Edit tour
Windows
Analysis Report
AWB_3570456515#U00b7PDF.scr.exe
Overview
General Information
| Sample name: | AWB_3570456515#U00b7PDF.scr.exerenamed because original name is a hash value |
| Original sample name: | AWB_3570456515PDF.scr.exe |
| Analysis ID: | 1620753 |
| MD5: | 5b95c93a80d1aadfc50c8f1cd4983f50 |
| SHA1: | 839ed03bd96764233e30d53e46213381661176f6 |
| SHA256: | c81350a2c2132b610fb4198970fafa7b8a3a3897a9555421e1d0842e959fd3cc |
| Tags: | exeuser-julianmckein |
| Infos: |  |
 | |
Detection
MSIL Logger
| Score: | 100 |
| Range: | 0 - 100 |
| Confidence: | 100% |
Signatures
Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Yara detected AntiVM3
Yara detected MSIL Logger
Yara detected Telegram RAT
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
Injects a PE file into a foreign processes
Joe Sandbox ML detected suspicious sample
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect the country of the analysis system (by using the IP)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Yara detected Costura Assembly Loader
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality to call native functions
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer
Classification
- System is w10x64
AWB_3570456515#U00b7PDF.scr.exe (PID: 7260 cmdline: "C:\Users\ user\Deskt op\AWB_357 0456515#U0 0b7PDF.scr .exe" MD5: 5B95C93A80D1AADFC50C8F1CD4983F50) 
RegAsm.exe (PID: 7832 cmdline: "C:\Window s\Microsof t.NET\Fram ework\v4.0 .30319\Reg Asm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)
- cleanup
⊘No configs have been found
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_MSILLogger | Yara detected MSIL Logger | Joe Security | ||
| JoeSecurity_CosturaAssemblyLoader | Yara detected Costura Assembly Loader | Joe Security | ||
| JoeSecurity_MSILLogger | Yara detected MSIL Logger | Joe Security | ||
| JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
| JoeSecurity_CosturaAssemblyLoader | Yara detected Costura Assembly Loader | Joe Security | ||
| Click to see the 10 entries | ||||
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_CosturaAssemblyLoader | Yara detected Costura Assembly Loader | Joe Security | ||
| JoeSecurity_MSILLogger | Yara detected MSIL Logger | Joe Security | ||
| JoeSecurity_MSILLogger | Yara detected MSIL Logger | Joe Security | ||
| JoeSecurity_MSILLogger | Yara detected MSIL Logger | Joe Security | ||
| JoeSecurity_CosturaAssemblyLoader | Yara detected Costura Assembly Loader | Joe Security | ||
| Click to see the 5 entries | ||||
⊘No Sigma rule has matched
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-02-21T08:58:23.445598+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.5 | 49929 | 158.101.44.242 | 80 | TCP |
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | Avira: | ||
| Source: | ReversingLabs: | |||
| Source: | Virustotal: | Perma Link | ||
| Source: | Integrated Neural Analysis Model: | ||
Location Tracking | |
|---|
| Source: | DNS query: | ||
| Source: | Static PE information: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Static PE information: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Code function: | 0_2_060CCB50 | |
| Source: | Code function: | 0_2_060CD2C0 | |
| Source: | Code function: | 0_2_060CD2D0 | |
| Source: | Code function: | 0_2_060CCB40 | |
| Source: | Code function: | 0_2_06103CE4 | |
| Source: | Code function: | 0_2_061039B0 | |
| Source: | Code function: | 0_2_061039C0 | |
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | JA3 fingerprint: | ||
| Source: | JA3 fingerprint: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | Suricata IDS: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Code function: | 0_2_05793A18 | |
| Source: | Code function: | 0_2_05793A10 | |
| Source: | Code function: | 0_2_00A62A90 | |
| Source: | Code function: | 0_2_00A63019 | |
| Source: | Code function: | 0_2_00A62A6F | |
| Source: | Code function: | 0_2_00A63A45 | |
| Source: | Code function: | 0_2_05E3D5B8 | |
| Source: | Code function: | 0_2_05E37559 | |
| Source: | Code function: | 0_2_05E3F788 | |
| Source: | Code function: | 0_2_05E38ECB | |
| Source: | Code function: | 0_2_05E35130 | |
| Source: | Code function: | 0_2_05E3D5A7 | |
| Source: | Code function: | 0_2_05E319A0 | |
| Source: | Code function: | 0_2_05E31990 | |
| Source: | Code function: | 0_2_05E31961 | |
| Source: | Code function: | 0_2_05E35123 | |
| Source: | Code function: | 0_2_05E52F28 | |
| Source: | Code function: | 0_2_05E66F51 | |
| Source: | Code function: | 0_2_05E66F58 | |
| Source: | Code function: | 0_2_05E6E6C8 | |
| Source: | Code function: | 0_2_05E67619 | |
| Source: | Code function: | 0_2_05E60A10 | |
| Source: | Code function: | 0_2_05F66968 | |
| Source: | Code function: | 0_2_05F6B3EE | |
| Source: | Code function: | 0_2_05F61AB0 | |
| Source: | Code function: | 0_2_05F61C00 | |
| Source: | Code function: | 0_2_05F61650 | |
| Source: | Code function: | 0_2_05F649E8 | |
| Source: | Code function: | 0_2_05F66961 | |
| Source: | Code function: | 0_2_05F66958 | |
| Source: | Code function: | 0_2_05F61BF7 | |
| Source: | Code function: | 0_2_05F61B68 | |
| Source: | Code function: | 0_2_05F61AA9 | |
| Source: | Code function: | 0_2_05F6B248 | |
| Source: | Code function: | 0_2_060673D0 | |
| Source: | Code function: | 0_2_0606DC00 | |
| Source: | Code function: | 0_2_06065C5F | |
| Source: | Code function: | 0_2_06065ADD | |
| Source: | Code function: | 0_2_06069B01 | |
| Source: | Code function: | 0_2_0606A769 | |
| Source: | Code function: | 0_2_0606A778 | |
| Source: | Code function: | 0_2_060673C7 | |
| Source: | Code function: | 0_2_06060006 | |
| Source: | Code function: | 0_2_06060040 | |
| Source: | Code function: | 0_2_06065EDD | |
| Source: | Code function: | 0_2_06065C28 | |
| Source: | Code function: | 0_2_06065A2B | |
| Source: | Code function: | 0_2_06065A30 | |
| Source: | Code function: | 0_2_06065B17 | |
| Source: | Code function: | 0_2_06065B7F | |
| Source: | Code function: | 0_2_06065BC3 | |
| Source: | Code function: | 0_2_060CEDB0 | |
| Source: | Code function: | 0_2_060C9898 | |
| Source: | Code function: | 0_2_06102148 | |
| Source: | Code function: | 0_2_06101577 | |
| Source: | Code function: | 0_2_0610A2A8 | |
| Source: | Code function: | 0_2_0610213A | |
| Source: | Code function: | 0_2_0633FB60 | |
| Source: | Code function: | 0_2_06320006 | |
| Source: | Code function: | 0_2_06320040 | |
| Source: | Code function: | 0_2_0633E190 | |
| Source: | Code function: | 4_2_006E30CA | |
| Source: | Code function: | 4_2_006ED468 | |
| Source: | Code function: | 4_2_006E3D28 | |
| Source: | Code function: | 4_2_006E41A0 | |
| Source: | Code function: | 4_2_006E3A60 | |
| Source: | Code function: | 4_2_006E3A70 | |
| Source: | Code function: | 4_2_006E9388 | |
| Source: | Code function: | 4_2_006E3D18 | |
| Source: | Code function: | 4_2_006EBE88 | |
| Source: | Code function: | 4_2_0595C9B8 | |
| Source: | Code function: | 4_2_059509C4 | |
| Source: | Code function: | 4_2_05957142 | |
| Source: | Code function: | 4_2_059508C0 | |
| Source: | Code function: | 4_2_05950040 | |
| Source: | Code function: | 4_2_05950B98 | |
| Source: | Code function: | 4_2_05950F1C | |
| Source: | Code function: | 4_2_05954300 | |
| Source: | Code function: | 4_2_05950C0D | |
| Source: | Code function: | 4_2_05956F48 | |
| Source: | Code function: | 4_2_059512A3 | |
| Source: | Code function: | 4_2_05956210 | |
| Source: | Code function: | 4_2_05950A48 | |
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Static PE information: | ||
| Source: | Cryptographic APIs: | ||
| Source: | Cryptographic APIs: | ||
| Source: | Cryptographic APIs: | ||
| Source: | Cryptographic APIs: | ||
| Source: | Cryptographic APIs: | ||
| Source: | Cryptographic APIs: | ||
| Source: | Cryptographic APIs: | ||
| Source: | Cryptographic APIs: | ||
| Source: | Task registration methods: | ||
| Source: | Task registration methods: | ||
| Source: | Task registration methods: | ||
| Source: | Task registration methods: | ||
| Source: | Security API names: | ||
| Source: | Security API names: | ||
| Source: | Security API names: | ||
| Source: | Security API names: | ||
| Source: | Security API names: | ||
| Source: | Security API names: | ||
| Source: | Classification label: | ||
| Source: | Mutant created: | ||
| Source: | Static PE information: | ||
| Source: | Static file information: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | ReversingLabs: | ||
| Source: | Virustotal: | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
Data Obfuscation | |
|---|
| Source: | .Net Code: | ||
| Source: | .Net Code: | ||
| Source: | .Net Code: | ||
| Source: | .Net Code: | ||
| Source: | .Net Code: | ||
| Source: | .Net Code: | ||
| Source: | .Net Code: | ||
| Source: | .Net Code: | ||
| Source: | .Net Code: | ||
| Source: | .Net Code: | ||
| Source: | .Net Code: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | Code function: | 0_2_05E3CAD4 | |
| Source: | Code function: | 0_2_05E5610E | |
| Source: | Code function: | 0_2_05E50AF2 | |
| Source: | Code function: | 0_2_05E50842 | |
| Source: | Code function: | 0_2_06063580 | |
| Source: | Code function: | 0_2_060660D8 | |
| Source: | Code function: | 0_2_06063F64 | |
| Source: | Code function: | 0_2_06063DAC | |
| Source: | Code function: | 0_2_06105AB8 | |
| Source: | Code function: | 4_2_006E72ED | |
| Source: | Code function: | 4_2_006E35FF | |
| Source: | Code function: | 4_2_006E2749 | |
| Source: | Code function: | 4_2_006E7737 | |
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | Registry key monitored for changes: | Jump to behavior | ||
| Source: | Registry key monitored for changes: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
Malware Analysis System Evasion | |
|---|
| Source: | File source: | ||
| Source: | Binary or memory string: | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Process information queried: | Jump to behavior | ||
| Source: | Process token adjusted: | Jump to behavior | ||
| Source: | Process token adjusted: | Jump to behavior | ||
| Source: | Process token adjusted: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
HIPS / PFW / Operating System Protection Evasion | |
|---|
| Source: | Memory written: | Jump to behavior | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
Stealing of Sensitive Information | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | File source: | ||
| Source: | File source: | ||
Remote Access Functionality | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Scheduled Task/Job | 1 Scheduled Task/Job | 211 Process Injection | 1 Disable or Modify Tools | 1 OS Credential Dumping | 1 Query Registry | Remote Services | 1 Email Collection | 11 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | 1 DLL Side-Loading | 1 Scheduled Task/Job | 31 Virtualization/Sandbox Evasion | LSASS Memory | 11 Security Software Discovery | Remote Desktop Protocol | 11 Archive Collected Data | 1 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 1 DLL Side-Loading | 211 Process Injection | Security Account Manager | 1 Process Discovery | SMB/Windows Admin Shares | 1 Data from Local System | 2 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Deobfuscate/Decode Files or Information | NTDS | 31 Virtualization/Sandbox Evasion | Distributed Component Object Model | Input Capture | 13 Application Layer Protocol | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 2 Obfuscated Files or Information | LSA Secrets | 1 Application Window Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
| Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 2 Software Packing | Cached Domain Credentials | 1 System Network Configuration Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
| DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 1 DLL Side-Loading | DCSync | 13 System Information Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 39% | ReversingLabs | Win32.Trojan.CrypterX | ||
| 47% | Virustotal | Browse | ||
| 100% | Avira | HEUR/AGEN.1308709 |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe |
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| ip.1009.filemail.com | 23.237.188.42 | true | false | unknown | |
| reallyfreegeoip.org | 104.21.16.1 | true | false | high | |
| checkip.dyndns.com | 158.101.44.242 | true | false | high | |
| checkip.dyndns.org | unknown | unknown | false | high | |
| 1009.filemail.com | unknown | unknown | true | unknown |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| false | high | ||
| false |
| unknown | |
| false | high | ||
| false |
| unknown |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 104.21.16.1 | reallyfreegeoip.org | United States | 13335 | CLOUDFLARENETUS | false | |
| 23.237.188.42 | ip.1009.filemail.com | United States | 174 | COGENT-174US | false | |
| 158.101.44.242 | checkip.dyndns.com | United States | 31898 | ORACLE-BMC-31898US | false |
| Joe Sandbox version: | 42.0.0 Malachite |
| Analysis ID: | 1620753 |
| Start date and time: | 2025-02-21 08:56:38 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 6m 13s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 5 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | AWB_3570456515#U00b7PDF.scr.exerenamed because original name is a hash value |
| Original Sample Name: | AWB_3570456515PDF.scr.exe |
| Detection: | MAL |
| Classification: | mal100.troj.spyw.evad.winEXE@3/0@3/3 |
| EGA Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
- Excluded IPs from analysis (whitelisted): 20.109.210.53, 13.107.246.45
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Execution Graph export aborted for target RegAsm.exe, PID 7832 because it is empty
- Report size getting too big, too many NtAllocateVirtualMemory calls found.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
- Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
| Time | Type | Description |
|---|---|---|
| 02:57:29 | API Interceptor |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 104.21.16.1 | Get hash | malicious | FormBook | Browse |
| |
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| 23.237.188.42 | Get hash | malicious | HTMLPhisher, Tycoon2FA | Browse | ||
| Get hash | malicious | HTMLPhisher | Browse | |||
| 158.101.44.242 | Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| |
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | DBatLoader, MassLogger RAT, PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| checkip.dyndns.com | Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| |
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| ||
| ip.1009.filemail.com | Get hash | malicious | HTMLPhisher, Tycoon2FA | Browse |
| |
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| reallyfreegeoip.org | Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| |
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| CLOUDFLARENETUS | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Abobus Obfuscator, Braodo | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Abobus Obfuscator, Braodo | Browse |
| ||
| COGENT-174US | Get hash | malicious | Discord Token Stealer, GuLoader | Browse |
| |
| Get hash | malicious | Discord Token Stealer, GuLoader | Browse |
| ||
| Get hash | malicious | MicroClip | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | FormBook, GuLoader | Browse |
| ||
| Get hash | malicious | GuLoader | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| ORACLE-BMC-31898US | Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| |
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| ||
| Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 54328bd36c14bd82ddaa0c04b25ed9ad | Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| |
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| ||
| 3b5074b1b5d032e5620f69f9f700ff0e | Get hash | malicious | Abobus Obfuscator, Braodo | Browse |
| |
| Get hash | malicious | AsyncRAT, GuLoader | Browse |
| ||
| Get hash | malicious | AsyncRAT, GuLoader | Browse |
| ||
| Get hash | malicious | Abobus Obfuscator, Braodo | Browse |
| ||
| Get hash | malicious | GuLoader | Browse |
| ||
| Get hash | malicious | AsyncRAT, GuLoader | Browse |
| ||
| Get hash | malicious | AsyncRAT, GuLoader | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | AsyncRAT, GuLoader | Browse |
| ||
| Get hash | malicious | GuLoader | Browse |
|
⊘No context
⊘No created / dropped files found
| File type: | |
| Entropy (8bit): | 2.4330695143537504 |
| TrID: |
|
| File name: | AWB_3570456515#U00b7PDF.scr.exe |
| File size: | 340'992 bytes |
| MD5: | 5b95c93a80d1aadfc50c8f1cd4983f50 |
| SHA1: | 839ed03bd96764233e30d53e46213381661176f6 |
| SHA256: | c81350a2c2132b610fb4198970fafa7b8a3a3897a9555421e1d0842e959fd3cc |
| SHA512: | 837d3e67307350766bd5f4bbb71adfe3d5579d852d0841f4211e0817563c70aa33b13dc7d9259039014f51c2ab3bf9c9f02c149d2a1bd7a5edb585f5adc19f25 |
| SSDEEP: | 768:HQXrEQe2VzEjss2yXg1ILcn0sspAgpq80Lyg1uMN0+dzsRU+eEH:wXgQ7E/pqrLy0uyz+fH |
| TLSH: | B974CA5A7674A132ED00CA3419F69E11D2DBAE6C2BF0951D24D8F66D1B326FE8F039C1 |
| File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...uR.g............................*3... ...@....@.. ....................................`................................ |
 | |
| Icon Hash: | 0e3333b0bbb3b035 |
| Entrypoint: | 0x40332a |
| Entrypoint Section: | .text |
| Digitally signed: | false |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
| DLL Characteristics: | HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
| Time Stamp: | 0x67B75275 [Thu Feb 20 16:04:05 2025 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 4 |
| OS Version Minor: | 0 |
| File Version Major: | 4 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 4 |
| Subsystem Version Minor: | 0 |
| Import Hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
| Instruction |
|---|
| jmp dword ptr [00402000h] |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0x32e0 | 0x4a | .text |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x4000 | 0x51a9a | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x56000 | 0xc | .reloc |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x2000 | 0x8 | .text |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x2008 | 0x48 | .text |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|---|
| .text | 0x2000 | 0x1330 | 0x1400 | af93b6e0f95bb4f01ca620e0ee5be75f | False | 0.5697265625 | data | 5.392843827853888 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .rsrc | 0x4000 | 0x51a9a | 0x51c00 | 3c383c46bc7fddbe0b08d9a02cf3c485 | False | 0.07167729835626911 | data | 2.3525643272623045 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .reloc | 0x56000 | 0xc | 0x200 | 8eca33cb61873620f318d26387e802b0 | False | 0.044921875 | data | 0.08153941234324169 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
|---|---|---|---|---|---|---|
| RT_ICON | 0x40cc | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 192 | 0.7601351351351351 | ||
| RT_ICON | 0x4218 | 0x368 | Device independent bitmap graphic, 16 x 32 x 24, image size 832 | 0.7155963302752294 | ||
| RT_ICON | 0x45a4 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | 0.6826241134751773 | ||
| RT_ICON | 0x4a30 | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 640 | 0.5389784946236559 | ||
| RT_ICON | 0x4d3c | 0xca8 | Device independent bitmap graphic, 32 x 64 x 24, image size 3200 | 0.470679012345679 | ||
| RT_ICON | 0x5a08 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 0 | 0.4378517823639775 | ||
| RT_ICON | 0x6ad4 | 0x668 | Device independent bitmap graphic, 48 x 96 x 4, image size 1536 | 0.36402439024390243 | ||
| RT_ICON | 0x7160 | 0x1ca8 | Device independent bitmap graphic, 48 x 96 x 24, image size 7296 | 0.33110687022900764 | ||
| RT_ICON | 0x8e2c | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | 0.30881742738589213 | ||
| RT_ICON | 0xb3f8 | 0xa68 | Device independent bitmap graphic, 64 x 128 x 4, image size 2560 | 0.2924174174174174 | ||
| RT_ICON | 0xbe84 | 0x3228 | Device independent bitmap graphic, 64 x 128 x 24, image size 12800 | 0.26580996884735203 | ||
| RT_ICON | 0xf0d0 | 0x4228 | Device independent bitmap graphic, 64 x 128 x 32, image size 0 | 0.24244213509683515 | ||
| RT_ICON | 0x1331c | 0x42028 | Device independent bitmap graphic, 256 x 512 x 32, image size 0 | 0.014139568600763382 | ||
| RT_GROUP_ICON | 0x55380 | 0xbc | data | 0.5797872340425532 | ||
| RT_VERSION | 0x55478 | 0x3fc | data | 0.40784313725490196 | ||
| RT_MANIFEST | 0x558b0 | 0x1ea | XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators | 0.5489795918367347 |
| DLL | Import |
|---|---|
| mscoree.dll | _CorExeMain |
| Description | Data |
|---|---|
| Translation | 0x0000 0x04b0 |
| Comments | AhnLab V3 Lite Main UI Application |
| CompanyName | AhnLab, Inc. |
| FileDescription | AhnLab V3 Lite Main UI Application |
| FileVersion | 4.0.0.117 |
| InternalName | Xmbjtystp.exe |
| LegalCopyright | 2018-2019 AhnLab, Inc. All rights reserved. |
| LegalTrademarks | |
| OriginalFilename | Xmbjtystp.exe |
| ProductName | AhnLab V3 Lite |
| ProductVersion | 4.0.0.117 |
| Assembly Version | 4.0.0.117 |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-02-21T08:58:23.445598+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.5 | 49929 | 158.101.44.242 | 80 | TCP |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Feb 21, 2025 08:57:30.359723091 CET | 49704 | 80 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:30.364820957 CET | 80 | 49704 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:30.365015030 CET | 49704 | 80 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:30.365689993 CET | 49704 | 80 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:30.370697021 CET | 80 | 49704 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:30.961100101 CET | 80 | 49704 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:30.963654995 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:30.963697910 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:30.963759899 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:30.974211931 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:30.974225998 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:31.008424044 CET | 49704 | 80 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:31.755021095 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:31.755089998 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:31.759237051 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:31.759243965 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:31.759510994 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:31.805254936 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:31.814464092 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:31.859338045 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:31.984025002 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:31.984236002 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:31.984256029 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:31.984353065 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:31.984366894 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:31.984417915 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:31.984426975 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:31.988624096 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:31.988712072 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:31.988718033 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.039649963 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.070736885 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.070768118 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.070785046 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.071074009 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.071082115 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.071439981 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.071460009 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.071508884 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.071515083 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.071541071 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.072252989 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.072297096 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.072324038 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.072329044 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.072345972 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.072442055 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.072505951 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.072510958 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.117877007 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.157613039 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.157708883 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.157726049 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.157819986 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.157819986 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.157819986 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.157831907 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.157919884 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.157979012 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.157991886 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.157996893 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.158030033 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.158282995 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.158344984 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.158349037 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.159075975 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.159142971 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.159147978 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.159210920 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.159286976 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.159291983 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.160056114 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.160126925 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.160130978 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.160192966 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.160259008 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.160264015 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.161021948 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.161089897 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.161096096 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.211524963 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.244858027 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.244885921 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.244946957 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.244990110 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.244995117 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.245125055 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.245158911 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.245177031 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.245182037 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.245203018 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.245359898 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.245420933 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.245425940 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.245605946 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.245655060 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.245660067 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.245832920 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.245887995 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.245893955 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.246037006 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.246084929 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.246089935 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.246463060 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.246514082 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.246517897 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.246673107 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.246737003 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.246741056 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.247431040 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.247502089 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.247507095 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.247566938 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.247621059 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.247693062 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.247697115 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.247736931 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.247781038 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.247812033 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.247844934 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.247848988 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.248372078 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.248428106 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.248433113 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.251010895 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.259085894 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.259160042 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.259164095 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.259205103 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.259337902 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.259402990 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.259407043 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.259499073 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.259555101 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.259558916 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.305259943 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.332791090 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.332847118 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.332874060 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.332928896 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.332935095 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.333086967 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.333142996 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.333148003 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.333290100 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.333342075 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.333347082 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.333529949 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.333590984 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.333595991 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.333720922 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.333779097 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.333784103 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.333904028 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.333961964 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.333966970 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.334055901 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.334110022 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.334114075 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.334214926 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.334269047 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.334273100 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.334351063 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.334404945 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.334408998 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.337438107 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.337511063 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.337519884 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.337630033 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.337691069 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.337696075 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.338110924 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.338175058 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.338186026 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.338291883 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.338346004 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.338351011 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.338435888 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.338493109 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.338498116 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.346045017 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.346120119 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.346124887 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.346326113 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.346385956 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.346390009 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.399060965 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.418859005 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.418903112 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.419003963 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.419056892 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.419061899 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.419157028 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.419192076 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.419239044 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.419245005 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.419276953 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.419444084 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.419514894 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.419519901 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.419661045 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.419718981 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.419723988 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.419877052 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.419936895 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.419941902 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.420038939 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.420100927 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.420105934 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.420300961 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.420367956 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.420372009 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.420506954 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.420568943 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.420572996 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.420711040 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.420770884 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.420778036 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.420909882 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.420974016 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.420979023 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.421040058 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.421103001 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.421104908 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.421118975 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.421164036 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.421174049 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.421179056 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.421204090 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.421233892 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.421237946 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.421248913 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.429313898 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.433275938 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.433350086 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.433356047 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.433398962 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.433413982 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.433501005 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.433506012 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.477157116 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.505389929 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.505521059 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.505527020 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.505681992 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.505745888 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.505752087 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.505886078 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.505970001 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.505974054 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.506117105 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.506176949 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.506181002 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.506361961 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.506419897 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.506424904 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.506545067 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.506603956 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.506608963 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.506721020 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.506778955 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.506783962 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.506947041 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.507014036 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.507018089 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.507195950 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.507263899 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.507267952 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.507471085 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.507535934 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.507540941 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.507656097 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.507738113 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.507741928 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.507885933 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.507950068 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.507955074 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.508035898 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.508100033 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.508105993 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.508167982 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.508232117 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.508236885 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.520145893 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.520239115 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.520243883 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.520278931 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.520339012 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.520344019 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.570930958 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.592609882 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.592731953 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.592740059 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.592952967 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.593030930 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.593035936 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.593159914 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.593211889 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.593215942 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.593427896 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.593482971 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.593487024 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.593656063 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.593713045 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.593718052 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.593828917 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.593885899 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.593890905 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.594017982 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.594074011 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.594078064 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.594259024 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.594312906 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.594316959 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.594460011 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.594527006 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.594532013 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.594669104 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.594729900 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.594734907 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.594847918 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.594894886 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.594898939 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.595016003 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.595072031 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.595077038 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.595170975 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.595227003 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.595232010 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.595355988 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.595412970 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.595417976 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.606975079 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.607064962 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.607069969 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.607162952 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.607240915 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.607245922 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.649043083 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.679471970 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.679570913 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.679578066 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.679677963 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.679757118 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.679761887 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.680002928 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.680064917 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.680069923 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.680191040 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.680257082 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.680260897 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.680402994 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.680459976 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.680464983 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.680589914 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.680655956 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.680660963 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.680774927 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.680838108 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.680841923 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.680989027 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.681042910 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.681046963 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.681267977 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.681329966 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.681334972 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.681482077 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.681536913 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.681540966 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.681693077 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.681754112 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.681757927 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.681848049 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.681921005 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.681926012 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.682012081 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.682070017 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.682075977 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.682174921 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.682233095 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.682236910 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.704991102 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.705081940 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.705087900 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.705132961 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.705204010 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.705208063 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.758548975 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.766602993 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.766633034 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.766766071 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.766772985 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.766865969 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.766927958 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.766932964 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.767083883 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.767149925 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.767154932 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.767286062 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.767349958 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.767354012 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.767487049 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.767544985 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.767549992 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.767669916 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.767729998 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.767735004 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.767904997 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.767966032 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.767970085 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.768100977 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.768162012 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.768167019 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.768301964 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.768379927 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.768385887 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.768510103 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.768569946 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.768573999 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.768686056 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.768747091 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.768752098 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.768920898 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.768978119 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.768982887 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.769098997 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.769160986 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.769165039 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.769231081 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.769293070 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.769296885 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.771439075 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.792310953 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.792403936 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.792411089 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.792462111 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.792488098 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.792551994 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.792557001 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.836517096 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.854624987 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.854717016 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.854739904 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.854892969 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.854947090 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.854953051 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.855119944 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.855185986 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.855190992 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.855377913 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.855446100 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.855451107 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.855612040 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.855678082 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.855684042 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.855829000 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.855894089 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.855899096 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.856043100 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.856108904 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.856113911 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.856254101 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.856314898 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.856319904 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.856540918 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.856610060 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.856615067 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.856915951 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.856990099 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.856995106 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.857160091 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.857223988 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.857228994 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.857300997 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.857361078 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.857366085 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.857711077 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.857778072 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.857783079 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.878884077 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.878951073 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.878964901 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.879115105 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.879189014 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.879194975 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.879302979 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.879358053 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.879364014 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.879511118 CET | 443 | 49705 | 23.237.188.42 | 192.168.2.5 |
| Feb 21, 2025 08:57:32.879580975 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:57:32.892976046 CET | 49705 | 443 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:58:22.431898117 CET | 49929 | 80 | 192.168.2.5 | 158.101.44.242 |
| Feb 21, 2025 08:58:22.438095093 CET | 80 | 49929 | 158.101.44.242 | 192.168.2.5 |
| Feb 21, 2025 08:58:22.438195944 CET | 49929 | 80 | 192.168.2.5 | 158.101.44.242 |
| Feb 21, 2025 08:58:22.438530922 CET | 49929 | 80 | 192.168.2.5 | 158.101.44.242 |
| Feb 21, 2025 08:58:22.444931984 CET | 80 | 49929 | 158.101.44.242 | 192.168.2.5 |
| Feb 21, 2025 08:58:23.022630930 CET | 80 | 49929 | 158.101.44.242 | 192.168.2.5 |
| Feb 21, 2025 08:58:23.070751905 CET | 49929 | 80 | 192.168.2.5 | 158.101.44.242 |
| Feb 21, 2025 08:58:23.248827934 CET | 49929 | 80 | 192.168.2.5 | 158.101.44.242 |
| Feb 21, 2025 08:58:23.253994942 CET | 80 | 49929 | 158.101.44.242 | 192.168.2.5 |
| Feb 21, 2025 08:58:23.404459953 CET | 80 | 49929 | 158.101.44.242 | 192.168.2.5 |
| Feb 21, 2025 08:58:23.438093901 CET | 49935 | 443 | 192.168.2.5 | 104.21.16.1 |
| Feb 21, 2025 08:58:23.438153028 CET | 443 | 49935 | 104.21.16.1 | 192.168.2.5 |
| Feb 21, 2025 08:58:23.438297987 CET | 49935 | 443 | 192.168.2.5 | 104.21.16.1 |
| Feb 21, 2025 08:58:23.443753004 CET | 49935 | 443 | 192.168.2.5 | 104.21.16.1 |
| Feb 21, 2025 08:58:23.443792105 CET | 443 | 49935 | 104.21.16.1 | 192.168.2.5 |
| Feb 21, 2025 08:58:23.445597887 CET | 49929 | 80 | 192.168.2.5 | 158.101.44.242 |
| Feb 21, 2025 08:58:23.906461000 CET | 443 | 49935 | 104.21.16.1 | 192.168.2.5 |
| Feb 21, 2025 08:58:23.906543016 CET | 49935 | 443 | 192.168.2.5 | 104.21.16.1 |
| Feb 21, 2025 08:58:23.911542892 CET | 49935 | 443 | 192.168.2.5 | 104.21.16.1 |
| Feb 21, 2025 08:58:23.911561966 CET | 443 | 49935 | 104.21.16.1 | 192.168.2.5 |
| Feb 21, 2025 08:58:23.911815882 CET | 443 | 49935 | 104.21.16.1 | 192.168.2.5 |
| Feb 21, 2025 08:58:23.955221891 CET | 49935 | 443 | 192.168.2.5 | 104.21.16.1 |
| Feb 21, 2025 08:58:23.995337009 CET | 443 | 49935 | 104.21.16.1 | 192.168.2.5 |
| Feb 21, 2025 08:58:24.071240902 CET | 443 | 49935 | 104.21.16.1 | 192.168.2.5 |
| Feb 21, 2025 08:58:24.071297884 CET | 443 | 49935 | 104.21.16.1 | 192.168.2.5 |
| Feb 21, 2025 08:58:24.071356058 CET | 49935 | 443 | 192.168.2.5 | 104.21.16.1 |
| Feb 21, 2025 08:58:24.079715967 CET | 49935 | 443 | 192.168.2.5 | 104.21.16.1 |
| Feb 21, 2025 08:58:24.819256067 CET | 49704 | 80 | 192.168.2.5 | 23.237.188.42 |
| Feb 21, 2025 08:59:28.404409885 CET | 80 | 49929 | 158.101.44.242 | 192.168.2.5 |
| Feb 21, 2025 08:59:28.404556036 CET | 49929 | 80 | 192.168.2.5 | 158.101.44.242 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Feb 21, 2025 08:57:30.316950083 CET | 51514 | 53 | 192.168.2.5 | 1.1.1.1 |
| Feb 21, 2025 08:57:30.330060959 CET | 53 | 51514 | 1.1.1.1 | 192.168.2.5 |
| Feb 21, 2025 08:58:22.418458939 CET | 56741 | 53 | 192.168.2.5 | 1.1.1.1 |
| Feb 21, 2025 08:58:22.425817013 CET | 53 | 56741 | 1.1.1.1 | 192.168.2.5 |
| Feb 21, 2025 08:58:23.411231041 CET | 61852 | 53 | 192.168.2.5 | 1.1.1.1 |
| Feb 21, 2025 08:58:23.437275887 CET | 53 | 61852 | 1.1.1.1 | 192.168.2.5 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Feb 21, 2025 08:57:30.316950083 CET | 192.168.2.5 | 1.1.1.1 | 0xd2cf | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Feb 21, 2025 08:58:22.418458939 CET | 192.168.2.5 | 1.1.1.1 | 0x2cc0 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Feb 21, 2025 08:58:23.411231041 CET | 192.168.2.5 | 1.1.1.1 | 0xd55e | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Feb 21, 2025 08:57:30.330060959 CET | 1.1.1.1 | 192.168.2.5 | 0xd2cf | No error (0) | ip.1009.filemail.com | CNAME (Canonical name) | IN (0x0001) | false | ||
| Feb 21, 2025 08:57:30.330060959 CET | 1.1.1.1 | 192.168.2.5 | 0xd2cf | No error (0) | 23.237.188.42 | A (IP address) | IN (0x0001) | false | ||
| Feb 21, 2025 08:58:22.425817013 CET | 1.1.1.1 | 192.168.2.5 | 0x2cc0 | No error (0) | checkip.dyndns.com | CNAME (Canonical name) | IN (0x0001) | false | ||
| Feb 21, 2025 08:58:22.425817013 CET | 1.1.1.1 | 192.168.2.5 | 0x2cc0 | No error (0) | 158.101.44.242 | A (IP address) | IN (0x0001) | false | ||
| Feb 21, 2025 08:58:22.425817013 CET | 1.1.1.1 | 192.168.2.5 | 0x2cc0 | No error (0) | 132.226.8.169 | A (IP address) | IN (0x0001) | false | ||
| Feb 21, 2025 08:58:22.425817013 CET | 1.1.1.1 | 192.168.2.5 | 0x2cc0 | No error (0) | 132.226.247.73 | A (IP address) | IN (0x0001) | false | ||
| Feb 21, 2025 08:58:22.425817013 CET | 1.1.1.1 | 192.168.2.5 | 0x2cc0 | No error (0) | 193.122.130.0 | A (IP address) | IN (0x0001) | false | ||
| Feb 21, 2025 08:58:22.425817013 CET | 1.1.1.1 | 192.168.2.5 | 0x2cc0 | No error (0) | 193.122.6.168 | A (IP address) | IN (0x0001) | false | ||
| Feb 21, 2025 08:58:23.437275887 CET | 1.1.1.1 | 192.168.2.5 | 0xd55e | No error (0) | 104.21.16.1 | A (IP address) | IN (0x0001) | false | ||
| Feb 21, 2025 08:58:23.437275887 CET | 1.1.1.1 | 192.168.2.5 | 0xd55e | No error (0) | 104.21.32.1 | A (IP address) | IN (0x0001) | false | ||
| Feb 21, 2025 08:58:23.437275887 CET | 1.1.1.1 | 192.168.2.5 | 0xd55e | No error (0) | 104.21.64.1 | A (IP address) | IN (0x0001) | false | ||
| Feb 21, 2025 08:58:23.437275887 CET | 1.1.1.1 | 192.168.2.5 | 0xd55e | No error (0) | 104.21.96.1 | A (IP address) | IN (0x0001) | false | ||
| Feb 21, 2025 08:58:23.437275887 CET | 1.1.1.1 | 192.168.2.5 | 0xd55e | No error (0) | 104.21.48.1 | A (IP address) | IN (0x0001) | false | ||
| Feb 21, 2025 08:58:23.437275887 CET | 1.1.1.1 | 192.168.2.5 | 0xd55e | No error (0) | 104.21.80.1 | A (IP address) | IN (0x0001) | false | ||
| Feb 21, 2025 08:58:23.437275887 CET | 1.1.1.1 | 192.168.2.5 | 0xd55e | No error (0) | 104.21.112.1 | A (IP address) | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.5 | 49704 | 23.237.188.42 | 80 | 7260 | C:\Users\user\Desktop\AWB_3570456515#U00b7PDF.scr.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Feb 21, 2025 08:57:30.365689993 CET | 187 | OUT | |
| Feb 21, 2025 08:57:30.961100101 CET | 591 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.5 | 49929 | 158.101.44.242 | 80 | 7832 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Feb 21, 2025 08:58:22.438530922 CET | 151 | OUT | |
| Feb 21, 2025 08:58:23.022630930 CET | 321 | IN | |
| Feb 21, 2025 08:58:23.248827934 CET | 127 | OUT | |
| Feb 21, 2025 08:58:23.404459953 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.5 | 49705 | 23.237.188.42 | 443 | 7260 | C:\Users\user\Desktop\AWB_3570456515#U00b7PDF.scr.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-02-21 07:57:31 UTC | 187 | OUT | |
| 2025-02-21 07:57:31 UTC | 334 | IN | |
| 2025-02-21 07:57:31 UTC | 800 | IN | |
| 2025-02-21 07:57:31 UTC | 8192 | IN | |
| 2025-02-21 07:57:31 UTC | 8192 | IN | |
| 2025-02-21 07:57:32 UTC | 8192 | IN | |
| 2025-02-21 07:57:32 UTC | 8192 | IN | |
| 2025-02-21 07:57:32 UTC | 8192 | IN | |
| 2025-02-21 07:57:32 UTC | 8192 | IN | |
| 2025-02-21 07:57:32 UTC | 8192 | IN | |
| 2025-02-21 07:57:32 UTC | 8192 | IN | |
| 2025-02-21 07:57:32 UTC | 8192 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.5 | 49935 | 104.21.16.1 | 443 | 7832 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-02-21 07:58:23 UTC | 85 | OUT | |
| 2025-02-21 07:58:24 UTC | 852 | IN | |
| 2025-02-21 07:58:24 UTC | 362 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 02:57:29 |
| Start date: | 21/02/2025 |
| Path: | C:\Users\user\Desktop\AWB_3570456515#U00b7PDF.scr.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x60000 |
| File size: | 340'992 bytes |
| MD5 hash: | 5B95C93A80D1AADFC50C8F1CD4983F50 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
| Has exited: | true |
| Target ID: | 4 |
| Start time: | 02:58:21 |
| Start date: | 21/02/2025 |
| Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x10000 |
| File size: | 65'440 bytes |
| MD5 hash: | 0D5DF43AF2916F47D00C1573797C1A13 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | high |
| Has exited: | false |