Edit tour
Windows
Analysis Report
IMAGE000Pdf.exe
Overview
General Information
| Sample name: | IMAGE000Pdf.exe |
| Analysis ID: | 1548539 |
| MD5: | 53441f2de2d573f3b2e4fb35c248229b |
| SHA1: | afc840f25adfcb5873f5b69e55b2920c370a2285 |
| SHA256: | 5bc4b28288f068f1c11e69b1cc94aacb4b0d2812494c1673471b890f1ce67a9e |
| Tags: | exeGuLoaderuser-abuse_ch |
| Infos: |  |
 | |
Detection
FormBook, GuLoader
| Score: | 88 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Yara detected FormBook
Yara detected GuLoader
AI detected suspicious sample
Initial sample is a PE file and has a suspicious name
Switches to a custom stack to bypass stack traces
Tries to detect virtualization through RDTSC time measurements
Abnormal high CPU Usage
Contains functionality to dynamically determine API calls
Contains functionality to shutdown / reboot the system
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Drops PE files
Found dropped PE file which has not been started or loaded
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Classification
- System is w10x64
IMAGE000Pdf.exe (PID: 7044 cmdline: "C:\Users\ user\Deskt op\IMAGE00 0Pdf.exe" MD5: 53441F2DE2D573F3B2E4FB35C248229B) - IMAGE000Pdf.exe (PID: 4676 cmdline:
"C:\Users\ user\Deskt op\IMAGE00 0Pdf.exe" MD5: 53441F2DE2D573F3B2E4FB35C248229B)
- cleanup
| Name | Description | Attribution | Blogpost URLs | Link |
|---|---|---|---|---|
| Formbook, Formbo | FormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware. |
| Name | Description | Attribution | Blogpost URLs | Link |
|---|---|---|---|---|
| CloudEyE, GuLoader | CloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored. | No Attribution |
⊘No configs have been found
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_FormBook_1 | Yara detected FormBook | Joe Security | ||
| JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security |
⊘No Sigma rule has matched
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-11-04T16:08:14.078293+0100 | 2022930 | 1 | A Network Trojan was detected | 52.149.20.212 | 443 | 192.168.2.5 | 49704 | TCP |
| 2024-11-04T16:08:53.376869+0100 | 2022930 | 1 | A Network Trojan was detected | 52.149.20.212 | 443 | 192.168.2.5 | 49889 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-11-04T16:08:44.574237+0100 | 2803270 | 2 | Potentially Bad Traffic | 192.168.2.5 | 49845 | 173.249.193.48 | 80 | TCP |
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | Avira: | ||
| Source: | ReversingLabs: | ||
| Source: | File source: | ||
| Source: | Integrated Neural Analysis Model: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Code function: | 0_2_0040674C | |
| Source: | Code function: | 0_2_00405B00 | |
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | HTTP traffic detected: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
E-Banking Fraud | |
|---|
| Source: | File source: | ||
System Summary | |
|---|
| Source: | Static PE information: | ||
| Source: | Process Stats: | ||
| Source: | Code function: | 0_2_004034A2 | |
| Source: | File created: | Jump to behavior | ||
| Source: | Code function: | 0_2_6F931B5F | |
| Source: | Static PE information: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Static PE information: | ||
| Source: | Classification label: | ||
| Source: | Code function: | 0_2_004034A2 | |
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | ReversingLabs: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | File written: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
Data Obfuscation | |
|---|
| Source: | File source: | ||
| Source: | Code function: | 0_2_6F931B5F | |
| Source: | File created: | Jump to dropped file | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
Malware Analysis System Evasion | |
|---|
| Source: | API/Special instruction interceptor: | ||
| Source: | API/Special instruction interceptor: | ||
| Source: | RDTSC instruction interceptor: | ||
| Source: | RDTSC instruction interceptor: | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Code function: | 0_2_0040674C | |
| Source: | Code function: | 0_2_00405B00 | |
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | API call chain: | graph_0-2286 | ||
| Source: | API call chain: | graph_0-2498 | ||
| Source: | Code function: | 0_2_6F931B5F | |
| Source: | Process created: | Jump to behavior | ||
| Source: | Code function: | 0_2_004034A2 | |
Stealing of Sensitive Information | |
|---|
| Source: | File source: | ||
Remote Access Functionality | |
|---|
| Source: | File source: | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Native API | 1 DLL Side-Loading | 1 Access Token Manipulation | 12 Masquerading | OS Credential Dumping | 21 Security Software Discovery | Remote Services | 1 Archive Collected Data | 1 Encrypted Channel | Exfiltration Over Other Network Medium | 1 System Shutdown/Reboot |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 11 Process Injection | 1 Virtualization/Sandbox Evasion | LSASS Memory | 1 Virtualization/Sandbox Evasion | Remote Desktop Protocol | Data from Removable Media | 1 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 1 DLL Side-Loading | 1 Access Token Manipulation | Security Account Manager | 3 File and Directory Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 11 Process Injection | NTDS | 22 System Information Discovery | Distributed Component Object Model | Input Capture | 11 Application Layer Protocol | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 DLL Side-Loading | LSA Secrets | Internet Connection Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 13% | ReversingLabs | Win32.Trojan.NsisInject | ||
| 100% | Avira | HEUR/AGEN.1333748 |
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | ReversingLabs |
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe |
⊘No contacted domains info
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| false |
| unknown |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 173.249.193.48 | unknown | United States | 11878 | TZULOUS | false |
| Joe Sandbox version: | 41.0.0 Charoite |
| Analysis ID: | 1548539 |
| Start date and time: | 2024-11-04 16:07:05 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 7m 41s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 5 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | IMAGE000Pdf.exe |
| Detection: | MAL |
| Classification: | mal88.troj.evad.winEXE@3/11@0/1 |
| EGA Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Report size getting too big, too many NtQueryValueKey calls found.
- Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
- VT rate limit hit for: IMAGE000Pdf.exe
| Time | Type | Description |
|---|---|---|
| 10:09:25 | API Interceptor |
⊘No context
⊘No context
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| TZULOUS | Get hash | malicious | FormBook, GuLoader | Browse |
| |
| Get hash | malicious | FormBook, GuLoader | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Okiru | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | AsyncRAT, DcRat | Browse |
|
⊘No context
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| C:\Users\user\AppData\Local\Temp\nslBEDE.tmp\System.dll | Get hash | malicious | Remcos, GuLoader | Browse | ||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | FormBook, GuLoader | Browse | |||
| Get hash | malicious | GuLoader | Browse | |||
| Get hash | malicious | GuLoader | Browse | |||
| Get hash | malicious | GuLoader | Browse | |||
| Get hash | malicious | Cobalt Strike, GuLoader | Browse | |||
| Get hash | malicious | GuLoader | Browse | |||
| Get hash | malicious | GuLoader | Browse | |||
| Get hash | malicious | GuLoader | Browse |
| Process: | C:\Users\user\Desktop\IMAGE000Pdf.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 52 |
| Entropy (8bit): | 4.0121618346445365 |
| Encrypted: | false |
| SSDEEP: | 3:BPi4YDgAmcAKDHMnhv:BPiBkAmc0nhv |
| MD5: | F298228D2D42CED0A00B0C5320000835 |
| SHA1: | FB06F02DDCDA4C9EC752A688EE617064DB3A49EB |
| SHA-256: | E399AFE89F97EAE7BCDAE626913DA1618F4F42BA11887217CDBF524720532AB2 |
| SHA-512: | 464DA89F9E1D5935810443B20C3D19F77585D964DF89F5CB427482A03C8EF6274D06CBC01533D92C691FFD55E1725BA5F427D023A45A5128BCED0EEE11E083FE |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\IMAGE000Pdf.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 12288 |
| Entropy (8bit): | 5.737556724687435 |
| Encrypted: | false |
| SSDEEP: | 192:MenY0qWTlt70IAj/lQ0sEWc/wtYbBH2aDybC7y+XBaIwL:M8+Qlt70Fj/lQRY/9VjjgL |
| MD5: | 6E55A6E7C3FDBD244042EB15CB1EC739 |
| SHA1: | 070EA80E2192ABC42F358D47B276990B5FA285A9 |
| SHA-256: | ACF90AB6F4EDC687E94AAF604D05E16E6CFB5E35873783B50C66F307A35C6506 |
| SHA-512: | 2D504B74DA38EDC967E3859733A2A9CACD885DB82F0CA69BFB66872E882707314C54238344D45945DC98BAE85772ACEEF71A741787922D640627D3C8AE8F1C35 |
| Malicious: | false |
| Antivirus: |
|
| Joe Sandbox View: |
|
| Reputation: | moderate, very likely benign file |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\struldbrug\bentwoods\Minkfarms\leakers.txt
Download File
| Process: | C:\Users\user\Desktop\IMAGE000Pdf.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 589 |
| Entropy (8bit): | 4.277818373535095 |
| Encrypted: | false |
| SSDEEP: | 12:mScXAtJsdW8lLQIVVCTP1t0laiam6mObo/Bpqwnh2yKbdB1j1f:mSrTsdRTVVM9Yz69Hwh2yKb7ff |
| MD5: | E80E34F461528DF8F86C4248C971B2AD |
| SHA1: | A1A74D8F5711DEED35AF2B81BE070CA471C39500 |
| SHA-256: | F2552D843F4D62F481743A15B7C95AA322C14EA5DBB999C8C889A42CBB093A8E |
| SHA-512: | 46A5D6487131677DAC16C2BE4FC29517C14CB8DB6228B40344D733597462122EF0D1D7DD69B4D5A7A10F9C86635F99D91E91AC2CEBDF923C6B72EF3809637622 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\struldbrug\bentwoods\Minkfarms\persongalleriers.una
Download File
| Process: | C:\Users\user\Desktop\IMAGE000Pdf.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 276701 |
| Entropy (8bit): | 1.2570216910370695 |
| Encrypted: | false |
| SSDEEP: | 768:yFPJSwGwS4JXi8PNDQNMDeMW3SGBqGHw1zwpmPMoaO64g1abi4IZxeMcdN9vfd95:/rFf4EoTti54LkFvI3oDW |
| MD5: | 18C3DA2AA022FF0B89999E28E6A2AE9A |
| SHA1: | 0659DDE0FD4B39B22825F1645A0BAE7E7202C7F9 |
| SHA-256: | 05DE1FF63CC38C7C4B3034091A311791BFF578658FF17D156AA4FB41A2E197C6 |
| SHA-512: | D3A51D8B29FEF026F94B339087413319E03DA3193D9159A43AD7B4FEE35A67EEEBC3E66A0092B5ED14F57458173D518C618F2EE00F4203F428EBE0FC162F667C |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\struldbrug\bentwoods\Minkfarms\porkiest.mis
Download File
| Process: | C:\Users\user\Desktop\IMAGE000Pdf.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 313672 |
| Entropy (8bit): | 1.2567166720965932 |
| Encrypted: | false |
| SSDEEP: | 768:iEGLlMkjkYtwS3MeXM3OpckON5VIbjnI3Oif4NxZSqJbDvz+hE7IkHAYsaW3DQLF:LtWLdp3I3yrt+3SoTMU5oT5 |
| MD5: | 17B0342D31B6E728E13DF79009833371 |
| SHA1: | B9F3354C4E886382D220D5EC4FA91F389585BD40 |
| SHA-256: | 8CAF84CE635BD92186709E81D12AE352E049C83B53F1C22A6DCB221E8F1C011E |
| SHA-512: | 4772F5AE64E0619B23114A41785DDE7DD1A9BACE12A9ABEDEF3400EDB3660D4E780C9B91E23A9FDEC1D97BCF7DC48E201771D7D58EB1740191A05CCFDB433C83 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\struldbrug\bentwoods\Mutuary.civ
Download File
| Process: | C:\Users\user\Desktop\IMAGE000Pdf.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 207881 |
| Entropy (8bit): | 7.331635651026833 |
| Encrypted: | false |
| SSDEEP: | 3072:zDyy/gxfmTCBeuVaCzUVI90J8g5sF6963goPdEWduKiKMLUW3tTS4NrQsgT99BwE:zDyR4WDsCgVImsE77KMLUS44NMx |
| MD5: | 749F30B7C897431F55057BFE15DF7228 |
| SHA1: | 2DB933559839DD5F79454546C98CCE8E9C4C8112 |
| SHA-256: | 1506167C68DEBF892BD0E2EAD9515C1F3F80BCCA9C489E715F2436425B7D8D48 |
| SHA-512: | 8E6BC090DFE67D411EA2B386538BAF9ADE1C7A47031CD4BFA0E7D491CFEF814923E71BA1DF8A2CB0A41AFADAE896F77BD89170BB560112E2A2B7BAA8DCD60C9D |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\struldbrug\bentwoods\Tilegnelsesevnes\Cresotinate.Oml
Download File
| Process: | C:\Users\user\Desktop\IMAGE000Pdf.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 16857 |
| Entropy (8bit): | 4.532822901243277 |
| Encrypted: | false |
| SSDEEP: | 384:+ipfHtyeVOvFfo92BAVO4tKq/vChYFVmuF1WbTeqFb7RfW:dlyttfo9iAVO4tiGmPZW |
| MD5: | 143CC97C03735690BA675F029A4A3A16 |
| SHA1: | 7BBA23E28EDB92B05620AA4EA667D3C04DE93593 |
| SHA-256: | EDCF653A613FF7FB1143DF97441A7027D486CA942A333F3EA0B74C7C11F3D88B |
| SHA-512: | 01C2C26B31488E036F6C6634636B33A0C06672FF464549D12B653326FA1A90460FAF485C59D8F0B85C6CCF57946AC4D09A70B5A5D3609E93AD3DCDE421CF16A7 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\struldbrug\bentwoods\Tilegnelsesevnes\Maleriet213.arc
Download File
| Process: | C:\Users\user\Desktop\IMAGE000Pdf.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 244482 |
| Entropy (8bit): | 1.2509108197987615 |
| Encrypted: | false |
| SSDEEP: | 768:ArczTS8oocp0tWLSMkXWg7PKU30gfL4Qf1AUdyM03I3xkjFlu7NDSAZd+6XYIHXd:7Yhp0ckXv78owAC3MhxqI |
| MD5: | E6AC7A31DA2D4322339135AD20EB0F23 |
| SHA1: | F76C6D6EE7C9B01DB799642990AA88B140003EC4 |
| SHA-256: | 00FAD7EC11DB9706955FDF3BE0E6FB037E9F9780F94A502A774B30AB52773A94 |
| SHA-512: | C87DABB08D092D546FF80270B052CF1C5D92D25852DBFECC139CE528CCD2A22CCE130A8C90C08117DF542E6D83DE91E92180F853C201F042BED4681D4737E75D |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\struldbrug\bentwoods\Tilegnelsesevnes\afsgning.for
Download File
| Process: | C:\Users\user\Desktop\IMAGE000Pdf.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 430713 |
| Entropy (8bit): | 1.2530301266200883 |
| Encrypted: | false |
| SSDEEP: | 1536:vu65sFtuGbUq4CCWG9TcLs9xEEc0MVWFnhMA:2PjbUquWUYs/9x |
| MD5: | 8ED0D91C7C65B02A5630D1A012895C3D |
| SHA1: | FA74C3BD3A32123D71AEA67D386B5AC251FEC260 |
| SHA-256: | 1113E4990BEF55E4CD1D868513B2305C72803FB296D559BFA9C8C93DE2EDC8AB |
| SHA-512: | FBE41906CCABB44E8D71D7664B756F75ABDBF0FB80BFCBBF4BBA9D9370DF4CEDBE437BA9F116B3F9E9D2AE2FB1E2D34D34F152E518A2E5E0096A506093F8DB24 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\struldbrug\bentwoods\Tilegnelsesevnes\bookishly.egg
Download File
| Process: | C:\Users\user\Desktop\IMAGE000Pdf.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 223405 |
| Entropy (8bit): | 1.2642457624863013 |
| Encrypted: | false |
| SSDEEP: | 768:DDh04DrooyUGbNSipoS0yYEt0ihBLBJU06zf8VWZt+il3sVxTD6I6o9+2u5inuB4:rorpFGQVWwj9bQdun2ljrAbUGl |
| MD5: | 96E6C0CBBACF232110DF3E7FC4B4D980 |
| SHA1: | FC18FDD4E5417AC76F68BF507AC0BA6B9A183CFE |
| SHA-256: | 04F64748055424253509A229EE3E6F9BFC86898CBA667DA8312333552987B610 |
| SHA-512: | 8DD22ABBED1522A08E9AC3559F5CC6871B77C1B76C2A7AA0CD61E52CA7D3A43DCBAF00285BF29C1FF885FC5F424FA411F56F19EB1886DA97CC7010BCA66530A9 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\struldbrug\bentwoods\Tilegnelsesevnes\etisk.hvs
Download File
| Process: | C:\Users\user\Desktop\IMAGE000Pdf.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 385914 |
| Entropy (8bit): | 1.2561626561864936 |
| Encrypted: | false |
| SSDEEP: | 768:++TtgE2yMxqLKoiyt4CpVdIwu3Uema6LhlEv9cCAXP69rBqGDpx/NEJKTPLqqQJl:bMFgNCAE6oLJS9a/IrOyTWq2uC |
| MD5: | A4946227DE4DC2A79BF473A3D09C4247 |
| SHA1: | 9FF800E6B4A72B6281D812710D00AD003F757170 |
| SHA-256: | 1F6BB50C9AC95A61782FCDE006B6E396ACEDA7794FD30FFB7D97020FD7B8059E |
| SHA-512: | 2902630584092375E1A2FB4669437C43548BC0D0E00B2B98A3FDAEEDC57F3567B61A3FC545C8157FD410D6E26C9A70E8D989E97983700FFB55D9D1154CEBE1F4 |
| Malicious: | false |
| Preview: |
| File type: | |
| Entropy (8bit): | 6.460432078632097 |
| TrID: |
|
| File name: | IMAGE000Pdf.exe |
| File size: | 915'632 bytes |
| MD5: | 53441f2de2d573f3b2e4fb35c248229b |
| SHA1: | afc840f25adfcb5873f5b69e55b2920c370a2285 |
| SHA256: | 5bc4b28288f068f1c11e69b1cc94aacb4b0d2812494c1673471b890f1ce67a9e |
| SHA512: | 021ba2fc3570b82daf0181f229e5e0b80a10f6a74a3f77baa4d608961c38222b03d428f82b7d5abfca6fa55cbfebc7b5e715f33ecf8f67882186b6601bfcbda2 |
| SSDEEP: | 12288:A3nIRS5/vuI8sOabBdHdWIXjwxipfpQGYAGau5yxX9O9u:A3IRgvuoO0pdZXjUiNuGYpawA9uu |
| TLSH: | 59156949A38C50C6DD3A3B32FA1D7613B655AC138550118A3AC8BE583BF57B07B9FA31 |
| File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........!`G.@...@...@../OQ..@...@..I@../OS..@...c>..@..+F...@..Rich.@..........................PE..L......`.................f....:.... |
 | |
| Icon Hash: | d3672eac1a0c662c |
| Entrypoint: | 0x4034a2 |
| Entrypoint Section: | .text |
| Digitally signed: | true |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
| DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
| Time Stamp: | 0x60FC90D1 [Sat Jul 24 22:14:41 2021 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 4 |
| OS Version Minor: | 0 |
| File Version Major: | 4 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 4 |
| Subsystem Version Minor: | 0 |
| Import Hash: | 6e7f9a29f2c85394521a08b9f31f6275 |
| Signature Valid: | false |
| Signature Issuer: | CN=Underretternes, O=Underretternes, L=Lannemezan, C=FR |
| Signature Validation Error: | A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider |
| Error Number: | -2146762487 |
| Not Before, Not After |
|
| Subject Chain |
|
| Version: | 3 |
| Thumbprint MD5: | B7699D9FC11FF2BC8B537A1496DBA607 |
| Thumbprint SHA-1: | 13E2B15CFFB46BFE6E63F1DDDD5D08B90EC97D8B |
| Thumbprint SHA-256: | B488D28F491B0130739761D68A25298DFD95A7D90A466B370C1D833271156981 |
| Serial: | 0C38DED2C7C23BE59C80206BBCC81E7BF88A1876 |
| Instruction |
|---|
| sub esp, 000002D4h |
| push ebx |
| push esi |
| push edi |
| push 00000020h |
| pop edi |
| xor ebx, ebx |
| push 00008001h |
| mov dword ptr [esp+14h], ebx |
| mov dword ptr [esp+10h], 0040A2E0h |
| mov dword ptr [esp+1Ch], ebx |
| call dword ptr [004080CCh] |
| call dword ptr [004080D0h] |
| and eax, BFFFFFFFh |
| cmp ax, 00000006h |
| mov dword ptr [007A8A6Ch], eax |
| je 00007F17ACECEA63h |
| push ebx |
| call 00007F17ACED1D51h |
| cmp eax, ebx |
| je 00007F17ACECEA59h |
| push 00000C00h |
| call eax |
| mov esi, 004082B0h |
| push esi |
| call 00007F17ACED1CCBh |
| push esi |
| call dword ptr [00408154h] |
| lea esi, dword ptr [esi+eax+01h] |
| cmp byte ptr [esi], 00000000h |
| jne 00007F17ACECEA3Ch |
| push 0000000Bh |
| call 00007F17ACED1D24h |
| push 00000009h |
| call 00007F17ACED1D1Dh |
| push 00000007h |
| mov dword ptr [007A8A64h], eax |
| call 00007F17ACED1D11h |
| cmp eax, ebx |
| je 00007F17ACECEA61h |
| push 0000001Eh |
| call eax |
| test eax, eax |
| je 00007F17ACECEA59h |
| or byte ptr [007A8A6Fh], 00000040h |
| push ebp |
| call dword ptr [00408038h] |
| push ebx |
| call dword ptr [00408298h] |
| mov dword ptr [007A8B38h], eax |
| push ebx |
| lea eax, dword ptr [esp+34h] |
| push 000002B4h |
| push eax |
| push ebx |
| push 0079FF08h |
| call dword ptr [0040818Ch] |
| push 0040A2C8h |
| Programming Language: |
|
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0x8504 | 0xa0 | .rdata |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x3de000 | 0x56ef8 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0xdef90 | 0x920 | .data |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x8000 | 0x2b0 | .rdata |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0x656c | 0x6600 | 12117ad2476c7a7912407af0dcfcb8a7 | False | 0.6737515318627451 | data | 6.47208759712619 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .rdata | 0x8000 | 0x1398 | 0x1400 | e3e8d62e1d2308b175349eb9daa266c8 | False | 0.4494140625 | data | 5.137750894959169 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .data | 0xa000 | 0x39eb78 | 0x600 | 2020ca26e010546720fd467c5d087b57 | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .ndata | 0x3a9000 | 0x35000 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .rsrc | 0x3de000 | 0x56ef8 | 0x57000 | c1896e67b80e50079ebeadcac8c0d8c3 | False | 0.13646338451867815 | data | 2.5203155069997596 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
|---|---|---|---|---|---|---|
| RT_ICON | 0x3de2c8 | 0x42028 | Device independent bitmap graphic, 256 x 512 x 32, image size 0 | English | United States | 0.11415584223451786 |
| RT_ICON | 0x4202f0 | 0x10828 | Device independent bitmap graphic, 128 x 256 x 32, image size 0 | English | United States | 0.17530758310658937 |
| RT_ICON | 0x430b18 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | English | United States | 0.27551867219917014 |
| RT_ICON | 0x4330c0 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 0 | English | United States | 0.3295028142589118 |
| RT_ICON | 0x434168 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | English | United States | 0.47074468085106386 |
| RT_DIALOG | 0x4345d0 | 0x100 | data | English | United States | 0.5234375 |
| RT_DIALOG | 0x4346d0 | 0x11c | data | English | United States | 0.6056338028169014 |
| RT_DIALOG | 0x4347f0 | 0xc4 | data | English | United States | 0.5918367346938775 |
| RT_DIALOG | 0x4348b8 | 0x60 | data | English | United States | 0.7291666666666666 |
| RT_GROUP_ICON | 0x434918 | 0x4c | data | English | United States | 0.7894736842105263 |
| RT_VERSION | 0x434968 | 0x250 | data | English | United States | 0.5287162162162162 |
| RT_MANIFEST | 0x434bb8 | 0x33e | XML 1.0 document, ASCII text, with very long lines (830), with no line terminators | English | United States | 0.5542168674698795 |
| DLL | Import |
|---|---|
| ADVAPI32.dll | RegCreateKeyExW, RegEnumKeyW, RegQueryValueExW, RegSetValueExW, RegCloseKey, RegDeleteValueW, RegDeleteKeyW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, SetFileSecurityW, RegOpenKeyExW, RegEnumValueW |
| SHELL32.dll | SHGetSpecialFolderLocation, SHFileOperationW, SHBrowseForFolderW, SHGetPathFromIDListW, ShellExecuteExW, SHGetFileInfoW |
| ole32.dll | OleInitialize, OleUninitialize, CoCreateInstance, IIDFromString, CoTaskMemFree |
| COMCTL32.dll | ImageList_Create, ImageList_Destroy, ImageList_AddMasked |
| USER32.dll | GetClientRect, EndPaint, DrawTextW, IsWindowEnabled, DispatchMessageW, wsprintfA, CharNextA, CharPrevW, MessageBoxIndirectW, GetDlgItemTextW, SetDlgItemTextW, GetSystemMetrics, FillRect, AppendMenuW, TrackPopupMenu, OpenClipboard, SetClipboardData, CloseClipboard, IsWindowVisible, CallWindowProcW, GetMessagePos, CheckDlgButton, LoadCursorW, SetCursor, GetWindowLongW, GetSysColor, SetWindowPos, PeekMessageW, SetClassLongW, GetSystemMenu, EnableMenuItem, GetWindowRect, ScreenToClient, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, FindWindowExW, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, EmptyClipboard, CreatePopupMenu |
| GDI32.dll | SetBkMode, SetBkColor, GetDeviceCaps, CreateFontIndirectW, CreateBrushIndirect, DeleteObject, SetTextColor, SelectObject |
| KERNEL32.dll | GetExitCodeProcess, WaitForSingleObject, GetModuleHandleA, GetProcAddress, GetSystemDirectoryW, lstrcatW, Sleep, lstrcpyA, WriteFile, GetTempFileNameW, CreateFileW, lstrcmpiA, RemoveDirectoryW, CreateProcessW, CreateDirectoryW, GetLastError, CreateThread, GlobalLock, GlobalUnlock, GetDiskFreeSpaceW, WideCharToMultiByte, lstrcpynW, lstrlenW, SetErrorMode, GetVersion, GetCommandLineW, GetTempPathW, GetWindowsDirectoryW, SetEnvironmentVariableW, ExitProcess, CopyFileW, GetCurrentProcess, GetModuleFileNameW, GetFileSize, GetTickCount, MulDiv, SetFileAttributesW, GetFileAttributesW, SetCurrentDirectoryW, MoveFileW, GetFullPathNameW, GetShortPathNameW, SearchPathW, CompareFileTime, SetFileTime, CloseHandle, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalFree, GlobalAlloc, GetModuleHandleW, LoadLibraryExW, MoveFileExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, lstrlenA, MultiByteToWideChar, ReadFile, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW |
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| English | United States |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-11-04T16:08:14.078293+0100 | 2022930 | ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow | 1 | 52.149.20.212 | 443 | 192.168.2.5 | 49704 | TCP |
| 2024-11-04T16:08:44.574237+0100 | 2803270 | ETPRO MALWARE Common Downloader Header Pattern UHCa | 2 | 192.168.2.5 | 49845 | 173.249.193.48 | 80 | TCP |
| 2024-11-04T16:08:53.376869+0100 | 2022930 | ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow | 1 | 52.149.20.212 | 443 | 192.168.2.5 | 49889 | TCP |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Nov 4, 2024 16:08:43.871211052 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:43.876151085 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:43.879237890 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:43.879375935 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:43.884689093 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.574017048 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.574126005 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.574137926 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.574150085 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.574161053 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.574173927 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.574233055 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.574237108 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.574244976 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.574258089 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.574268103 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.574270010 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.574286938 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.574302912 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.579205036 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.579220057 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.579274893 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.693521023 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.693547010 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.693561077 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.693608046 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.693612099 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.693620920 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.693649054 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.693655014 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.693675041 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.693687916 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.693826914 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.693847895 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.693861008 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.693890095 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.693907022 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.694256067 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.694283962 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.694297075 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.694322109 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.694346905 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.694365025 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.694379091 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.694411039 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.695199966 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.695214033 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.695224047 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.695238113 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.695259094 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.695271015 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.695280075 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.695298910 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.696116924 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.696137905 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.696150064 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.696156025 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.696171045 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.696190119 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.698554039 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.698568106 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.698580027 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.698597908 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.698601007 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.698621988 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.698664904 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.813009977 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.813040018 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.813051939 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.813110113 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.813143015 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.813152075 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.813163996 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.813174963 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.813188076 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.813199043 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.813234091 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.813268900 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.813281059 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.813292027 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.813309908 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.813335896 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.813375950 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.813388109 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.813431978 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.813458920 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.813488960 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.813499928 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.813500881 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.813523054 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.813541889 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.813606024 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.813616991 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.813627958 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.813638926 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.813653946 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.813685894 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.813935041 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.813994884 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.814007044 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.814038038 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.814050913 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.814080954 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.814094067 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.814105034 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.814122915 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.814131975 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.814142942 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.814172983 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.814228058 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.814239979 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.814249992 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.814273119 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.814301014 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.814732075 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.814775944 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.814788103 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.814811945 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.814835072 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.814841032 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.814852953 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.814867973 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.814892054 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.814905882 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.814933062 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.814944983 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.814960003 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.815021038 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.815037966 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.815342903 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.815360069 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.815371037 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.815403938 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.815419912 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.815448046 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.815460920 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.815470934 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.815499067 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.815526009 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.815556049 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.815567970 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.815581083 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.815591097 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.815602064 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.815649986 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.818144083 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.818227053 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.931869984 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.931898117 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.931910038 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.931920052 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.931931019 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.931943893 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.931956053 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.931967020 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.932007074 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.932060957 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.932199001 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.932257891 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.932272911 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.932300091 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.932312965 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.932332039 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.932343960 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.932354927 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.932384968 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.932415962 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.932429075 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.932440042 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.932451010 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.932485104 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.932497978 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.932524920 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.932800055 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.932816982 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.932841063 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.932853937 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.932873964 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.932885885 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.932923079 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.932990074 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.933075905 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.933087111 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.933098078 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.933109999 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.933120966 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.933156967 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.933156967 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.933221102 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.933233976 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.933239937 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.933245897 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.933262110 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.933271885 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.933280945 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.933284998 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.933306932 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.933324099 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.933449030 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.933461905 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.933473110 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.933482885 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.933492899 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.933496952 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.933499098 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.933511972 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.933518887 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.933523893 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.933545113 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.933571100 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.933631897 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.933671951 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.933708906 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.933721066 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.933732033 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.933743000 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.933749914 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.933762074 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.933784962 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.933856964 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.933870077 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.933878899 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.933885098 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.933895111 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.933919907 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.933949947 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.937035084 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.937055111 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.937066078 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.937108040 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.937113047 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.937145948 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.937206030 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.937217951 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.937228918 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.937248945 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.937252998 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.937264919 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.937273026 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.937278032 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.937300920 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.937326908 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.937344074 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.937407017 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.937448025 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.937469959 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.937480927 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.937491894 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.937503099 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.937519073 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.937539101 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.937572002 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.937582970 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.937613010 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.937621117 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.937649012 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.937655926 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.937663078 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.937680960 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.937697887 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.937705994 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.937725067 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.937741041 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.937761068 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.937772989 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.937783003 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.937798023 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.937818050 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.937840939 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.937854052 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.937871933 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.937881947 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.937884092 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.937895060 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.937908888 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.937918901 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.937937975 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.937948942 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.938004017 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.938016891 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.938057899 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.938062906 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.938076019 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.938116074 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.938170910 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.938210964 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.938239098 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.938251972 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.938281059 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.938291073 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.938301086 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.938325882 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.938350916 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.938393116 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.938405991 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.938416004 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.938427925 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.938433886 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.938441992 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.938463926 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.938478947 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.938499928 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.938513041 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.938539982 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:44.938554049 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:44.938577890 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:45.050926924 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:45.050972939 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:45.050987005 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:45.050997019 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:45.051009893 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:45.051022053 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:45.051023006 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:45.051035881 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:45.051052094 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:45.051084042 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:45.051115990 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:45.051129103 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:45.051141024 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:45.051151991 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:45.051167965 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:45.051198959 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:45.051222086 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:45.051234007 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:45.051246881 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:45.051260948 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:45.051269054 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:45.051302910 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:45.051348925 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:45.051359892 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:45.051372051 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:45.051395893 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:45.051429033 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:45.051469088 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:45.051481009 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:45.051491976 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:45.051503897 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:45.051515102 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:45.051517963 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:45.051564932 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:45.051580906 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:45.051589012 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:45.051594973 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:45.051625013 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:45.051647902 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:45.051656008 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:45.051668882 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:45.051698923 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:45.051722050 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:45.051784039 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:45.051796913 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:45.051808119 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:45.051817894 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:45.051827908 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:45.051836967 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:45.051837921 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:45.051868916 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:45.051883936 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:45.051959038 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:45.051971912 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:45.051983118 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:45.051992893 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:45.052004099 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:45.052010059 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:45.052038908 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:45.052082062 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:45.052098036 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:45.052110910 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:45.052120924 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:45.052130938 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:45.052140951 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:45.052143097 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:45.052154064 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:45.052170038 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:45.052200079 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:45.052229881 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:45.052242041 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:45.052269936 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:45.052292109 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:45.052350044 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:45.052362919 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:45.052373886 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:45.052385092 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:45.052396059 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:45.052397966 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:45.052407980 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:45.052417040 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:45.052421093 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:45.052433968 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:45.052450895 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:45.052476883 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:45.052638054 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:45.052649021 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:45.052654028 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:45.052664042 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:45.052680969 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:45.052690983 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:45.052694082 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:45.052700996 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:45.052705050 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:45.052719116 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:45.052727938 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:45.052738905 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:45.052742004 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:45.052773952 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:45.052791119 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:45.052911043 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:45.052923918 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:45.052936077 CET | 80 | 49845 | 173.249.193.48 | 192.168.2.5 |
| Nov 4, 2024 16:08:45.052957058 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:08:45.052979946 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
| Nov 4, 2024 16:09:32.638856888 CET | 49845 | 80 | 192.168.2.5 | 173.249.193.48 |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.5 | 49845 | 173.249.193.48 | 80 | 4676 | C:\Users\user\Desktop\IMAGE000Pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 4, 2024 16:08:43.879375935 CET | 180 | OUT | |
| Nov 4, 2024 16:08:44.574017048 CET | 1236 | IN | |
| Nov 4, 2024 16:08:44.574126005 CET | 1236 | IN | |
| Nov 4, 2024 16:08:44.574137926 CET | 1236 | IN | |
| Nov 4, 2024 16:08:44.574150085 CET | 1236 | IN | |
| Nov 4, 2024 16:08:44.574161053 CET | 1236 | IN | |
| Nov 4, 2024 16:08:44.574173927 CET | 1236 | IN | |
| Nov 4, 2024 16:08:44.574233055 CET | 1236 | IN | |
| Nov 4, 2024 16:08:44.574244976 CET | 1236 | IN | |
| Nov 4, 2024 16:08:44.574258089 CET | 1236 | IN | |
| Nov 4, 2024 16:08:44.574270010 CET | 1236 | IN | |
| Nov 4, 2024 16:08:44.579205036 CET | 1236 | IN |
Click to jump to process
Click to jump to process
Click to jump to process
| Target ID: | 0 |
| Start time: | 10:07:53 |
| Start date: | 04/11/2024 |
| Path: | C:\Users\user\Desktop\IMAGE000Pdf.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 915'632 bytes |
| MD5 hash: | 53441F2DE2D573F3B2E4FB35C248229B |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
| Has exited: | true |
| Target ID: | 3 |
| Start time: | 10:08:35 |
| Start date: | 04/11/2024 |
| Path: | C:\Users\user\Desktop\IMAGE000Pdf.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 915'632 bytes |
| MD5 hash: | 53441F2DE2D573F3B2E4FB35C248229B |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
| Has exited: | true |
Execution Graph
| Execution Coverage: | 28.3% |
| Dynamic/Decrypted Code Coverage: | 0% |
| Signature Coverage: | 18.5% |
| Total number of Nodes: | 704 |
| Total number of Limit Nodes: | 17 |
Graph
Function 004034A2 Relevance: 86.2, APIs: 32, Strings: 17, Instructions: 410stringfilecomCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 6F931B5F Relevance: 20.1, APIs: 13, Instructions: 597stringlibrarymemoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405B00 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 148filestringCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00403ABD Relevance: 45.7, APIs: 13, Strings: 13, Instructions: 215stringregistryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00403015 Relevance: 24.7, APIs: 5, Strings: 9, Instructions: 181memoryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040642B Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 209stringCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406773 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405DCB Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 47stringCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004062BC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004059D7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405EE4 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004059A2 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405F67 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405F96 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 6F9329DF Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404390 Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040345A Relevance: 1.5, APIs: 1, Instructions: 6COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404379 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404366 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 6F932AF8 Relevance: 1.4, APIs: 1, Instructions: 143memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040603A Relevance: 24.6, APIs: 10, Strings: 4, Instructions: 130memorystringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004043AB Relevance: 12.1, APIs: 8, Instructions: 68COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402F2B Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 6F9325B5 Relevance: 9.1, APIs: 6, Instructions: 109COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 6F9318D9 Relevance: 7.7, APIs: 5, Instructions: 194COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 6F9323E0 Relevance: 7.6, APIs: 5, Instructions: 135memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 6F93161D Relevance: 7.5, APIs: 5, Instructions: 41memorylibraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405CC3 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402FB1 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405D0F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 6F9310E1 Relevance: 5.1, APIs: 4, Instructions: 104memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405E49 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|