.103
                    Dec 24, 2024 20:51:32.421336889 CET50048443192.168.2.534.34.145.103
                    Dec 24, 2024 20:51:32.421359062 CET4435004834.34.145.103192.168.2.5
                    Dec 24, 2024 20:51:32.421406984 CET50048443192.168.2.534.34.145.103
                    Dec 24, 2024 20:51:32.421437025 CET4435004834.34.145.103192.168.2.5
                    Dec 24, 2024 20:51:32.421528101 CET4435004834.34.145.103192.168.2.5
                    Dec 24, 2024 20:51:34.299729109 CET50049443192.168.2.534.169.99.17
                    Dec 24, 2024 20:51:34.299767017 CET4435004934.169.99.17192.168.2.5
                    Dec 24, 2024 20:51:34.299829960 CET50049443192.168.2.534.169.99.17
                    Dec 24, 2024 20:51:34.383049965 CET50049443192.168.2.534.169.99.17
                    Dec 24, 2024 20:51:34.383076906 CET4435004934.169.99.17192.168.2.5
                    Dec 24, 2024 20:51:34.383126020 CET50049443192.168.2.534.169.99.17
                    Dec 24, 2024 20:51:34.383136034 CET4435004934.169.99.17192.168.2.5
                    Dec 24, 2024 20:51:34.383188009 CET4435004934.169.99.17192.168.2.5
                    Dec 24, 2024 20:51:36.665158033 CET50050443192.168.2.534.83.67.185
                    Dec 24, 2024 20:51:36.665236950 CET4435005034.83.67.185192.168.2.5
                    Dec 24, 2024 20:51:36.665354967 CET50050443192.168.2.534.83.67.185
                    Dec 24, 2024 20:51:36.857845068 CET50050443192.168.2.534.83.67.185
                    Dec 24, 2024 20:51:36.857896090 CET4435005034.83.67.185192.168.2.5
                    Dec 24, 2024 20:51:36.857927084 CET50050443192.168.2.534.83.67.185
                    Dec 24, 2024 20:51:36.857943058 CET4435005034.83.67.185192.168.2.5
                    Dec 24, 2024 20:51:36.857995987 CET4435005034.83.67.185192.168.2.5
                    Dec 24, 2024 20:51:39.002135038 CET50051443192.168.2.535.195.45.98
                    Dec 24, 2024 20:51:39.002228022 CET4435005135.195.45.98192.168.2.5
                    Dec 24, 2024 20:51:39.006097078 CET50051443192.168.2.535.195.45.98
                    Dec 24, 2024 20:51:39.083498955 CET50051443192.168.2.535.195.45.98
                    Dec 24, 2024 20:51:39.083544970 CET4435005135.195.45.98192.168.2.5
                    Dec 24, 2024 20:51:39.083612919 CET4435005135.195.45.98192.168.2.5
                    Dec 24, 2024 20:51:42.298280954 CET50052443192.168.2.534.34.145.103
                    Dec 24, 2024 20:51:42.298369884 CET4435005234.34.145.103192.168.2.5
                    Dec 24, 2024 20:51:42.298455000 CET50052443192.168.2.534.34.145.103
                    Dec 24, 2024 20:51:42.384114981 CET50052443192.168.2.534.34.145.103
                    Dec 24, 2024 20:51:42.384166002 CET4435005234.34.145.103192.168.2.5
                    Dec 24, 2024 20:51:42.384224892 CET50052443192.168.2.534.34.145.103
                    Dec 24, 2024 20:51:42.384227991 CET4435005234.34.145.103192.168.2.5
                    Dec 24, 2024 20:51:42.384248018 CET4435005234.34.145.103192.168.2.5
                    Dec 24, 2024 20:51:45.017352104 CET50053443192.168.2.534.169.99.17
                    Dec 24, 2024 20:51:45.017460108 CET4435005334.169.99.17192.168.2.5
                    Dec 24, 2024 20:51:45.017663002 CET50053443192.168.2.534.169.99.17
                    Dec 24, 2024 20:51:45.127271891 CET50053443192.168.2.534.169.99.17
                    Dec 24, 2024 20:51:45.127332926 CET4435005334.169.99.17192.168.2.5
                    Dec 24, 2024 20:51:45.127388954 CET4435005334.169.99.17192.168.2.5
                    Dec 24, 2024 20:51:45.127425909 CET50053443192.168.2.534.169.99.17
                    Dec 24, 2024 20:51:45.127448082 CET4435005334.169.99.17192.168.2.5
                    Dec 24, 2024 20:51:46.985991955 CET50054443192.168.2.534.83.67.185
                    Dec 24, 2024 20:51:46.986053944 CET4435005434.83.67.185192.168.2.5
                    Dec 24, 2024 20:51:46.986407995 CET50054443192.168.2.534.83.67.185
                    Dec 24, 2024 20:51:47.363250971 CET50054443192.168.2.534.83.67.185
                    Dec 24, 2024 20:51:47.363279104 CET4435005434.83.67.185192.168.2.5
                    Dec 24, 2024 20:51:47.363331079 CET4435005434.83.67.185192.168.2.5
                    Dec 24, 2024 20:51:49.472071886 CET50055443192.168.2.535.195.45.98
                    Dec 24, 2024 20:51:49.472110987 CET4435005535.195.45.98192.168.2.5
                    Dec 24, 2024 20:51:49.476315975 CET50055443192.168.2.535.195.45.98
                    Dec 24, 2024 20:51:49.543294907 CET50055443192.168.2.535.195.45.98
                    Dec 24, 2024 20:51:49.543322086 CET4435005535.195.45.98192.168.2.5
                    Dec 24, 2024 20:51:49.543354988 CET4435005535.195.45.98192.168.2.5
                    Dec 24, 2024 20:51:50.293489933 CET50056443192.168.2.534.34.145.103
                    Dec 24, 2024 20:51:50.293538094 CET4435005634.34.145.103192.168.2.5
                    Dec 24, 2024 20:51:50.293606997 CET50056443192.168.2.534.34.145.103
                    Dec 24, 2024 20:51:50.681540012 CET50056443192.168.2.534.34.145.103
                    Dec 24, 2024 20:51:50.681566954 CET4435005634.34.145.103192.168.2.5
                    Dec 24, 2024 20:51:50.681607008 CET4435005634.34.145.103192.168.2.5
                    Dec 24, 2024 20:51:50.681611061 CET50056443192.168.2.534.34.145.103
                    Dec 24, 2024 20:51:50.681628942 CET4435005634.34.145.103192.168.2.5
                    Dec 24, 2024 20:51:50.696793079 CET50057443192.168.2.534.169.99.17
                    Dec 24, 2024 20:51:50.696824074 CET4435005734.169.99.17192.168.2.5
                    Dec 24, 2024 20:51:50.696887970 CET50057443192.168.2.534.169.99.17
                    Dec 24, 2024 20:51:50.782260895 CET50057443192.168.2.534.169.99.17
                    Dec 24, 2024 20:51:50.782286882 CET4435005734.169.99.17192.168.2.5
                    Dec 24, 2024 20:51:50.782341957 CET4435005734.169.99.17192.168.2.5
                    Dec 24, 2024 20:51:50.800955057 CET50058443192.168.2.534.83.67.185
                    Dec 24, 2024 20:51:50.801048994 CET4435005834.83.67.185192.168.2.5
                    Dec 24, 2024 20:51:50.801124096 CET50058443192.168.2.534.83.67.185
                    Dec 24, 2024 20:51:51.162000895 CET50058443192.168.2.534.83.67.185
                    Dec 24, 2024 20:51:51.162054062 CET4435005834.83.67.185192.168.2.5
                    Dec 24, 2024 20:51:51.162096977 CET4435005834.83.67.185192.168.2.5
                    Dec 24, 2024 20:51:51.201169014 CET50059443192.168.2.535.195.45.98
                    Dec 24, 2024 20:51:51.201225996 CET4435005935.195.45.98192.168.2.5
                    Dec 24, 2024 20:51:51.201541901 CET50059443192.168.2.535.195.45.98
                    Dec 24, 2024 20:51:51.310384035 CET50059443192.168.2.535.195.45.98
                    Dec 24, 2024 20:51:51.310419083 CET4435005935.195.45.98192.168.2.5
                    Dec 24, 2024 20:51:51.310451984 CET4435005935.195.45.98192.168.2.5
                    Dec 24, 2024 20:51:53.345285892 CET50060443192.168.2.534.34.145.103
                    Dec 24, 2024 20:51:53.345319986 CET4435006034.34.145.103192.168.2.5
                    Dec 24, 2024 20:51:53.346080065 CET50060443192.168.2.534.34.145.103
                    Dec 24, 2024 20:51:53.492436886 CET50060443192.168.2.534.34.145.103
                    Dec 24, 2024 20:51:53.492465019 CET4435006034.34.145.103192.168.2.5
                    Dec 24, 2024 20:51:53.492531061 CET4435006034.34.145.103192.168.2.5
                    Dec 24, 2024 20:51:55.800029993 CET50061443192.168.2.534.169.99.17
                    Dec 24, 2024 20:51:55.800086021 CET4435006134.169.99.17192.168.2.5
                    Dec 24, 2024 20:51:55.800287962 CET50061443192.168.2.534.169.99.17
                    Dec 24, 2024 20:51:56.140019894 CET50061443192.168.2.534.169.99.17
                    Dec 24, 2024 20:51:56.140072107 CET4435006134.169.99.17192.168.2.5
                    Dec 24, 2024 20:51:56.140125990 CET4435006134.169.99.17192.168.2.5
                    Dec 24, 2024 20:51:56.140156031 CET50061443192.168.2.534.169.99.17
                    Dec 24, 2024 20:51:56.140180111 CET4435006134.169.99.17192.168.2.5
                    Dec 24, 2024 20:51:58.488277912 CET50062443192.168.2.534.83.67.185
                    Dec 24, 2024 20:51:58.488342047 CET4435006234.83.67.185192.168.2.5
                    Dec 24, 2024 20:51:58.488421917 CET50062443192.168.2.534.83.67.185
                    Dec 24, 2024 20:51:58.720024109 CET50062443192.168.2.534.83.67.185
                    Dec 24, 2024 20:51:58.720040083 CET4435006234.83.67.185192.168.2.5
                    Dec 24, 2024 20:51:58.720088959 CET50062443192.168.2.534.83.67.185
                    Dec 24, 2024 20:51:58.720097065 CET4435006234.83.67.185192.168.2.5
                    Dec 24, 2024 20:51:58.720099926 CET4435006234.83.67.185192.168.2.5
                    Dec 24, 2024 20:52:00.689599991 CET50063443192.168.2.535.195.45.98
                    Dec 24, 2024 20:52:00.689651966 CET4435006335.195.45.98192.168.2.5
                    Dec 24, 2024 20:52:00.689737082 CET50063443192.168.2.535.195.45.98
                    Dec 24, 2024 20:52:00.858455896 CET50063443192.168.2.535.195.45.98
                    Dec 24, 2024 20:52:00.858477116 CET4435006335.195.45.98192.168.2.5
                    Dec 24, 2024 20:52:00.858530998 CET50063443192.168.2.535.195.45.98
                    Dec 24, 2024 20:52:00.858536005 CET4435006335.195.45.98192.168.2.5
                    Dec 24, 2024 20:52:00.858570099 CET4435006335.195.45.98192.168.2.5
                    Dec 24, 2024 20:52:04.267456055 CET50064443192.168.2.534.34.145.103
                    Dec 24, 2024 20:52:04.267556906 CET4435006434.34.145.103192.168.2.5
                    Dec 24, 2024 20:52:04.267656088 CET50064443192.168.2.534.34.145.103
                    Dec 24, 2024 20:52:04.327554941 CET50064443192.168.2.534.34.145.103
                    Dec 24, 2024 20:52:04.327608109 CET4435006434.34.145.103192.168.2.5
                    Dec 24, 2024 20:52:04.327627897 CET50064443192.168.2.534.34.145.103
                    Dec 24, 2024 20:52:04.327642918 CET4435006434.34.145.103192.168.2.5
                    Dec 24, 2024 20:52:04.327666998 CET4435006434.34.145.103192.168.2.5
                    Dec 24, 2024 20:52:07.137804985 CET50065443192.168.2.534.169.99.17
                    Dec 24, 2024 20:52:07.137892008 CET4435006534.169.99.17192.168.2.5
                    Dec 24, 2024 20:52:07.138154030 CET50065443192.168.2.534.169.99.17
                    Dec 24, 2024 20:52:07.216926098 CET50065443192.168.2.534.169.99.17
                    Dec 24, 2024 20:52:07.216926098 CET50065443192.168.2.534.169.99.17
                    Dec 24, 2024 20:52:07.216981888 CET4435006534.169.99.17192.168.2.5
                    Dec 24, 2024 20:52:07.217020035 CET4435006534.169.99.17192.168.2.5
                    Dec 24, 2024 20:52:07.217050076 CET4435006534.169.99.17192.168.2.5
                    Dec 24, 2024 20:52:09.362029076 CET50066443192.168.2.534.83.67.185
                    Dec 24, 2024 20:52:09.362067938 CET4435006634.83.67.185192.168.2.5
                    Dec 24, 2024 20:52:09.362201929 CET50066443192.168.2.534.83.67.185
                    Dec 24, 2024 20:52:09.780132055 CET50066443192.168.2.534.83.67.185
                    Dec 24, 2024 20:52:09.780163050 CET4435006634.83.67.185192.168.2.5
                    Dec 24, 2024 20:52:09.780230999 CET4435006634.83.67.185192.168.2.5
                    Dec 24, 2024 20:52:09.780273914 CET50066443192.168.2.534.83.67.185
                    Dec 24, 2024 20:52:09.780292034 CET4435006634.83.67.185192.168.2.5
                    Dec 24, 2024 20:52:11.861648083 CET50067443192.168.2.535.195.45.98
                    Dec 24, 2024 20:52:11.861716032 CET4435006735.195.45.98192.168.2.5
                    Dec 24, 2024 20:52:11.861792088 CET50067443192.168.2.535.195.45.98
                    Dec 24, 2024 20:52:11.937129974 CET50067443192.168.2.535.195.45.98
                    Dec 24, 2024 20:52:11.937155008 CET4435006735.195.45.98192.168.2.5
                    Dec 24, 2024 20:52:11.937210083 CET4435006735.195.45.98192.168.2.5
                    Dec 24, 2024 20:52:14.099616051 CET50068443192.168.2.534.34.145.103
                    Dec 24, 2024 20:52:14.099667072 CET4435006834.34.145.103192.168.2.5
                    Dec 24, 2024 20:52:14.099734068 CET50068443192.168.2.534.34.145.103
                    Dec 24, 2024 20:52:14.200139046 CET50068443192.168.2.534.34.145.103
                    Dec 24, 2024 20:52:14.200151920 CET4435006834.34.145.103192.168.2.5
                    Dec 24, 2024 20:52:14.200201035 CET4435006834.34.145.103192.168.2.5
                    Dec 24, 2024 20:52:14.200220108 CET50068443192.168.2.534.34.145.103
                    Dec 24, 2024 20:52:14.200228930 CET4435006834.34.145.103192.168.2.5
                    Dec 24, 2024 20:52:14.210006952 CET50069443192.168.2.534.169.99.17
                    Dec 24, 2024 20:52:14.210051060 CET4435006934.169.99.17192.168.2.5
                    Dec 24, 2024 20:52:14.210108995 CET50069443192.168.2.534.169.99.17
                    Dec 24, 2024 20:52:14.310340881 CET50069443192.168.2.534.169.99.17
                    Dec 24, 2024 20:52:14.310357094 CET4435006934.169.99.17192.168.2.5
                    Dec 24, 2024 20:52:14.310393095 CET4435006934.169.99.17192.168.2.5
                    Dec 24, 2024 20:52:14.310415030 CET50069443192.168.2.534.169.99.17
                    Dec 24, 2024 20:52:14.310425043 CET4435006934.169.99.17192.168.2.5
                    Dec 24, 2024 20:52:14.321943045 CET50070443192.168.2.534.83.67.185
                    Dec 24, 2024 20:52:14.321969986 CET4435007034.83.67.185192.168.2.5
                    Dec 24, 2024 20:52:14.322040081 CET50070443192.168.2.534.83.67.185
                    Dec 24, 2024 20:52:14.394340038 CET50070443192.168.2.534.83.67.185
                    Dec 24, 2024 20:52:14.394355059 CET4435007034.83.67.185192.168.2.5
                    Dec 24, 2024 20:52:14.394386053 CET4435007034.83.67.185192.168.2.5
                    Dec 24, 2024 20:52:14.397408009 CET50071443192.168.2.535.195.45.98
                    Dec 24, 2024 20:52:14.397418976 CET4435007135.195.45.98192.168.2.5
                    Dec 24, 2024 20:52:14.397478104 CET50071443192.168.2.535.195.45.98
                    Dec 24, 2024 20:52:14.471379042 CET50071443192.168.2.535.195.45.98
                    Dec 24, 2024 20:52:14.471390009 CET4435007135.195.45.98192.168.2.5
                    Dec 24, 2024 20:52:14.471426010 CET4435007135.195.45.98192.168.2.5
                    Dec 24, 2024 20:52:14.471431971 CET50071443192.168.2.535.195.45.98
                    Dec 24, 2024 20:52:14.471441984 CET4435007135.195.45.98192.168.2.5
                    Dec 24, 2024 20:52:16.501646042 CET50072443192.168.2.534.34.145.103
                    Dec 24, 2024 20:52:16.501728058 CET4435007234.34.145.103192.168.2.5
                    Dec 24, 2024 20:52:16.501830101 CET50072443192.168.2.534.34.145.103
                    Dec 24, 2024 20:52:16.564361095 CET50072443192.168.2.534.34.145.103
                    Dec 24, 2024 20:52:16.564415932 CET4435007234.34.145.103192.168.2.5
                    Dec 24, 2024 20:52:16.564466953 CET50072443192.168.2.534.34.145.103
                    Dec 24, 2024 20:52:16.564480066 CET4435007234.34.145.103192.168.2.5
                    Dec 24, 2024 20:52:16.564490080 CET4435007234.34.145.103192.168.2.5
                    Dec 24, 2024 20:52:18.564456940 CET50073443192.168.2.534.169.99.17
                    Dec 24, 2024 20:52:18.564483881 CET4435007334.169.99.17192.168.2.5
                    Dec 24, 2024 20:52:18.564546108 CET50073443192.168.2.534.169.99.17
                    Dec 24, 2024 20:52:18.620270967 CET50073443192.168.2.534.169.99.17
                    Dec 24, 2024 20:52:18.620290995 CET4435007334.169.99.17192.168.2.5
                    Dec 24, 2024 20:52:18.620301008 CET50073443192.168.2.534.169.99.17
                    Dec 24, 2024 20:52:18.620309114 CET4435007334.169.99.17192.168.2.5
                    Dec 24, 2024 20:52:18.620363951 CET4435007334.169.99.17192.168.2.5
                    Dec 24, 2024 20:52:21.079811096 CET50074443192.168.2.534.83.67.185
                    Dec 24, 2024 20:52:21.079852104 CET4435007434.83.67.185192.168.2.5
                    Dec 24, 2024 20:52:21.079950094 CET50074443192.168.2.534.83.67.185
                    Dec 24, 2024 20:52:21.135545969 CET50074443192.168.2.534.83.67.185
                    Dec 24, 2024 20:52:21.135559082 CET4435007434.83.67.185192.168.2.5
                    Dec 24, 2024 20:52:21.135606050 CET4435007434.83.67.185192.168.2.5
                    Dec 24, 2024 20:52:21.135643959 CET50074443192.168.2.534.83.67.185
                    Dec 24, 2024 20:52:21.135653019 CET4435007434.83.67.185192.168.2.5
                    Dec 24, 2024 20:52:23.238642931 CET50075443192.168.2.535.195.45.98
                    Dec 24, 2024 20:52:23.238689899 CET4435007535.195.45.98192.168.2.5
                    Dec 24, 2024 20:52:23.238805056 CET50075443192.168.2.535.195.45.98
                    Dec 24, 2024 20:52:23.520351887 CET50075443192.168.2.535.195.45.98
                    Dec 24, 2024 20:52:23.520385981 CET4435007535.195.45.98192.168.2.5
                    Dec 24, 2024 20:52:23.520450115 CET4435007535.195.45.98192.168.2.5
                    Dec 24, 2024 20:52:23.520473957 CET50075443192.168.2.535.195.45.98
                    Dec 24, 2024 20:52:23.520490885 CET4435007535.195.45.98192.168.2.5
                    Dec 24, 2024 20:52:26.689562082 CET50076443192.168.2.534.34.145.103
                    Dec 24, 2024 20:52:26.689626932 CET4435007634.34.145.103192.168.2.5
                    Dec 24, 2024 20:52:26.689687967 CET50076443192.168.2.534.34.145.103
                    Dec 24, 2024 20:52:26.921627998 CET50076443192.168.2.534.34.145.103
                    Dec 24, 2024 20:52:26.921658993 CET4435007634.34.145.103192.168.2.5
                    Dec 24, 2024 20:52:26.921700954 CET50076443192.168.2.534.34.145.103
                    Dec 24, 2024 20:52:26.921705961 CET4435007634.34.145.103192.168.2.5
                    Dec 24, 2024 20:52:26.921725988 CET4435007634.34.145.103192.168.2.5
                    Dec 24, 2024 20:52:29.114048958 CET50077443192.168.2.534.169.99.17
                    Dec 24, 2024 20:52:29.114094973 CET4435007734.169.99.17192.168.2.5
                    Dec 24, 2024 20:52:29.122035027 CET50077443192.168.2.534.169.99.17
                    Dec 24, 2024 20:52:29.172492981 CET50077443192.168.2.534.169.99.17
                    Dec 24, 2024 20:52:29.172506094 CET4435007734.169.99.17192.168.2.5
                    Dec 24, 2024 20:52:29.172553062 CET4435007734.169.99.17192.168.2.5
                    Dec 24, 2024 20:52:31.408674955 CET50078443192.168.2.534.83.67.185
                    Dec 24, 2024 20:52:31.408768892 CET4435007834.83.67.185192.168.2.5
                    Dec 24, 2024 20:52:31.408916950 CET50078443192.168.2.534.83.67.185
                    Dec 24, 2024 20:52:31.469786882 CET50078443192.168.2.534.83.67.185
                    Dec 24, 2024 20:52:31.469831944 CET4435007834.83.67.185192.168.2.5
                    Dec 24, 2024 20:52:31.469886065 CET4435007834.83.67.185192.168.2.5
                    Dec 24, 2024 20:52:33.736259937 CET50079443192.168.2.535.195.45.98
                    Dec 24, 2024 20:52:33.736362934 CET4435007935.195.45.98192.168.2.5
                    Dec 24, 2024 20:52:33.740648985 CET50079443192.168.2.535.195.45.98
                    Dec 24, 2024 20:52:33.819169998 CET50079443192.168.2.535.195.45.98
                    Dec 24, 2024 20:52:33.819214106 CET4435007935.195.45.98192.168.2.5
                    Dec 24, 2024 20:52:33.819264889 CET4435007935.195.45.98192.168.2.5
                    Dec 24, 2024 20:52:35.586070061 CET50080443192.168.2.534.34.145.103
                    Dec 24, 2024 20:52:35.586122990 CET4435008034.34.145.103192.168.2.5
                    Dec 24, 2024 20:52:35.586287022 CET50080443192.168.2.534.34.145.103
                    Dec 24, 2024 20:52:35.651626110 CET50080443192.168.2.534.34.145.103
                    Dec 24, 2024 20:52:35.651659012 CET4435008034.34.145.103192.168.2.5
                    Dec 24, 2024 20:52:35.651696920 CET50080443192.168.2.534.34.145.103
                    Dec 24, 2024 20:52:35.651716948 CET4435008034.34.145.103192.168.2.5
                    Dec 24, 2024 20:52:35.676305056 CET50081443192.168.2.534.169.99.17
                    Dec 24, 2024 20:52:35.676382065 CET4435008134.169.99.17192.168.2.5
                    Dec 24, 2024 20:52:35.676625967 CET50081443192.168.2.534.169.99.17
                    Dec 24, 2024 20:52:35.748079062 CET50081443192.168.2.534.169.99.17
                    Dec 24, 2024 20:52:35.748126984 CET4435008134.169.99.17192.168.2.5
                    Dec 24, 2024 20:52:35.748172998 CET4435008134.169.99.17192.168.2.5
                    Dec 24, 2024 20:52:35.776093960 CET50082443192.168.2.534.83.67.185
                    Dec 24, 2024 20:52:35.776132107 CET4435008234.83.67.185192.168.2.5
                    Dec 24, 2024 20:52:35.780181885 CET50082443192.168.2.534.83.67.185
                    Dec 24, 2024 20:52:35.843322039 CET50082443192.168.2.534.83.67.185
                    Dec 24, 2024 20:52:35.843337059 CET4435008234.83.67.185192.168.2.5
                    Dec 24, 2024 20:52:35.843375921 CET4435008234.83.67.185192.168.2.5
                    Dec 24, 2024 20:52:35.872113943 CET50083443192.168.2.535.195.45.98
                    Dec 24, 2024 20:52:35.872124910 CET4435008335.195.45.98192.168.2.5
                    Dec 24, 2024 20:52:35.872253895 CET50083443192.168.2.535.195.45.98
                    Dec 24, 2024 20:52:35.944106102 CET50083443192.168.2.535.195.45.98
                    Dec 24, 2024 20:52:35.944113970 CET4435008335.195.45.98192.168.2.5
                    Dec 24, 2024 20:52:35.944133043 CET4435008335.195.45.98192.168.2.5
                    Dec 24, 2024 20:52:38.028116941 CET50084443192.168.2.534.34.145.103
                    Dec 24, 2024 20:52:38.028182983 CET4435008434.34.145.103192.168.2.5
                    Dec 24, 2024 20:52:38.036637068 CET50084443192.168.2.534.34.145.103
                    Dec 24, 2024 20:52:39.115081072 CET50084443192.168.2.534.34.145.103
                    Dec 24, 2024 20:52:39.115103960 CET4435008434.34.145.103192.168.2.5
                    Dec 24, 2024 20:52:39.115161896 CET4435008434.34.145.103192.168.2.5
                    Dec 24, 2024 20:52:41.348066092 CET50085443192.168.2.534.169.99.17
                    Dec 24, 2024 20:52:41.348134041 CET4435008534.169.99.17192.168.2.5
                    Dec 24, 2024 20:52:41.352678061 CET50085443192.168.2.534.169.99.17
                    Dec 24, 2024 20:52:41.407908916 CET50085443192.168.2.534.169.99.17
                    Dec 24, 2024 20:52:41.407924891 CET4435008534.169.99.17192.168.2.5
                    Dec 24, 2024 20:52:41.407968044 CET4435008534.169.99.17192.168.2.5
                    Dec 24, 2024 20:52:43.569492102 CET50086443192.168.2.534.83.67.185
                    Dec 24, 2024 20:52:43.569540024 CET4435008634.83.67.185192.168.2.5
                    Dec 24, 2024 20:52:43.569675922 CET50086443192.168.2.534.83.67.185
                    Dec 24, 2024 20:52:43.802047014 CET50086443192.168.2.534.83.67.185
                    Dec 24, 2024 20:52:43.802072048 CET4435008634.83.67.185192.168.2.5
                    Dec 24, 2024 20:52:43.802130938 CET4435008634.83.67.185192.168.2.5
                    Dec 24, 2024 20:52:43.802278996 CET50086443192.168.2.534.83.67.185
                    Dec 24, 2024 20:52:43.802289963 CET4435008634.83.67.185192.168.2.5
                    Dec 24, 2024 20:52:45.204956055 CET50087443192.168.2.535.195.45.98
                    Dec 24, 2024 20:52:45.204983950 CET4435008735.195.45.98192.168.2.5
                    Dec 24, 2024 20:52:45.205282927 CET50087443192.168.2.535.195.45.98
                    Dec 24, 2024 20:52:45.270054102 CET50087443192.168.2.535.195.45.98
                    Dec 24, 2024 20:52:45.270070076 CET4435008735.195.45.98192.168.2.5
                    Dec 24, 2024 20:52:45.270112991 CET4435008735.195.45.98192.168.2.5
                    Dec 24, 2024 20:52:45.270149946 CET50087443192.168.2.535.195.45.98
                    Dec 24, 2024 20:52:45.270159006 CET4435008735.195.45.98192.168.2.5
                    Dec 24, 2024 20:52:47.314363003 CET50088443192.168.2.534.34.145.103
                    Dec 24, 2024 20:52:47.314455032 CET4435008834.34.145.103192.168.2.5
                    Dec 24, 2024 20:52:47.314580917 CET50088443192.168.2.534.34.145.103
                    Dec 24, 2024 20:52:47.369191885 CET50088443192.168.2.534.34.145.103
                    Dec 24, 2024 20:52:47.369191885 CET50088443192.168.2.534.34.145.103
                    Dec 24, 2024 20:52:47.369276047 CET4435008834.34.145.103192.168.2.5
                    Dec 24, 2024 20:52:47.369321108 CET4435008834.34.145.103192.168.2.5
                    Dec 24, 2024 20:52:47.369414091 CET4435008834.34.145.103192.168.2.5
                    Dec 24, 2024 20:52:48.392566919 CET50089443192.168.2.534.169.99.17
                    Dec 24, 2024 20:52:48.392601013 CET4435008934.169.99.17192.168.2.5
                    Dec 24, 2024 20:52:48.392693996 CET50089443192.168.2.534.169.99.17
                    Dec 24, 2024 20:52:48.452990055 CET50089443192.168.2.534.169.99.17
                    Dec 24, 2024 20:52:48.453023911 CET4435008934.169.99.17192.168.2.5
                    Dec 24, 2024 20:52:48.453066111 CET4435008934.169.99.17192.168.2.5
                    Dec 24, 2024 20:52:48.453097105 CET50089443192.168.2.534.169.99.17
                    Dec 24, 2024 20:52:48.453111887 CET4435008934.169.99.17192.168.2.5
                    Dec 24, 2024 20:52:49.470498085 CET50090443192.168.2.534.83.67.185
                    Dec 24, 2024 20:52:49.470545053 CET4435009034.83.67.185192.168.2.5
                    Dec 24, 2024 20:52:49.470662117 CET50090443192.168.2.534.83.67.185
                    Dec 24, 2024 20:52:49.509471893 CET50090443192.168.2.534.83.67.185
                    Dec 24, 2024 20:52:49.509490013 CET4435009034.83.67.185192.168.2.5
                    Dec 24, 2024 20:52:49.509525061 CET4435009034.83.67.185192.168.2.5
                    Dec 24, 2024 20:52:50.533240080 CET50091443192.168.2.535.195.45.98
                    Dec 24, 2024 20:52:50.533274889 CET4435009135.195.45.98192.168.2.5
                    Dec 24, 2024 20:52:50.533345938 CET50091443192.168.2.535.195.45.98
                    Dec 24, 2024 20:52:50.595374107 CET50091443192.168.2.535.195.45.98
                    Dec 24, 2024 20:52:50.595390081 CET4435009135.195.45.98192.168.2.5
                    Dec 24, 2024 20:52:50.595432043 CET50091443192.168.2.535.195.45.98
                    Dec 24, 2024 20:52:50.595438957 CET4435009135.195.45.98192.168.2.5
                    Dec 24, 2024 20:52:50.595442057 CET4435009135.195.45.98192.168.2.5
                    Dec 24, 2024 20:52:50.611295938 CET50092443192.168.2.534.34.145.103
                    Dec 24, 2024 20:52:50.611330986 CET4435009234.34.145.103192.168.2.5
                    Dec 24, 2024 20:52:50.611393929 CET50092443192.168.2.534.34.145.103
                    Dec 24, 2024 20:52:50.668751001 CET50092443192.168.2.534.34.145.103
                    Dec 24, 2024 20:52:50.668771029 CET4435009234.34.145.103192.168.2.5
                    Dec 24, 2024 20:52:50.668813944 CET50092443192.168.2.534.34.145.103
                    Dec 24, 2024 20:52:50.668819904 CET4435009234.34.145.103192.168.2.5
                    Dec 24, 2024 20:52:50.668833971 CET4435009234.34.145.103192.168.2.5
                    Dec 24, 2024 20:52:50.672094107 CET50093443192.168.2.534.169.99.17
                    Dec 24, 2024 20:52:50.672139883 CET4435009334.169.99.17192.168.2.5
                    Dec 24, 2024 20:52:50.672214985 CET50093443192.168.2.534.169.99.17
                    Dec 24, 2024 20:52:50.725016117 CET50093443192.168.2.534.169.99.17
                    Dec 24, 2024 20:52:50.725033045 CET4435009334.169.99.17192.168.2.5
                    Dec 24, 2024 20:52:50.725054979 CET4435009334.169.99.17192.168.2.5
                    Dec 24, 2024 20:52:50.725075960 CET50093443192.168.2.534.169.99.17
                    Dec 24, 2024 20:52:50.725086927 CET4435009334.169.99.17192.168.2.5
                    Dec 24, 2024 20:52:50.730696917 CET50094443192.168.2.534.83.67.185
                    Dec 24, 2024 20:52:50.730786085 CET4435009434.83.67.185192.168.2.5
                    Dec 24, 2024 20:52:50.730861902 CET50094443192.168.2.534.83.67.185
                    Dec 24, 2024 20:52:50.800170898 CET50094443192.168.2.534.83.67.185
                    Dec 24, 2024 20:52:50.800249100 CET4435009434.83.67.185192.168.2.5
                    Dec 24, 2024 20:52:50.800302029 CET4435009434.83.67.185192.168.2.5
                    Dec 24, 2024 20:52:50.800318956 CET50094443192.168.2.534.83.67.185
                    Dec 24, 2024 20:52:50.800349951 CET4435009434.83.67.185192.168.2.5
                    Dec 24, 2024 20:52:50.803626060 CET50095443192.168.2.535.195.45.98
                    Dec 24, 2024 20:52:50.803709030 CET4435009535.195.45.98192.168.2.5
                    Dec 24, 2024 20:52:50.803786993 CET50095443192.168.2.535.195.45.98
                    Dec 24, 2024 20:52:50.851757050 CET50095443192.168.2.535.195.45.98
                    Dec 24, 2024 20:52:50.851843119 CET4435009535.195.45.98192.168.2.5
                    Dec 24, 2024 20:52:50.851874113 CET4435009535.195.45.98192.168.2.5
                    Dec 24, 2024 20:52:50.851900101 CET50095443192.168.2.535.195.45.98
                    Dec 24, 2024 20:52:50.851931095 CET4435009535.195.45.98192.168.2.5
                    Dec 24, 2024 20:52:52.876880884 CET50096443192.168.2.534.34.145.103
                    Dec 24, 2024 20:52:52.876928091 CET4435009634.34.145.103192.168.2.5
                    Dec 24, 2024 20:52:52.877171993 CET50096443192.168.2.534.34.145.103
                    Dec 24, 2024 20:52:52.923443079 CET50096443192.168.2.534.34.145.103
                    Dec 24, 2024 20:52:52.923459053 CET4435009634.34.145.103192.168.2.5
                    Dec 24, 2024 20:52:52.923491955 CET4435009634.34.145.103192.168.2.5
                    Dec 24, 2024 20:52:52.923513889 CET50096443192.168.2.534.34.145.103
                    Dec 24, 2024 20:52:52.923523903 CET4435009634.34.145.103192.168.2.5
                    Dec 24, 2024 20:52:53.958061934 CET50097443192.168.2.534.169.99.17
                    Dec 24, 2024 20:52:53.958101034 CET4435009734.169.99.17192.168.2.5
                    Dec 24, 2024 20:52:53.962102890 CET50097443192.168.2.534.169.99.17
                    Dec 24, 2024 20:52:54.006072044 CET50097443192.168.2.534.169.99.17
                    Dec 24, 2024 20:52:54.006072044 CET50097443192.168.2.534.169.99.17
                    Dec 24, 2024 20:52:54.006091118 CET4435009734.169.99.17192.168.2.5
                    Dec 24, 2024 20:52:54.006107092 CET4435009734.169.99.17192.168.2.5
                    Dec 24, 2024 20:52:54.006134033 CET4435009734.169.99.17192.168.2.5
                    Dec 24, 2024 20:52:54.006134987 CET50097443192.168.2.534.169.99.17
                    Dec 24, 2024 20:52:54.006145954 CET4435009734.169.99.17192.168.2.5
                    Dec 24, 2024 20:52:55.039886951 CET50098443192.168.2.534.83.67.185
                    Dec 24, 2024 20:52:55.039975882 CET4435009834.83.67.185192.168.2.5
                    Dec 24, 2024 20:52:55.040066004 CET50098443192.168.2.534.83.67.185
                    Dec 24, 2024 20:52:55.167834044 CET50098443192.168.2.534.83.67.185
                    Dec 24, 2024 20:52:55.167834044 CET50098443192.168.2.534.83.67.185
                    Dec 24, 2024 20:52:55.167879105 CET4435009834.83.67.185192.168.2.5
                    Dec 24, 2024 20:52:55.167902946 CET4435009834.83.67.185192.168.2.5
                    Dec 24, 2024 20:52:55.167980909 CET4435009834.83.67.185192.168.2.5
                    Dec 24, 2024 20:52:55.170069933 CET50098443192.168.2.534.83.67.185
                    Dec 24, 2024 20:52:55.170093060 CET4435009834.83.67.185192.168.2.5
                    Dec 24, 2024 20:52:56.190956116 CET50099443192.168.2.535.195.45.98
                    Dec 24, 2024 20:52:56.191051960 CET4435009935.195.45.98192.168.2.5
                    Dec 24, 2024 20:52:56.191186905 CET50099443192.168.2.535.195.45.98
                    Dec 24, 2024 20:52:56.270066023 CET50099443192.168.2.535.195.45.98
                    Dec 24, 2024 20:52:56.270138979 CET4435009935.195.45.98192.168.2.5
                    Dec 24, 2024 20:52:56.270184994 CET4435009935.195.45.98192.168.2.5
                    Dec 24, 2024 20:52:56.270186901 CET50099443192.168.2.535.195.45.98
                    Dec 24, 2024 20:52:56.270210981 CET4435009935.195.45.98192.168.2.5
                    Dec 24, 2024 20:52:58.314882040 CET50100443192.168.2.534.34.145.103
                    Dec 24, 2024 20:52:58.314970016 CET4435010034.34.145.103192.168.2.5
                    Dec 24, 2024 20:52:58.315063953 CET50100443192.168.2.534.34.145.103
                    Dec 24, 2024 20:52:58.374898911 CET50100443192.168.2.534.34.145.103
                    Dec 24, 2024 20:52:58.374948978 CET4435010034.34.145.103192.168.2.5
                    Dec 24, 2024 20:52:58.375010967 CET50100443192.168.2.534.34.145.103
                    Dec 24, 2024 20:52:58.375025988 CET4435010034.34.145.103192.168.2.5
                    Dec 24, 2024 20:52:58.375040054 CET4435010034.34.145.103192.168.2.5
                    Dec 24, 2024 20:52:59.392187119 CET50101443192.168.2.534.169.99.17
                    Dec 24, 2024 20:52:59.392271042 CET4435010134.169.99.17192.168.2.5
                    Dec 24, 2024 20:52:59.394167900 CET50101443192.168.2.534.169.99.17
                    Dec 24, 2024 20:52:59.434077024 CET50101443192.168.2.534.169.99.17
                    Dec 24, 2024 20:52:59.434118986 CET4435010134.169.99.17192.168.2.5
                    Dec 24, 2024 20:52:59.434185028 CET4435010134.169.99.17192.168.2.5
                    Dec 24, 2024 20:53:00.455051899 CET50102443192.168.2.534.83.67.185
                    Dec 24, 2024 20:53:00.455101967 CET4435010234.83.67.185192.168.2.5
                    Dec 24, 2024 20:53:00.455163002 CET50102443192.168.2.534.83.67.185
                    Dec 24, 2024 20:53:00.520562887 CET50102443192.168.2.534.83.67.185
                    Dec 24, 2024 20:53:00.520572901 CET4435010234.83.67.185192.168.2.5
                    Dec 24, 2024 20:53:00.520607948 CET4435010234.83.67.185192.168.2.5
                    Dec 24, 2024 20:53:00.520633936 CET50102443192.168.2.534.83.67.185
                    Dec 24, 2024 20:53:00.520642996 CET4435010234.83.67.185192.168.2.5
                    Dec 24, 2024 20:53:01.549180984 CET50103443192.168.2.535.195.45.98
                    Dec 24, 2024 20:53:01.549220085 CET4435010335.195.45.98192.168.2.5
                    Dec 24, 2024 20:53:01.549314022 CET50103443192.168.2.535.195.45.98
                    Dec 24, 2024 20:53:01.628273010 CET50103443192.168.2.535.195.45.98
                    Dec 24, 2024 20:53:01.628288984 CET4435010335.195.45.98192.168.2.5
                    Dec 24, 2024 20:53:01.628328085 CET4435010335.195.45.98192.168.2.5
                    Dec 24, 2024 20:53:01.628353119 CET50103443192.168.2.535.195.45.98
                    Dec 24, 2024 20:53:01.628364086 CET4435010335.195.45.98192.168.2.5
                    Dec 24, 2024 20:53:01.640279055 CET50104443192.168.2.534.34.145.103
                    Dec 24, 2024 20:53:01.640340090 CET4435010434.34.145.103192.168.2.5
                    Dec 24, 2024 20:53:01.640458107 CET50104443192.168.2.534.34.145.103
                    Dec 24, 2024 20:53:01.685269117 CET50104443192.168.2.534.34.145.103
                    Dec 24, 2024 20:53:01.685269117 CET50104443192.168.2.534.34.145.103
                    Dec 24, 2024 20:53:01.685288906 CET4435010434.34.145.103192.168.2.5
                    Dec 24, 2024 20:53:01.685298920 CET4435010434.34.145.103192.168.2.5
                    Dec 24, 2024 20:53:01.685331106 CET4435010434.34.145.103192.168.2.5
                    Dec 24, 2024 20:53:01.687999964 CET50105443192.168.2.534.169.99.17
                    Dec 24, 2024 20:53:01.688019037 CET4435010534.169.99.17192.168.2.5
                    Dec 24, 2024 20:53:01.688376904 CET50105443192.168.2.534.169.99.17
                    Dec 24, 2024 20:53:01.740005970 CET50105443192.168.2.534.169.99.17
                    Dec 24, 2024 20:53:01.740011930 CET4435010534.169.99.17192.168.2.5
                    Dec 24, 2024 20:53:01.740031958 CET4435010534.169.99.17192.168.2.5
                    Dec 24, 2024 20:53:01.744786024 CET50106443192.168.2.534.83.67.185
                    Dec 24, 2024 20:53:01.744874001 CET4435010634.83.67.185192.168.2.5
                    Dec 24, 2024 20:53:01.744980097 CET50106443192.168.2.534.83.67.185
                    Dec 24, 2024 20:53:01.800311089 CET50106443192.168.2.534.83.67.185
                    Dec 24, 2024 20:53:01.800343037 CET4435010634.83.67.185192.168.2.5
                    Dec 24, 2024 20:53:01.800379992 CET4435010634.83.67.185192.168.2.5
                    Dec 24, 2024 20:53:01.800429106 CET50106443192.168.2.534.83.67.185
                    Dec 24, 2024 20:53:01.800451040 CET4435010634.83.67.185192.168.2.5
                    Dec 24, 2024 20:53:01.803040981 CET50107443192.168.2.535.195.45.98
                    Dec 24, 2024 20:53:01.803061962 CET4435010735.195.45.98192.168.2.5
                    Dec 24, 2024 20:53:01.803159952 CET50107443192.168.2.535.195.45.98
                    Dec 24, 2024 20:53:01.842643023 CET50107443192.168.2.535.195.45.98
                    Dec 24, 2024 20:53:01.842672110 CET4435010735.195.45.98192.168.2.5
                    Dec 24, 2024 20:53:01.842716932 CET4435010735.195.45.98192.168.2.5
                    Dec 24, 2024 20:53:01.842727900 CET50107443192.168.2.535.195.45.98
                    Dec 24, 2024 20:53:01.842746973 CET4435010735.195.45.98192.168.2.5
                    Dec 24, 2024 20:53:03.876899004 CET50108443192.168.2.534.34.145.103
                    Dec 24, 2024 20:53:03.876928091 CET4435010834.34.145.103192.168.2.5
                    Dec 24, 2024 20:53:03.877005100 CET50108443192.168.2.534.34.145.103
                    Dec 24, 2024 20:53:03.916415930 CET50108443192.168.2.534.34.145.103
                    Dec 24, 2024 20:53:03.916430950 CET4435010834.34.145.103192.168.2.5
                    Dec 24, 2024 20:53:03.916480064 CET4435010834.34.145.103192.168.2.5
                    Dec 24, 2024 20:53:03.916484118 CET50108443192.168.2.534.34.145.103
                    Dec 24, 2024 20:53:03.916495085 CET4435010834.34.145.103192.168.2.5
                    Dec 24, 2024 20:53:04.939456940 CET50109443192.168.2.534.169.99.17
                    Dec 24, 2024 20:53:04.939553022 CET4435010934.169.99.17192.168.2.5
                    Dec 24, 2024 20:53:04.939649105 CET50109443192.168.2.534.169.99.17
                    Dec 24, 2024 20:53:04.997392893 CET50109443192.168.2.534.169.99.17
                    Dec 24, 2024 20:53:04.997415066 CET4435010934.169.99.17192.168.2.5
                    Dec 24, 2024 20:53:04.997447014 CET4435010934.169.99.17192.168.2.5
                    Dec 24, 2024 20:53:04.997463942 CET50109443192.168.2.534.169.99.17
                    Dec 24, 2024 20:53:04.997474909 CET4435010934.169.99.17192.168.2.5
                    Dec 24, 2024 20:53:06.047744989 CET50110443192.168.2.534.83.67.185
                    Dec 24, 2024 20:53:06.047780037 CET4435011034.83.67.185192.168.2.5
                    Dec 24, 2024 20:53:06.047909021 CET50110443192.168.2.534.83.67.185
                    Dec 24, 2024 20:53:06.099941015 CET50110443192.168.2.534.83.67.185
                    Dec 24, 2024 20:53:06.099955082 CET4435011034.83.67.185192.168.2.5
                    Dec 24, 2024 20:53:06.099987984 CET4435011034.83.67.185192.168.2.5
                    Dec 24, 2024 20:53:07.110208988 CET50111443192.168.2.535.195.45.98
                    Dec 24, 2024 20:53:07.110260963 CET4435011135.195.45.98192.168.2.5
                    Dec 24, 2024 20:53:07.110419989 CET50111443192.168.2.535.195.45.98
                    Dec 24, 2024 20:53:07.154377937 CET50111443192.168.2.535.195.45.98
                    Dec 24, 2024 20:53:07.154397964 CET4435011135.195.45.98192.168.2.5
                    Dec 24, 2024 20:53:07.154438972 CET4435011135.195.45.98192.168.2.5
                    Dec 24, 2024 20:53:07.156233072 CET50111443192.168.2.535.195.45.98
                    Dec 24, 2024 20:53:07.156244993 CET4435011135.195.45.98192.168.2.5

                    Statistics

                    CPU Usage

                    Click to jump to process

                    Memory Usage

                    Click to jump to process

                    High Level Behavior Distribution

                    Click to dive into process behavior distribution

                    Behavior

                    Click to jump to process

                    System Behavior

                    General

                    Target ID:0
                    Start time:14:48:57
                    Start date:24/12/2024
                    Path:C:\Users\user\Desktop\gfehgfwveg.exe
                    Wow64 process (32bit):true
                    Commandline:"C:\Users\user\Desktop\gfehgfwveg.exe"
                    Imagebase:0x400000
                    File size:4'276'224 bytes
                    MD5 hash:43EC2649E1B173B6E8B3800E18CCEEB4
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:Borland Delphi
                    Yara matches:
                    • Rule: JoeSecurity_DanaBot_stealer_dll, Description: Yara detected DanaBot stealer dll, Source: 00000000.00000003.2094443248.000000007E960000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                    Reputation:low
                    Has exited:false

                    General

                    Target ID:2
                    Start time:14:49:00
                    Start date:24/12/2024
                    Path:C:\Windows\SysWOW64\cmd.exe
                    Wow64 process (32bit):true
                    Commandline:cmd.exe /C wmic diskdrive where "DeviceID=\'c:\'" get SerialNumber /value
                    Imagebase:0x790000
                    File size:236'544 bytes
                    MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:high
                    Has exited:true

                    General

                    Target ID:3
                    Start time:14:49:00
                    Start date:24/12/2024
                    Path:C:\Windows\System32\conhost.exe
                    Wow64 process (32bit):false
                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Imagebase:0x7ff6d64d0000
                    File size:862'208 bytes
                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:high
                    Has exited:true

                    General

                    Target ID:4
                    Start time:14:49:00
                    Start date:24/12/2024
                    Path:C:\Windows\SysWOW64\wbem\WMIC.exe
                    Wow64 process (32bit):true
                    Commandline:wmic diskdrive where "DeviceID=\'c:\'" get SerialNumber /value
                    Imagebase:0x5b0000
                    File size:427'008 bytes
                    MD5 hash:E2DE6500DE1148C7F6027AD50AC8B891
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:moderate
                    Has exited:true

                    Disassembly

                    No disassembly