Edit tour
Windows
Analysis Report
QUOTATION_JANQUOTE312025#U00faPDF.scr
Overview
General Information
| Sample name: | QUOTATION_JANQUOTE312025#U00faPDF.scrrenamed because original name is a hash value |
| Original sample name: | QUOTATION_JANQUOTE312025PDF.scr |
| Analysis ID: | 1619040 |
| MD5: | 4fc67d8dc05024c14e049d23487a84d7 |
| SHA1: | f165b81184848163d0b7e26fb619ba679d53e0ca |
| SHA256: | daaf11fab5350a27cf390581bddac90cdd10be5263f341f8f553983ca684a1b1 |
| Infos: |  |
 | |
Detection
| Score: | 100 |
| Range: | 0 - 100 |
| Confidence: | 100% |
Signatures
Multi AV Scanner detection for submitted file
Yara detected AntiVM3
Yara detected Telegram RAT
.NET source code contains potential unpacker
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Joe Sandbox ML detected suspicious sample
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect the country of the analysis system (by using the IP)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Yara detected Costura Assembly Loader
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer
Classification
- System is w10x64
QUOTATION_JANQUOTE312025#U00faPDF.scr (PID: 7408 cmdline: "C:\Users\ user\Deskt op\QUOTATI ON_JANQUOT E312025#U0 0faPDF.scr " /S MD5: 4FC67D8DC05024C14E049D23487A84D7) 
RegAsm.exe (PID: 7908 cmdline: "C:\Window s\Microsof t.NET\Fram ework\v4.0 .30319\Reg Asm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)
- cleanup
⊘No configs have been found
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_CosturaAssemblyLoader | Yara detected Costura Assembly Loader | Joe Security | ||
| JoeSecurity_CosturaAssemblyLoader | Yara detected Costura Assembly Loader | Joe Security | ||
| JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
| JoeSecurity_TelegramRAT | Yara detected Telegram RAT | Joe Security | ||
| JoeSecurity_CosturaAssemblyLoader | Yara detected Costura Assembly Loader | Joe Security | ||
| Click to see the 3 entries | ||||
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_CosturaAssemblyLoader | Yara detected Costura Assembly Loader | Joe Security |
⊘No Sigma rule has matched
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-02-19T14:21:32.849428+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.4 | 49739 | 132.226.8.169 | 80 | TCP |
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | Virustotal: | Perma Link | ||
| Source: | Integrated Neural Analysis Model: | ||
Location Tracking | |
|---|
| Source: | DNS query: | ||
| Source: | Static PE information: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Static PE information: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Code function: | 4_2_05620040 | |
| Source: | Code function: | 4_2_056290C1 | |
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | JA3 fingerprint: | ||
| Source: | JA3 fingerprint: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | Suricata IDS: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
System Summary | |
|---|
| Source: | Static PE information: | ||
| Source: | Code function: | 0_2_06666E5B | |
| Source: | Code function: | 0_2_0187B820 | |
| Source: | Code function: | 0_2_07B1F6E0 | |
| Source: | Code function: | 0_2_07B1F408 | |
| Source: | Code function: | 0_2_07B1E380 | |
| Source: | Code function: | 0_2_07B1E018 | |
| Source: | Code function: | 0_2_07B00006 | |
| Source: | Code function: | 0_2_07B00040 | |
| Source: | Code function: | 4_2_00FD4068 | |
| Source: | Code function: | 4_2_00FD3589 | |
| Source: | Code function: | 4_2_00FDD8A9 | |
| Source: | Code function: | 4_2_00FD44F0 | |
| Source: | Code function: | 4_2_00FD95D8 | |
| Source: | Code function: | 4_2_00FD95C8 | |
| Source: | Code function: | 4_2_00FD3DB0 | |
| Source: | Code function: | 4_2_0504B223 | |
| Source: | Code function: | 4_2_0506C8C8 | |
| Source: | Code function: | 4_2_0506859E | |
| Source: | Code function: | 4_2_05067744 | |
| Source: | Code function: | 4_2_05066850 | |
| Source: | Code function: | 4_2_050642E1 | |
| Source: | Code function: | 4_2_050642F0 | |
| Source: | Code function: | 4_2_050682FB | |
| Source: | Code function: | 4_2_05628A0D | |
| Source: | Code function: | 4_2_0562857C | |
| Source: | Code function: | 4_2_05624616 | |
| Source: | Code function: | 4_2_05620040 | |
| Source: | Code function: | 4_2_05620006 | |
| Source: | Code function: | 4_2_05628D5B | |
| Source: | Code function: | 4_2_05626FF7 | |
| Source: | Code function: | 4_2_05626E78 | |
| Source: | Code function: | 4_2_05620EA8 | |
| Source: | Code function: | 4_2_05620E98 | |
| Source: | Code function: | 4_2_05628960 | |
| Source: | Code function: | 4_2_05625A3B | |
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Static PE information: | ||
| Source: | Task registration methods: | ||
| Source: | Task registration methods: | ||
| Source: | Task registration methods: | ||
| Source: | Task registration methods: | ||
| Source: | Task registration methods: | ||
| Source: | Task registration methods: | ||
| Source: | Security API names: | ||
| Source: | Security API names: | ||
| Source: | Security API names: | ||
| Source: | Security API names: | ||
| Source: | Security API names: | ||
| Source: | Security API names: | ||
| Source: | Security API names: | ||
| Source: | Security API names: | ||
| Source: | Security API names: | ||
| Source: | Security API names: | ||
| Source: | Security API names: | ||
| Source: | Security API names: | ||
| Source: | Classification label: | ||
| Source: | Mutant created: | ||
| Source: | Static PE information: | ||
| Source: | Static file information: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Virustotal: | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | Static file information: | ||
| Source: | Static PE information: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
Data Obfuscation | |
|---|
| Source: | .Net Code: | ||
| Source: | .Net Code: | ||
| Source: | .Net Code: | ||
| Source: | .Net Code: | ||
| Source: | .Net Code: | ||
| Source: | .Net Code: | ||
| Source: | .Net Code: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | Code function: | 0_2_07B02341 | |
| Source: | Code function: | 4_2_00FD822F | |
| Source: | Code function: | 4_2_0504641D | |
| Source: | Code function: | 4_2_05627CF5 | |
| Source: | Registry key monitored for changes: | Jump to behavior | ||
| Source: | Registry key monitored for changes: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
Malware Analysis System Evasion | |
|---|
| Source: | File source: | ||
| Source: | Binary or memory string: | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Process information queried: | Jump to behavior | ||
| Source: | Code function: | 4_2_0504A3E7 | |
| Source: | Process token adjusted: | Jump to behavior | ||
| Source: | Process token adjusted: | Jump to behavior | ||
| Source: | Process token adjusted: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
HIPS / PFW / Operating System Protection Evasion | |
|---|
| Source: | Memory written: | Jump to behavior | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
Stealing of Sensitive Information | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | File source: | ||
| Source: | File source: | ||
Remote Access Functionality | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Scheduled Task/Job | 1 Scheduled Task/Job | 211 Process Injection | 1 Disable or Modify Tools | 1 OS Credential Dumping | 1 Query Registry | Remote Services | 1 Email Collection | 11 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | 1 DLL Side-Loading | 1 Scheduled Task/Job | 31 Virtualization/Sandbox Evasion | LSASS Memory | 11 Security Software Discovery | Remote Desktop Protocol | 1 Archive Collected Data | 1 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 1 DLL Side-Loading | 211 Process Injection | Security Account Manager | 1 Process Discovery | SMB/Windows Admin Shares | 1 Data from Local System | 2 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 2 Obfuscated Files or Information | NTDS | 31 Virtualization/Sandbox Evasion | Distributed Component Object Model | Input Capture | 13 Application Layer Protocol | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Software Packing | LSA Secrets | 1 Application Window Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
| Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 DLL Side-Loading | Cached Domain Credentials | 1 System Network Configuration Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
| DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | Compile After Delivery | DCSync | 13 System Information Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 27% | Virustotal | Browse |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe |
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| reallyfreegeoip.org | 104.21.48.1 | true | false | high | |
| ip.1010.filemail.com | 23.237.50.106 | true | false | unknown | |
| checkip.dyndns.com | 132.226.8.169 | true | false | high | |
| checkip.dyndns.org | unknown | unknown | false | high | |
| 1010.filemail.com | unknown | unknown | true | unknown |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| false | high | ||
| false |
| unknown | |
| false | high | ||
| false |
| unknown |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 132.226.8.169 | checkip.dyndns.com | United States | 16989 | UTMEMUS | false | |
| 104.21.48.1 | reallyfreegeoip.org | United States | 13335 | CLOUDFLARENETUS | false | |
| 23.237.50.106 | ip.1010.filemail.com | United States | 174 | COGENT-174US | false |
| Joe Sandbox version: | 42.0.0 Malachite |
| Analysis ID: | 1619040 |
| Start date and time: | 2025-02-19 14:19:45 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 5m 54s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Run name: | Potential for more IOCs and behavior |
| Number of analysed new started processes analysed: | 6 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | QUOTATION_JANQUOTE312025#U00faPDF.scrrenamed because original name is a hash value |
| Original Sample Name: | QUOTATION_JANQUOTE312025PDF.scr |
| Detection: | MAL |
| Classification: | mal100.troj.spyw.evad.winSCR@3/0@3/3 |
| EGA Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
- Excluded IPs from analysis (whitelisted): 172.202.163.200, 13.107.246.45
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Execution Graph export aborted for target QUOTATION_JANQUOTE312025#U00faPDF.scr, PID 7408 because it is empty
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtAllocateVirtualMemory calls found.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
- Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
| Time | Type | Description |
|---|---|---|
| 08:20:37 | API Interceptor |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 132.226.8.169 | Get hash | malicious | MassLogger RAT, Snake Keylogger, VIP Keylogger | Browse |
| |
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | DBatLoader, PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| 104.21.48.1 | Get hash | malicious | FormBook | Browse |
| |
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| reallyfreegeoip.org | Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| |
| Get hash | malicious | MassLogger RAT, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT, PureLog Stealer | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | DBatLoader, MassLogger RAT, PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| ip.1010.filemail.com | Get hash | malicious | MassLogger RAT | Browse |
| |
| Get hash | malicious | Remcos, DBatLoader | Browse |
| ||
| Get hash | malicious | HtmlDropper | Browse |
| ||
| checkip.dyndns.com | Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| |
| Get hash | malicious | MassLogger RAT, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT, PureLog Stealer | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | DBatLoader, MassLogger RAT, PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| CLOUDFLARENETUS | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | EvilProxy, HTMLPhisher | Browse |
| ||
| Get hash | malicious | EvilProxy, HTMLPhisher | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | EvilProxy, HTMLPhisher | Browse |
| ||
| UTMEMUS | Get hash | malicious | MassLogger RAT, Snake Keylogger, VIP Keylogger | Browse |
| |
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | DBatLoader, PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse |
| ||
| COGENT-174US | Get hash | malicious | FormBook | Browse |
| |
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Mirai, Okiru | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 54328bd36c14bd82ddaa0c04b25ed9ad | Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| |
| Get hash | malicious | MassLogger RAT, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT, PureLog Stealer | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | DBatLoader, MassLogger RAT, PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| 3b5074b1b5d032e5620f69f9f700ff0e | Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| |
| Get hash | malicious | MassLogger RAT, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Quasar | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | DarkCloud | Browse |
| ||
| Get hash | malicious | Nitol | Browse |
|
⊘No context
⊘No created / dropped files found
| File type: | |
| Entropy (8bit): | 5.12132533859282 |
| TrID: |
|
| File name: | QUOTATION_JANQUOTE312025#U00faPDF.scr |
| File size: | 1'103'360 bytes |
| MD5: | 4fc67d8dc05024c14e049d23487a84d7 |
| SHA1: | f165b81184848163d0b7e26fb619ba679d53e0ca |
| SHA256: | daaf11fab5350a27cf390581bddac90cdd10be5263f341f8f553983ca684a1b1 |
| SHA512: | fe9e6bf12312b6f5cab64b396c7981b9b3e9c433d5c5c8e4ff1fc0451adcbd06bdcfa0f7bf3582f475ef14eb3e242177e26cdf11e172e55d00a93ccd59643e71 |
| SSDEEP: | 12288:fYDzt/V97yIfTPWAwZUg10i0ZDn6dUp5dn:wDRdrWAgQi0ZDn6dUp5d |
| TLSH: | 73352C5639B86525D797CB3280E3592087D7EFA257F6DE0D009439E80A323BF4BD3A52 |
| File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......g................................. ........@.. ....................... ............`................................ |
 | |
| Icon Hash: | 0e3333b0bbb3b035 |
| Entrypoint: | 0x4bd4c2 |
| Entrypoint Section: | .text |
| Digitally signed: | false |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
| DLL Characteristics: | HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
| Time Stamp: | 0x67B5BAE7 [Wed Feb 19 11:05:11 2025 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 4 |
| OS Version Minor: | 0 |
| File Version Major: | 4 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 4 |
| Subsystem Version Minor: | 0 |
| Import Hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
| Instruction |
|---|
| jmp dword ptr [00402000h] |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0xbd478 | 0x4a | .text |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xbe000 | 0x51a92 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x110000 | 0xc | .reloc |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x2000 | 0x8 | .text |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x2008 | 0x48 | .text |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|---|
| .text | 0x2000 | 0xbb4c8 | 0xbb600 | 1ebc7cdc83bd53b9965814eb03fe13bb | False | 0.43314683747498334 | data | 5.884257111238239 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .rsrc | 0xbe000 | 0x51a92 | 0x51c00 | 53a2d24ab7a455b5a45a279daa02173c | False | 0.07168625764525993 | data | 2.3529693594900842 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .reloc | 0x110000 | 0xc | 0x200 | fce116d4f65e50151683c0bfa9b7ade3 | False | 0.044921875 | data | 0.10191042566270775 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
|---|---|---|---|---|---|---|
| RT_ICON | 0xbe0cc | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 192 | 0.7601351351351351 | ||
| RT_ICON | 0xbe218 | 0x368 | Device independent bitmap graphic, 16 x 32 x 24, image size 832 | 0.7155963302752294 | ||
| RT_ICON | 0xbe5a4 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | 0.6826241134751773 | ||
| RT_ICON | 0xbea30 | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 640 | 0.5389784946236559 | ||
| RT_ICON | 0xbed3c | 0xca8 | Device independent bitmap graphic, 32 x 64 x 24, image size 3200 | 0.470679012345679 | ||
| RT_ICON | 0xbfa08 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 0 | 0.4378517823639775 | ||
| RT_ICON | 0xc0ad4 | 0x668 | Device independent bitmap graphic, 48 x 96 x 4, image size 1536 | 0.36402439024390243 | ||
| RT_ICON | 0xc1160 | 0x1ca8 | Device independent bitmap graphic, 48 x 96 x 24, image size 7296 | 0.33110687022900764 | ||
| RT_ICON | 0xc2e2c | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | 0.30881742738589213 | ||
| RT_ICON | 0xc53f8 | 0xa68 | Device independent bitmap graphic, 64 x 128 x 4, image size 2560 | 0.2924174174174174 | ||
| RT_ICON | 0xc5e84 | 0x3228 | Device independent bitmap graphic, 64 x 128 x 24, image size 12800 | 0.26580996884735203 | ||
| RT_ICON | 0xc90d0 | 0x4228 | Device independent bitmap graphic, 64 x 128 x 32, image size 0 | 0.24244213509683515 | ||
| RT_ICON | 0xcd31c | 0x42028 | Device independent bitmap graphic, 256 x 512 x 32, image size 0 | 0.014139568600763382 | ||
| RT_GROUP_ICON | 0x10f380 | 0xbc | data | 0.5797872340425532 | ||
| RT_VERSION | 0x10f478 | 0x3f4 | data | 0.40711462450592883 | ||
| RT_MANIFEST | 0x10f8a8 | 0x1ea | XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators | 0.5489795918367347 |
| DLL | Import |
|---|---|
| mscoree.dll | _CorExeMain |
| Description | Data |
|---|---|
| Translation | 0x0000 0x04b0 |
| Comments | AhnLab V3 Lite Main UI Application |
| CompanyName | AhnLab, Inc. |
| FileDescription | AhnLab V3 Lite Main UI Application |
| FileVersion | 4.0.0.117 |
| InternalName | Ftlqpnn.exe |
| LegalCopyright | 2018-2019 AhnLab, Inc. All rights reserved. |
| LegalTrademarks | |
| OriginalFilename | Ftlqpnn.exe |
| ProductName | AhnLab V3 Lite |
| ProductVersion | 4.0.0.117 |
| Assembly Version | 4.0.0.117 |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-02-19T14:21:32.849428+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.4 | 49739 | 132.226.8.169 | 80 | TCP |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Feb 19, 2025 14:20:38.884840965 CET | 49731 | 80 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:38.889822960 CET | 80 | 49731 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:38.889900923 CET | 49731 | 80 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:38.892066002 CET | 49731 | 80 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:38.897038937 CET | 80 | 49731 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:39.466375113 CET | 80 | 49731 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:39.469542027 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:39.469592094 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:39.469660997 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:39.484239101 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:39.484261036 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:39.521240950 CET | 49731 | 80 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:40.270514965 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:40.270596027 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:40.291162968 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:40.291182995 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:40.292074919 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:40.333729982 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:40.347290039 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:40.387361050 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.250519991 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.250581026 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.250633955 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.250669003 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.250706911 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.251374006 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.251395941 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.251432896 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.251465082 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.251476049 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.302467108 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.337129116 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.337161064 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.337178946 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.337196112 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.337234974 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.337245941 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.337373972 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.337402105 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.337429047 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.337439060 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.337451935 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.338263988 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.338341951 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.338355064 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.339207888 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.339286089 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.339298964 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.340127945 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.340193987 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.340209007 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.380609035 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.423949957 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.423984051 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.424019098 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.424057007 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.424063921 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.424138069 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.424175024 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.424205065 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.424212933 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.424228907 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.424498081 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.424566031 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.424571991 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.425662041 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.425729990 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.425736904 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.425802946 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.425863028 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.425870895 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.426470041 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.426537037 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.426543951 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.427217007 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.427273035 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.427278996 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.427409887 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.427476883 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.427484989 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.474342108 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.510909081 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.510938883 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.510972977 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.511009932 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.511017084 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.511154890 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.511197090 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.511217117 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.511224031 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.511240959 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.511482000 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.511554003 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.511567116 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.512011051 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.512082100 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.512094975 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.512278080 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.512335062 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.512347937 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.512429953 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.512495995 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.512507915 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.513070107 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.513133049 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.513144970 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.513211966 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.513273001 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.513284922 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.514009953 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.514075994 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.514084101 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.514199018 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.514261007 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.514269114 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.514297962 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.514348984 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.514357090 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.515109062 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.515167952 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.515175104 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.515216112 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.515279055 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.515286922 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.515933037 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.516009092 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.516016960 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.568139076 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.598258972 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.598289013 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.598368883 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.598378897 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.598439932 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.598479033 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.598496914 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.598503113 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.598514080 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.598717928 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.598795891 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.598807096 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.599042892 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.599122047 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.599136114 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.599185944 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.599255085 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.599267960 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.599343061 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.599405050 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.599416971 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.599462986 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.599533081 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.599545002 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.599590063 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.599653959 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.599666119 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.603498936 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.603610992 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.603625059 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.603656054 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.603733063 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.603744984 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.603827000 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.603892088 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.603904963 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.603966951 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.604032040 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.604041100 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.604104042 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.604166985 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.604175091 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.604244947 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.604300976 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.604307890 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.604372025 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.604434013 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.604443073 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.604489088 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.604552031 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.604561090 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.646238089 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.688169956 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.688205957 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.688354969 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.688364983 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.688397884 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.688417912 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.688426971 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.688467979 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.688473940 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.688591003 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.688648939 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.688657045 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.688745975 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.688802004 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.688808918 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.688883066 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.688945055 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.688956022 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.689006090 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.689075947 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.689084053 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.689127922 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.689196110 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.689203024 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.689258099 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.689321995 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.689330101 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.689371109 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.689421892 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.689429998 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.689512014 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.689572096 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.689579964 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.689662933 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.689723015 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.689730883 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.689788103 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.689848900 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.689857006 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.689910889 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.689965963 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.689974070 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.690030098 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.690092087 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.690099955 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.690154076 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.690215111 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.690222979 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.690273046 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.690332890 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.690340042 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.740087032 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.771975994 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.772007942 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.772077084 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.772113085 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.772120953 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.772185087 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.772253990 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.772262096 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.772320986 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.772377968 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.772384882 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.772479057 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.772537947 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.772545099 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.772625923 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.772684097 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.772691011 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.772768974 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.772830963 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.772838116 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.772893906 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.772981882 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.772989035 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.773025990 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.773041010 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.773096085 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.773102999 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.773195982 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.773253918 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.773261070 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.773343086 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.773408890 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.773416042 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.773489952 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.773555994 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.773565054 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.773626089 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.773686886 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.773694992 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.773771048 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.773829937 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.773838043 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.773891926 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.773948908 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.773955107 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.774019957 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.774090052 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.774096012 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.774148941 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.774209976 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.774216890 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.818341970 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.859201908 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.859352112 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.859366894 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.859414101 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.859474897 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.859483957 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.859572887 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.859632015 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.859638929 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.859726906 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.859793901 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.859801054 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.859858990 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.859924078 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.859934092 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.859987020 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.860047102 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.860054970 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.860119104 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.860177040 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.860186100 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.860265017 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.860317945 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.860325098 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.860397100 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.860460997 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.860471010 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.860522985 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.860584021 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.860591888 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.860646963 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.860702991 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.860708952 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.860775948 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.860846996 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.860853910 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.860901117 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.860958099 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.860965014 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.861078024 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.861136913 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.861144066 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.861205101 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.861263990 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.861270905 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.861315012 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.861376047 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.861382961 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.911847115 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.946053982 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.946086884 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.946175098 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.946223021 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.946230888 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.946247101 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.946307898 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.946316004 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.946392059 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.946451902 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.946460009 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.946537971 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.946640968 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.946676970 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.946726084 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.946803093 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.946822882 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.946877956 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.946945906 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.946954012 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.947025061 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.947097063 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.947108984 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.947175026 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.947257996 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.947264910 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.947307110 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.947381973 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.947391987 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.947470903 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.947530985 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.947536945 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.947596073 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.947658062 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.947668076 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.947740078 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.947797060 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.947803974 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.947854042 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.947921038 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.947930098 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.948080063 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.948142052 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.948148012 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.948229074 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.948285103 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.948291063 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.948338985 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.948399067 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:41.948405027 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:41.949421883 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:42.033240080 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:42.033368111 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:42.033386946 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:42.033418894 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:42.033503056 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:42.033510923 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:42.033552885 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:42.033627987 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:42.033634901 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:42.033699036 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:42.033767939 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:42.033776999 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:42.033828974 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:42.033888102 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:42.033895016 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:42.033957005 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:42.034017086 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:42.034023046 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:42.034090042 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:42.034143925 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:42.034157038 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:42.034193993 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:42.034245014 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:42.034251928 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:42.034281015 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:42.034332037 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:42.034337997 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:42.034358025 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:42.034411907 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:42.034413099 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:42.034430027 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:42.034466982 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:42.034493923 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:42.034548998 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:42.034550905 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:42.034568071 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:42.034610033 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:42.034616947 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:42.034656048 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:42.035124063 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:42.035204887 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:42.035209894 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:42.035233021 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:42.035284042 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:42.035305023 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:42.035337925 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:42.035381079 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:42.083848953 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:42.083869934 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:42.120477915 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:42.120639086 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:42.120671988 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:42.120691061 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:42.120718956 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:42.120763063 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:42.120902061 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:42.120909929 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:42.120965004 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:42.121007919 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:42.121011972 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:42.121026993 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:42.121040106 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:42.121102095 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:42.121110916 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:42.121171951 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:42.121234894 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:42.121242046 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:42.121301889 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:42.121362925 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:42.121368885 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:42.121427059 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:42.121488094 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:42.121494055 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:42.121542931 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:42.121604919 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:42.121612072 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:42.121675014 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:42.121732950 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:42.121738911 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:42.121787071 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:42.121855021 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:42.121860981 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:42.121939898 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:42.121994972 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:42.122000933 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:42.122068882 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:42.122133017 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:42.122138977 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:42.122193098 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:42.122251987 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:42.122257948 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:42.122339964 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:42.122402906 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:42.122409105 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:42.122459888 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:42.122522116 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:42.122528076 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:42.161904097 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:42.207134008 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:42.207365036 CET | 443 | 49732 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:42.207454920 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:42.212986946 CET | 49732 | 443 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:42.213628054 CET | 49731 | 80 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:20:42.218988895 CET | 80 | 49731 | 23.237.50.106 | 192.168.2.4 |
| Feb 19, 2025 14:20:42.219083071 CET | 49731 | 80 | 192.168.2.4 | 23.237.50.106 |
| Feb 19, 2025 14:21:31.746052980 CET | 49739 | 80 | 192.168.2.4 | 132.226.8.169 |
| Feb 19, 2025 14:21:31.751269102 CET | 80 | 49739 | 132.226.8.169 | 192.168.2.4 |
| Feb 19, 2025 14:21:31.751328945 CET | 49739 | 80 | 192.168.2.4 | 132.226.8.169 |
| Feb 19, 2025 14:21:31.751660109 CET | 49739 | 80 | 192.168.2.4 | 132.226.8.169 |
| Feb 19, 2025 14:21:31.756820917 CET | 80 | 49739 | 132.226.8.169 | 192.168.2.4 |
| Feb 19, 2025 14:21:32.524717093 CET | 80 | 49739 | 132.226.8.169 | 192.168.2.4 |
| Feb 19, 2025 14:21:32.529269934 CET | 49739 | 80 | 192.168.2.4 | 132.226.8.169 |
| Feb 19, 2025 14:21:32.534360886 CET | 80 | 49739 | 132.226.8.169 | 192.168.2.4 |
| Feb 19, 2025 14:21:32.799010992 CET | 80 | 49739 | 132.226.8.169 | 192.168.2.4 |
| Feb 19, 2025 14:21:32.814286947 CET | 49741 | 443 | 192.168.2.4 | 104.21.48.1 |
| Feb 19, 2025 14:21:32.814373016 CET | 443 | 49741 | 104.21.48.1 | 192.168.2.4 |
| Feb 19, 2025 14:21:32.814593077 CET | 49741 | 443 | 192.168.2.4 | 104.21.48.1 |
| Feb 19, 2025 14:21:32.820866108 CET | 49741 | 443 | 192.168.2.4 | 104.21.48.1 |
| Feb 19, 2025 14:21:32.820902109 CET | 443 | 49741 | 104.21.48.1 | 192.168.2.4 |
| Feb 19, 2025 14:21:32.849427938 CET | 49739 | 80 | 192.168.2.4 | 132.226.8.169 |
| Feb 19, 2025 14:21:33.296089888 CET | 443 | 49741 | 104.21.48.1 | 192.168.2.4 |
| Feb 19, 2025 14:21:33.296294928 CET | 49741 | 443 | 192.168.2.4 | 104.21.48.1 |
| Feb 19, 2025 14:21:33.301309109 CET | 49741 | 443 | 192.168.2.4 | 104.21.48.1 |
| Feb 19, 2025 14:21:33.301341057 CET | 443 | 49741 | 104.21.48.1 | 192.168.2.4 |
| Feb 19, 2025 14:21:33.301820040 CET | 443 | 49741 | 104.21.48.1 | 192.168.2.4 |
| Feb 19, 2025 14:21:33.349488020 CET | 49741 | 443 | 192.168.2.4 | 104.21.48.1 |
| Feb 19, 2025 14:21:33.374372005 CET | 49741 | 443 | 192.168.2.4 | 104.21.48.1 |
| Feb 19, 2025 14:21:33.415409088 CET | 443 | 49741 | 104.21.48.1 | 192.168.2.4 |
| Feb 19, 2025 14:21:33.484579086 CET | 443 | 49741 | 104.21.48.1 | 192.168.2.4 |
| Feb 19, 2025 14:21:33.484642982 CET | 443 | 49741 | 104.21.48.1 | 192.168.2.4 |
| Feb 19, 2025 14:21:33.484975100 CET | 49741 | 443 | 192.168.2.4 | 104.21.48.1 |
| Feb 19, 2025 14:21:33.489975929 CET | 49741 | 443 | 192.168.2.4 | 104.21.48.1 |
| Feb 19, 2025 14:22:37.803188086 CET | 80 | 49739 | 132.226.8.169 | 192.168.2.4 |
| Feb 19, 2025 14:22:37.803248882 CET | 49739 | 80 | 192.168.2.4 | 132.226.8.169 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Feb 19, 2025 14:20:38.865865946 CET | 52904 | 53 | 192.168.2.4 | 1.1.1.1 |
| Feb 19, 2025 14:20:38.877882957 CET | 53 | 52904 | 1.1.1.1 | 192.168.2.4 |
| Feb 19, 2025 14:21:31.730072021 CET | 60910 | 53 | 192.168.2.4 | 1.1.1.1 |
| Feb 19, 2025 14:21:31.737601995 CET | 53 | 60910 | 1.1.1.1 | 192.168.2.4 |
| Feb 19, 2025 14:21:32.803972006 CET | 59207 | 53 | 192.168.2.4 | 1.1.1.1 |
| Feb 19, 2025 14:21:32.813443899 CET | 53 | 59207 | 1.1.1.1 | 192.168.2.4 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Feb 19, 2025 14:20:38.865865946 CET | 192.168.2.4 | 1.1.1.1 | 0xd715 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Feb 19, 2025 14:21:31.730072021 CET | 192.168.2.4 | 1.1.1.1 | 0x5979 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Feb 19, 2025 14:21:32.803972006 CET | 192.168.2.4 | 1.1.1.1 | 0x136b | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Feb 19, 2025 14:20:38.877882957 CET | 1.1.1.1 | 192.168.2.4 | 0xd715 | No error (0) | ip.1010.filemail.com | CNAME (Canonical name) | IN (0x0001) | false | ||
| Feb 19, 2025 14:20:38.877882957 CET | 1.1.1.1 | 192.168.2.4 | 0xd715 | No error (0) | 23.237.50.106 | A (IP address) | IN (0x0001) | false | ||
| Feb 19, 2025 14:21:31.737601995 CET | 1.1.1.1 | 192.168.2.4 | 0x5979 | No error (0) | checkip.dyndns.com | CNAME (Canonical name) | IN (0x0001) | false | ||
| Feb 19, 2025 14:21:31.737601995 CET | 1.1.1.1 | 192.168.2.4 | 0x5979 | No error (0) | 132.226.8.169 | A (IP address) | IN (0x0001) | false | ||
| Feb 19, 2025 14:21:31.737601995 CET | 1.1.1.1 | 192.168.2.4 | 0x5979 | No error (0) | 193.122.130.0 | A (IP address) | IN (0x0001) | false | ||
| Feb 19, 2025 14:21:31.737601995 CET | 1.1.1.1 | 192.168.2.4 | 0x5979 | No error (0) | 158.101.44.242 | A (IP address) | IN (0x0001) | false | ||
| Feb 19, 2025 14:21:31.737601995 CET | 1.1.1.1 | 192.168.2.4 | 0x5979 | No error (0) | 193.122.6.168 | A (IP address) | IN (0x0001) | false | ||
| Feb 19, 2025 14:21:31.737601995 CET | 1.1.1.1 | 192.168.2.4 | 0x5979 | No error (0) | 132.226.247.73 | A (IP address) | IN (0x0001) | false | ||
| Feb 19, 2025 14:21:32.813443899 CET | 1.1.1.1 | 192.168.2.4 | 0x136b | No error (0) | 104.21.48.1 | A (IP address) | IN (0x0001) | false | ||
| Feb 19, 2025 14:21:32.813443899 CET | 1.1.1.1 | 192.168.2.4 | 0x136b | No error (0) | 104.21.80.1 | A (IP address) | IN (0x0001) | false | ||
| Feb 19, 2025 14:21:32.813443899 CET | 1.1.1.1 | 192.168.2.4 | 0x136b | No error (0) | 104.21.112.1 | A (IP address) | IN (0x0001) | false | ||
| Feb 19, 2025 14:21:32.813443899 CET | 1.1.1.1 | 192.168.2.4 | 0x136b | No error (0) | 104.21.16.1 | A (IP address) | IN (0x0001) | false | ||
| Feb 19, 2025 14:21:32.813443899 CET | 1.1.1.1 | 192.168.2.4 | 0x136b | No error (0) | 104.21.96.1 | A (IP address) | IN (0x0001) | false | ||
| Feb 19, 2025 14:21:32.813443899 CET | 1.1.1.1 | 192.168.2.4 | 0x136b | No error (0) | 104.21.64.1 | A (IP address) | IN (0x0001) | false | ||
| Feb 19, 2025 14:21:32.813443899 CET | 1.1.1.1 | 192.168.2.4 | 0x136b | No error (0) | 104.21.32.1 | A (IP address) | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.4 | 49731 | 23.237.50.106 | 80 | 7408 | C:\Users\user\Desktop\QUOTATION_JANQUOTE312025#U00faPDF.scr |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Feb 19, 2025 14:20:38.892066002 CET | 188 | OUT | |
| Feb 19, 2025 14:20:39.466375113 CET | 593 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.4 | 49739 | 132.226.8.169 | 80 | 7908 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Feb 19, 2025 14:21:31.751660109 CET | 151 | OUT | |
| Feb 19, 2025 14:21:32.524717093 CET | 273 | IN | |
| Feb 19, 2025 14:21:32.529269934 CET | 127 | OUT | |
| Feb 19, 2025 14:21:32.799010992 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.4 | 49732 | 23.237.50.106 | 443 | 7408 | C:\Users\user\Desktop\QUOTATION_JANQUOTE312025#U00faPDF.scr |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-02-19 13:20:40 UTC | 188 | OUT | |
| 2025-02-19 13:20:41 UTC | 335 | IN | |
| 2025-02-19 13:20:41 UTC | 3279 | IN | |
| 2025-02-19 13:20:41 UTC | 8192 | IN | |
| 2025-02-19 13:20:41 UTC | 8192 | IN | |
| 2025-02-19 13:20:41 UTC | 8192 | IN | |
| 2025-02-19 13:20:41 UTC | 8192 | IN | |
| 2025-02-19 13:20:41 UTC | 8192 | IN | |
| 2025-02-19 13:20:41 UTC | 8192 | IN | |
| 2025-02-19 13:20:41 UTC | 8192 | IN | |
| 2025-02-19 13:20:41 UTC | 8192 | IN | |
| 2025-02-19 13:20:41 UTC | 8192 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.4 | 49741 | 104.21.48.1 | 443 | 7908 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-02-19 13:21:33 UTC | 85 | OUT | |
| 2025-02-19 13:21:33 UTC | 862 | IN | |
| 2025-02-19 13:21:33 UTC | 362 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 08:20:37 |
| Start date: | 19/02/2025 |
| Path: | C:\Users\user\Desktop\QUOTATION_JANQUOTE312025#U00faPDF.scr |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xdf0000 |
| File size: | 1'103'360 bytes |
| MD5 hash: | 4FC67D8DC05024C14E049D23487A84D7 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
| Has exited: | true |
| Target ID: | 4 |
| Start time: | 08:21:30 |
| Start date: | 19/02/2025 |
| Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x680000 |
| File size: | 65'440 bytes |
| MD5 hash: | 0D5DF43AF2916F47D00C1573797C1A13 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | high |
| Has exited: | false |