Edit tour

Windows Analysis Report
lK1DKi27B4.dll

Overview

General Information

Sample name:	lK1DKi27B4.dll (renamed file extension from exe to dll, renamed because original name is a hash value)
Original sample name:	d908e4fef54e64e1e5d8a2a91851a2f5794a2ba625690e8e30911ca06f9d2b8b.exe
Analysis ID:	1524003
MD5:	0246f502105fb05afbebb9901642cba0
SHA1:	aadccd1ad344910c4cf83845eff287193c61cb08
SHA256:	d908e4fef54e64e1e5d8a2a91851a2f5794a2ba625690e8e30911ca06f9d2b8b
Tags:	exeRhysidauser-JAMESWT_MHT
Infos:

Detection

Score:	76
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for dropped file

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

System process connects to network (likely due to code injection or exploit)

AI detected suspicious sample

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Dropped file seen in connection with other malware

Drops PE files

Found dropped PE file which has not been started or loaded

Internet Provider seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

Sample execution stops while process was sleeping (likely an evasion)

Classification

Process Tree

System is w10x64

loaddll64.exe (PID: 6856 cmdline: loaddll64.exe "C:\Users\user\Desktop\lK1DKi27B4.dll" MD5: 763455F9DCB24DFEECC2B9D9F8D46D52)

conhost.exe (PID: 6876 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 6992 cmdline: cmd.exe /C rundll32.exe "C:\Users\user\Desktop\lK1DKi27B4.dll",#1 MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

rundll32.exe (PID: 7088 cmdline: rundll32.exe "C:\Users\user\Desktop\lK1DKi27B4.dll",#1 MD5: EF3179D498793BF4234F708D3BE28633)

rundll32.exe (PID: 4208 cmdline: rundll32.exe C:\Users\user\AppData\Local\Temp/tmpf193.dll,run C:\Users\user\Desktop\lK1DKi27B4.dll MD5: EF3179D498793BF4234F708D3BE28633)

rundll32.exe (PID: 7020 cmdline: rundll32.exe C:\Users\user\Desktop\lK1DKi27B4.dll,start MD5: EF3179D498793BF4234F708D3BE28633)

rundll32.exe (PID: 2008 cmdline: rundll32.exe C:\Users\user\AppData\Local\Temp/tmpf193.dll,run C:\Users\user\Desktop\lK1DKi27B4.dll MD5: EF3179D498793BF4234F708D3BE28633)

rundll32.exe (PID: 6212 cmdline: rundll32.exe "C:\Users\user\Desktop\lK1DKi27B4.dll",start MD5: EF3179D498793BF4234F708D3BE28633)

rundll32.exe (PID: 4592 cmdline: rundll32.exe C:\Users\user\AppData\Local\Temp/tmpf193.dll,run C:\Users\user\Desktop\lK1DKi27B4.dll MD5: EF3179D498793BF4234F708D3BE28633)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\tmpf193.dll

Avira: detection malicious, Label: TR/AVI.Agent.yfqhy

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\tmpf193.dll

ReversingLabs: Detection: 39%

Multi AV Scanner detection for submitted file

Source: lK1DKi27B4.dll

ReversingLabs: Detection: 54%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 96.4% probability

Source: lK1DKi27B4.dll

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT

Networking

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\System32\rundll32.exe	Network Connect: 5.252.177.228 443	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Network Connect: 85.239.52.252 443	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Network Connect: 80.87.206.189 443	Jump to behavior

Source: Joe Sandbox View	ASN Name: MIVOCLOUDMD MIVOCLOUDMD
Source: Joe Sandbox View	ASN Name: PINDC-ASRU PINDC-ASRU
Source: Joe Sandbox View	ASN Name: RAINBOW-HKRainbownetworklimitedHK RAINBOW-HKRainbownetworklimitedHK

Source: unknown	TCP traffic detected without corresponding DNS query: 80.87.206.189
Source: unknown	TCP traffic detected without corresponding DNS query: 80.87.206.189
Source: unknown	TCP traffic detected without corresponding DNS query: 80.87.206.189
Source: unknown	TCP traffic detected without corresponding DNS query: 80.87.206.189
Source: unknown	TCP traffic detected without corresponding DNS query: 80.87.206.189
Source: unknown	TCP traffic detected without corresponding DNS query: 80.87.206.189
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.52.252
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.52.252
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.52.252
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.52.252
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.52.252
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.52.252
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.177.228
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.177.228
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.177.228
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.177.228
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.177.228
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.177.228
Source: unknown	TCP traffic detected without corresponding DNS query: 80.87.206.189
Source: unknown	TCP traffic detected without corresponding DNS query: 80.87.206.189
Source: unknown	TCP traffic detected without corresponding DNS query: 80.87.206.189
Source: unknown	TCP traffic detected without corresponding DNS query: 80.87.206.189
Source: unknown	TCP traffic detected without corresponding DNS query: 80.87.206.189
Source: unknown	TCP traffic detected without corresponding DNS query: 80.87.206.189
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.52.252
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.52.252
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.52.252
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.52.252
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.52.252
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.52.252
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.177.228
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.177.228
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.177.228
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.177.228
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.177.228
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.177.228
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.177.228
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.177.228
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.177.228
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.177.228
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.177.228
Source: unknown	TCP traffic detected without corresponding DNS query: 5.252.177.228
Source: unknown	TCP traffic detected without corresponding DNS query: 80.87.206.189
Source: unknown	TCP traffic detected without corresponding DNS query: 80.87.206.189
Source: unknown	TCP traffic detected without corresponding DNS query: 80.87.206.189
Source: unknown	TCP traffic detected without corresponding DNS query: 80.87.206.189
Source: unknown	TCP traffic detected without corresponding DNS query: 80.87.206.189
Source: unknown	TCP traffic detected without corresponding DNS query: 80.87.206.189
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.52.252
Source: unknown	TCP traffic detected without corresponding DNS query: 85.239.52.252

Source: C:\Windows\System32\rundll32.exe

Code function: 3_2_00007FFE133239A0 recv,

3_2_00007FFE133239A0

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49854 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49843 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443

Source: Joe Sandbox View

Dropped File: C:\Users\user\AppData\Local\Temp\tmpf193.dll C9920E995FBC98CD3883EF4C4520300D5E82BAB5D2A5C781E9E9FE694A43E82F

Source: classification engine

Classification label: mal76.evad.winDLL@16/1@0/3

Source: C:\Windows\System32\rundll32.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6876:120:WilError_03

Source: C:\Windows\System32\rundll32.exe

File created: C:\Users\user\AppData\Local\Temp\tmpf193.dll

Jump to behavior

Source: lK1DKi27B4.dll

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Windows\System32\loaddll64.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Windows\System32\loaddll64.exe

Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\lK1DKi27B4.dll,start

Source: lK1DKi27B4.dll

ReversingLabs: Detection: 54%

Source: unknown	Process created: C:\Windows\System32\loaddll64.exe loaddll64.exe "C:\Users\user\Desktop\lK1DKi27B4.dll"
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\lK1DKi27B4.dll",#1
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\lK1DKi27B4.dll,start
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\lK1DKi27B4.dll",#1
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\lK1DKi27B4.dll",start
Source: C:\Windows\System32\rundll32.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\AppData\Local\Temp/tmpf193.dll,run C:\Users\user\Desktop\lK1DKi27B4.dll
Source: C:\Windows\System32\rundll32.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\AppData\Local\Temp/tmpf193.dll,run C:\Users\user\Desktop\lK1DKi27B4.dll
Source: C:\Windows\System32\rundll32.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\AppData\Local\Temp/tmpf193.dll,run C:\Users\user\Desktop\lK1DKi27B4.dll
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\lK1DKi27B4.dll",#1	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\lK1DKi27B4.dll,start	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\lK1DKi27B4.dll",start	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\lK1DKi27B4.dll",#1	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\AppData\Local\Temp/tmpf193.dll,run C:\Users\user\Desktop\lK1DKi27B4.dll	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\AppData\Local\Temp/tmpf193.dll,run C:\Users\user\Desktop\lK1DKi27B4.dll	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\AppData\Local\Temp/tmpf193.dll,run C:\Users\user\Desktop\lK1DKi27B4.dll	Jump to behavior

Source: C:\Windows\System32\loaddll64.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Section loaded: kernel.appcore.dll	Jump to behavior

Source: lK1DKi27B4.dll

Static PE information: Image base 0x180000000 > 0x60000000

Source: lK1DKi27B4.dll

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT

Source: lK1DKi27B4.dll	Static PE information: real checksum: 0xefc6 should be: 0x1e064
Source: tmpf193.dll.3.dr	Static PE information: real checksum: 0x7024 should be: 0x7b45

Source: C:\Windows\System32\rundll32.exe

File created: C:\Users\user\AppData\Local\Temp\tmpf193.dll

Jump to dropped file

Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX

Source: C:\Windows\System32\rundll32.exe	Thread delayed: delay time: 180000	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Thread delayed: delay time: 3600000	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Thread delayed: delay time: 14400000	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Thread delayed: delay time: 32400000	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Thread delayed: delay time: 57600000	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Thread delayed: delay time: 90000000	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Thread delayed: delay time: 180000	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Thread delayed: delay time: 3600000	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Thread delayed: delay time: 14400000	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Thread delayed: delay time: 32400000	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Thread delayed: delay time: 57600000	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Thread delayed: delay time: 90000000	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Thread delayed: delay time: 180000	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Thread delayed: delay time: 3600000	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Thread delayed: delay time: 14400000	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Thread delayed: delay time: 32400000	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Thread delayed: delay time: 57600000	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Thread delayed: delay time: 90000000	Jump to behavior

Source: C:\Windows\System32\rundll32.exe

Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\tmpf193.dll

Jump to dropped file

Source: C:\Windows\System32\loaddll64.exe TID: 6852	Thread sleep time: -120000s >= -30000s	Jump to behavior
Source: C:\Windows\System32\rundll32.exe TID: 7040	Thread sleep count: 48 > 30	Jump to behavior
Source: C:\Windows\System32\rundll32.exe TID: 7040	Thread sleep time: -8640000s >= -30000s	Jump to behavior
Source: C:\Windows\System32\rundll32.exe TID: 7040	Thread sleep time: -3600000s >= -30000s	Jump to behavior
Source: C:\Windows\System32\rundll32.exe TID: 7040	Thread sleep time: -14400000s >= -30000s	Jump to behavior
Source: C:\Windows\System32\rundll32.exe TID: 7040	Thread sleep time: -32400000s >= -30000s	Jump to behavior
Source: C:\Windows\System32\rundll32.exe TID: 7040	Thread sleep time: -57600000s >= -30000s	Jump to behavior
Source: C:\Windows\System32\rundll32.exe TID: 7040	Thread sleep time: -90000000s >= -30000s	Jump to behavior
Source: C:\Windows\System32\rundll32.exe TID: 7096	Thread sleep count: 48 > 30	Jump to behavior
Source: C:\Windows\System32\rundll32.exe TID: 7096	Thread sleep time: -8640000s >= -30000s	Jump to behavior
Source: C:\Windows\System32\rundll32.exe TID: 7096	Thread sleep time: -3600000s >= -30000s	Jump to behavior
Source: C:\Windows\System32\rundll32.exe TID: 7096	Thread sleep time: -14400000s >= -30000s	Jump to behavior
Source: C:\Windows\System32\rundll32.exe TID: 7096	Thread sleep time: -32400000s >= -30000s	Jump to behavior
Source: C:\Windows\System32\rundll32.exe TID: 7096	Thread sleep time: -57600000s >= -30000s	Jump to behavior
Source: C:\Windows\System32\rundll32.exe TID: 7096	Thread sleep time: -90000000s >= -30000s	Jump to behavior
Source: C:\Windows\System32\rundll32.exe TID: 6196	Thread sleep count: 48 > 30	Jump to behavior
Source: C:\Windows\System32\rundll32.exe TID: 6196	Thread sleep time: -8640000s >= -30000s	Jump to behavior
Source: C:\Windows\System32\rundll32.exe TID: 6196	Thread sleep time: -3600000s >= -30000s	Jump to behavior
Source: C:\Windows\System32\rundll32.exe TID: 6196	Thread sleep time: -14400000s >= -30000s	Jump to behavior
Source: C:\Windows\System32\rundll32.exe TID: 6196	Thread sleep time: -32400000s >= -30000s	Jump to behavior
Source: C:\Windows\System32\rundll32.exe TID: 6196	Thread sleep time: -57600000s >= -30000s	Jump to behavior
Source: C:\Windows\System32\rundll32.exe TID: 6196	Thread sleep time: -90000000s >= -30000s	Jump to behavior

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: C:\Windows\System32\loaddll64.exe	Thread delayed: delay time: 120000	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Thread delayed: delay time: 180000	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Thread delayed: delay time: 3600000	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Thread delayed: delay time: 14400000	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Thread delayed: delay time: 32400000	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Thread delayed: delay time: 57600000	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Thread delayed: delay time: 90000000	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Thread delayed: delay time: 180000	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Thread delayed: delay time: 3600000	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Thread delayed: delay time: 14400000	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Thread delayed: delay time: 32400000	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Thread delayed: delay time: 57600000	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Thread delayed: delay time: 90000000	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Thread delayed: delay time: 180000	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Thread delayed: delay time: 3600000	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Thread delayed: delay time: 14400000	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Thread delayed: delay time: 32400000	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Thread delayed: delay time: 57600000	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Thread delayed: delay time: 90000000	Jump to behavior

Source: rundll32.exe, 00000004.00000002.1735064178.000002013E718000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: rundll32.exe, 00000003.00000002.1735077118.000001F644E78000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllLL
Source: rundll32.exe, 00000005.00000002.1764661378.0000029C4AB78000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllpp

HIPS / PFW / Operating System Protection Evasion

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\System32\rundll32.exe	Network Connect: 5.252.177.228 443	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Network Connect: 85.239.52.252 443	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Network Connect: 80.87.206.189 443	Jump to behavior

Source: C:\Windows\System32\cmd.exe

Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\lK1DKi27B4.dll",#1

Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 DLL Side-Loading	111 Process Injection	1 Rundll32	OS Credential Dumping	11 Security Software Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	21 Virtualization/Sandbox Evasion	LSASS Memory	21 Virtualization/Sandbox Evasion	Remote Desktop Protocol	Data from Removable Media	1 Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	111 Process Injection	Security Account Manager	1 System Information Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Ingress Tool Transfer	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 DLL Side-Loading	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
lK1DKi27B4.dll	54%	ReversingLabs	Win64.Backdoor.Supper

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Local\Temp\tmpf193.dll	100%	Avira	TR/AVI.Agent.yfqhy
C:\Users\user\AppData\Local\Temp\tmpf193.dll	39%	ReversingLabs	Win64.Trojan.Generic

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
bg.microsoft.map.fastly.net	199.232.214.172	true	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
5.252.177.228	unknown	Moldova Republic of	39798	MIVOCLOUDMD	true
80.87.206.189	unknown	Russian Federation	34665	PINDC-ASRU	true
85.239.52.252	unknown	Russian Federation	134121	RAINBOW-HKRainbownetworklimitedHK	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1524003
Start date and time:	2024-10-02 14:01:23 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 2m 43s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	9
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	lK1DKi27B4.dll (renamed file extension from exe to dll, renamed because original name is a hash value)
Original Sample Name:	d908e4fef54e64e1e5d8a2a91851a2f5794a2ba625690e8e30911ca06f9d2b8b.exe
Detection:	MAL
Classification:	mal76.evad.winDLL@16/1@0/3
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 100% Number of executed functions: 9 Number of non-executed functions: 0
Cookbook Comments:	Stop behavior analysis, all processes terminated

Warnings

Excluded IPs from analysis (whitelisted): 4.245.163.56
Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, sls.update.microsoft.com, ctldl.windowsupdate.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: lK1DKi27B4.dll

Simulations

Behavior and APIs

Time	Type	Description
08:02:13	API Interceptor	162x Sleep call for process: rundll32.exe modified
08:02:16	API Interceptor	1x Sleep call for process: loaddll64.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
85.239.52.252	donbologniese.com_443_64s.exe	Get hash	malicious	CobaltStrike	Browse
85.239.52.252	donbologniese.com_443_64s.exe	Get hash	malicious	CobaltStrike	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
bg.microsoft.map.fastly.net	ZAMOWIEN.EXE.exe	Get hash	malicious	GuLoader	Browse	199.232.210.172
	7ffbfc130000.conhost2.dll.dll	Get hash	malicious	Unknown	Browse	199.232.214.172
	https://sportmansguilde.com/?https://www.office.com	Get hash	malicious	Unknown	Browse	199.232.210.172
	Axactor Microsoft - Introduksjonsm#U00f8te.msg	Get hash	malicious	EvilProxy	Browse	199.232.214.172
	http://Asm.alcateia.org	Get hash	malicious	HTMLPhisher	Browse	199.232.214.172
	https://cnrsys.com/.jhg/#annQ3bttQ3bd0T2vTau5kZR3wh07xdaiiR3whi-5kZankyH05d0TQ3bu	Get hash	malicious	HTMLPhisher	Browse	199.232.214.172
	Scan_doc_09_16_24_1120.exe	Get hash	malicious	ScreenConnect Tool	Browse	199.232.214.172
	E_BILL9926378035.exe	Get hash	malicious	ScreenConnect Tool	Browse	199.232.210.172
	https://maninhocontabilidade.com.br/pop/Webmail-iinet.zip	Get hash	malicious	HTMLPhisher	Browse	199.232.210.172
	E_BILL9926378035.exe	Get hash	malicious	ScreenConnect Tool	Browse	199.232.214.172

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
MIVOCLOUDMD	update.js	Get hash	malicious	NetSupport RAT	Browse	5.181.159.137
	MRSPBASd65554AB.dll.dll	Get hash	malicious	Unknown	Browse	94.158.245.136
	MRSPBASd65554AB.dll.dll	Get hash	malicious	Unknown	Browse	94.158.245.136
	Update.js	Get hash	malicious	NetSupport RAT	Browse	5.181.159.137
	ZWlwrTM9HK.exe	Get hash	malicious	Remcos	Browse	5.181.156.117
	Gez0dmj6yl.exe	Get hash	malicious	DCRat	Browse	94.158.244.70
	update.js	Get hash	malicious	NetSupport RAT	Browse	5.181.159.28
	17E503AEF3804C0513838FB4AE3E00F323B1260BF753D99DBF0AE415BA54DE11.exe	Get hash	malicious	Bdaejec, Raccoon	Browse	194.180.191.241
	updates.js	Get hash	malicious	NetSupport RAT	Browse	194.180.191.69
	updates.js	Get hash	malicious	NetSupport RAT	Browse	94.158.245.103
PINDC-ASRU	https://trstwalsecu.com/	Get hash	malicious	Unknown	Browse	91.215.85.16
	https://metamaskinf.com/	Get hash	malicious	Unknown	Browse	91.215.85.79
	http://mygovau-service.com/	Get hash	malicious	Unknown	Browse	91.215.85.79
	PO-001.exe	Get hash	malicious	FormBook	Browse	91.215.85.23
	PO #86637.exe	Get hash	malicious	FormBook	Browse	91.215.85.23
	https://91.215.85.55	Get hash	malicious	Unknown	Browse	91.215.85.55
	file.exe	Get hash	malicious	Phorpiex	Browse	194.93.26.70
	invoice.exe	Get hash	malicious	FormBook	Browse	91.215.85.23
	Purchase order.exe	Get hash	malicious	FormBook	Browse	91.215.85.23
	Remittance advice.exe	Get hash	malicious	FormBook	Browse	91.215.85.23
RAINBOW-HKRainbownetworklimitedHK	nPyo7vtpRl.dll	Get hash	malicious	Unknown	Browse	45.86.230.68
	rdl3kBqbTy.dll	Get hash	malicious	Unknown	Browse	45.86.230.68
	nPyo7vtpRl.dll	Get hash	malicious	Unknown	Browse	45.86.230.68
	rdl3kBqbTy.dll	Get hash	malicious	Unknown	Browse	45.86.230.68
	file.exe	Get hash	malicious	Unknown	Browse	85.239.52.241
	file.exe	Get hash	malicious	Unknown	Browse	85.239.52.241
	Havarti.dll	Get hash	malicious	Unknown	Browse	45.86.230.68
	https://www.izmailovo.ru/contacts/	Get hash	malicious	HTMLPhisher	Browse	45.92.176.235
	http://iskhelp.co.uk/rd/5IFNPS23345ktRZ2482qejogtfkrk1638BHXWAAYQYFQDJLF6525/368L16	Get hash	malicious	Unknown	Browse	85.239.34.168
	app.exe	Get hash	malicious	Unknown	Browse	85.239.53.219

JA3 Fingerprints

⊘No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Users\user\AppData\Local\Temp\tmpf193.dll	7ffbfc130000.conhost2.dll.dll	Get hash	malicious	Unknown	Browse
	nPyo7vtpRl.dll	Get hash	malicious	Unknown	Browse
	rdl3kBqbTy.dll	Get hash	malicious	Unknown	Browse
	nPyo7vtpRl.dll	Get hash	malicious	Unknown	Browse
	rdl3kBqbTy.dll	Get hash	malicious	Unknown	Browse
	7ff6c1d70000.xxtlz.exe	Get hash	malicious	Unknown	Browse
	VOqg4bXfFS.dll	Get hash	malicious	Unknown	Browse
	tZlDJKdfV6.dll	Get hash	malicious	Unknown	Browse
	Y1kJT9dEK1.dll	Get hash	malicious	Unknown	Browse
	Havarti.dll	Get hash	malicious	Unknown	Browse

Created / dropped Files

C:\Users\user\AppData\Local\Temp\tmpf193.dll

Download File

Process:	C:\Windows\System32\rundll32.exe
File Type:	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	2560
Entropy (8bit):	1.257085001705468
Encrypted:	false
SSDEEP:	12:etGSGQwU8O0ay2Y8qS6gK/H/ffk6Om2BXp:etGScU8O0ay2vqS6p/H/QvBXp
MD5:	634A9AF8D3F2FA0D38820D577FB0FBEB
SHA1:	CD6E84A3C4F81FC9DF8B82449DB8B2E87130E3FD
SHA-256:	C9920E995FBC98CD3883EF4C4520300D5E82BAB5D2A5C781E9E9FE694A43E82F
SHA-512:	ABCA2E016FF5A53395F95BA75C96F5BFA102086E92A8E2647BD2584A75E4A81A59596848D1ABFAB8E37981A6ADB021A35074D4DC99868CC30C9C4E2A4666C50A
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: ReversingLabs, Detection: 39%
Joe Sandbox View:	Filename: 7ffbfc130000.conhost2.dll.dll, Detection: malicious, Browse Filename: nPyo7vtpRl.dll, Detection: malicious, Browse Filename: rdl3kBqbTy.dll, Detection: malicious, Browse Filename: nPyo7vtpRl.dll, Detection: malicious, Browse Filename: rdl3kBqbTy.dll, Detection: malicious, Browse Filename: 7ff6c1d70000.xxtlz.exe, Detection: malicious, Browse Filename: VOqg4bXfFS.dll, Detection: malicious, Browse Filename: tZlDJKdfV6.dll, Detection: malicious, Browse Filename: Y1kJT9dEK1.dll, Detection: malicious, Browse Filename: Havarti.dll, Detection: malicious, Browse
Reputation:	moderate, very likely benign file
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....f....r.....&"...(.....................................................@......$p....`... ...................................... ..?....0......................................................................................`0.. ............................text...p........................... ..`.edata..?.... ......................@..@.idata.......0......................@...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32+ executable (DLL) (GUI) x86-64 (stripped to external PDB), for MS Windows
Entropy (8bit):	1.3730080047022892
TrID:	Win64 Dynamic Link Library (generic) (102004/3) 86.43% Win64 Executable (generic) (12005/4) 10.17% Generic Win/DOS Executable (2004/3) 1.70% DOS Executable Generic (2002/1) 1.70% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.01%
File name:	lK1DKi27B4.dll
File size:	89'984 bytes
MD5:	0246f502105fb05afbebb9901642cba0
SHA1:	aadccd1ad344910c4cf83845eff287193c61cb08
SHA256:	d908e4fef54e64e1e5d8a2a91851a2f5794a2ba625690e8e30911ca06f9d2b8b
SHA512:	8e95d1065ed683b671ff8e5835f6d832027594c7eaafdfd5ef5c3d26ed01e500db0512096caf6c714791a53ba739bf942490c83261f2f24076850ac011f5dd57
SSDEEP:	384:gWXQWPQUtdK3TQYIyTjWLH2CekEbZykA2nKTb8dEwEsH:g3dyL3ej1n/KTQqdsH
TLSH:	2C93A862F261C8ADC52BF3F196C762B275F439590728396F4391A5F83F2993D1B34920
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...'..f.N........&"...(.0..........@9....................................................`... ............................

File Icon


Icon Hash:	7ae282899bbab082

Static PE Info

General

Entrypoint:	0x180003940
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x180000000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LARGE_ADDRESS_AWARE, DEBUG_STRIPPED, DLL
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT
Time Stamp:	0x66868227 [Thu Jul 4 11:06:15 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	6a1060e817f2dd8e2db1b1d07029ac5c

Entrypoint Preview

Instruction
push ebp
dec eax
mov ebp, esp
dec eax
sub esp, 20h
dec eax
mov dword ptr [ebp+10h], ecx
mov dword ptr [ebp+18h], edx
dec esp
mov dword ptr [ebp+20h], eax
cmp dword ptr [ebp+18h], 03h
jnbe 00007F67D092D803h
cmp dword ptr [ebp+18h], 02h
jnc 00007F67D092D7FCh
cmp dword ptr [ebp+18h], 00000000h
je 00007F67D092D7F6h
cmp dword ptr [ebp+18h], 01h
jne 00007F67D092D7F1h
mov ecx, 00000000h
call 00007F67D092DC40h
mov ecx, eax
call 00007F67D092DC29h
dec eax
mov eax, dword ptr [ebp+10h]
dec eax
mov dword ptr [000226C1h], eax
jmp 00007F67D092D7D3h
nop
mov eax, 00000001h
dec eax
add esp, 20h
pop ebp
ret
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
push ebp
dec eax
sub esp, 00000240h
dec eax
lea ebp, dword ptr [esp+00000080h]
dec eax
mov dword ptr [ebp+000001D0h], ecx
dec eax
mov dword ptr [ebp+000001D8h], edx
inc esp
mov dword ptr [ebp+000001E0h], eax
dec esp
mov dword ptr [ebp+000001E8h], ecx
dec eax
cmp dword ptr [ebp+000001D0h], FFFFFFFFh
jne 00007F67D092D7DCh
mov eax, FFFFFFFFh
jmp 00007F67D092D8B3h
mov dword ptr [ebp-50h], 00000000h
mov dword ptr [ebp+000001BCh], 00000000h
jmp 00007F67D092D7EDh
mov eax, dword ptr [ebp+000001BCh]
dec eax
mov eax, dword ptr [ebp+eax*8-48h]
dec eax
cmp dword ptr [ebp+000001D0h], eax
je 00007F67D092D7E4h

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x27000	0x42	.edata
IMAGE_DIRECTORY_ENTRY_IMPORT	0x28000	0x850	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x29000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x28250	0x1d8	.idata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x2f50	0x3000	37f8eecfe39194401dbac3a7c1c56c10	False	0.4117838541666667	data	5.457968090728284	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.data	0x4000	0xa00	0xa00	634a9af8d3f2fa0d38820d577fb0fbeb	False	0.1640625	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows	1.2570850017054678	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rdata	0x5000	0x110	0x200	0e32780154d4a86e51e0a0301cf96fc7	False	0.36328125	data	3.2847442780382976	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.bss	0x6000	0x20050	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.edata	0x27000	0x42	0x200	fa3c406df5eb87a4ea8cde5cd404d450	False	0.123046875	data	0.6992317266973137	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.idata	0x28000	0x850	0xa00	292e0dbff605f6a37700d204af178cef	False	0.3140625	data	3.7572216558531455	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.reloc	0x29000	0xc	0x200	f31f27cadb3c557842599b1db61e752c	False	0.041015625	data	0.06116285224115448	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Imports

DLL	Import
ADVAPI32.dll	GetSidSubAuthority, GetSidSubAuthorityCount, GetTokenInformation, OpenProcessToken
KERNEL32.dll	CloseHandle, CreateMutexA, CreatePipe, CreateProcessA, GetComputerNameA, GetCurrentProcess, GetExitCodeProcess, GetFileSize, GetModuleFileNameA, GetVersionExA, ReadFile, ReleaseMutex, SetHandleInformation, Sleep, TerminateProcess, VerSetConditionMask, VerifyVersionInfoA, WaitForSingleObject, WriteFile
msvcrt.dll	_beginthread, exit, fclose, fopen, free, fwrite, getenv, malloc, memcpy, memset, rand, sprintf, srand, wcstombs, _time64
NETAPI32.dll	NetApiBufferFree, NetGetJoinInformation
WS2_32.dll	WSAStartup, __WSAFDIsSet, closesocket, connect, freeaddrinfo, getaddrinfo, htons, inet_addr, inet_ntop, ntohs, recv, select, send, socket

Exports

Name	Ordinal	Address
start	1	0x1800037e0

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 2, 2024 14:02:13.988980055 CEST	49730	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:13.989017963 CEST	443	49730	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:13.989109993 CEST	49730	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:13.995409012 CEST	49730	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:13.995423079 CEST	443	49730	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:13.995568991 CEST	443	49730	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:13.998209953 CEST	49731	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:13.998306036 CEST	443	49731	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:13.998411894 CEST	49731	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:14.000088930 CEST	49731	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:14.000128984 CEST	443	49731	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:14.000174999 CEST	443	49731	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:14.108732939 CEST	49732	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:14.108778954 CEST	49733	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:14.108805895 CEST	443	49732	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:14.108877897 CEST	49732	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:14.108879089 CEST	443	49733	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:14.108947992 CEST	49733	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:14.110239029 CEST	49733	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:14.110275030 CEST	49732	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:14.110282898 CEST	443	49733	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:14.110308886 CEST	443	49732	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:14.110333920 CEST	443	49733	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:14.110419035 CEST	443	49732	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:14.248013973 CEST	49735	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:14.248017073 CEST	49734	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:14.248096943 CEST	443	49735	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:14.248132944 CEST	443	49734	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:14.248183012 CEST	49735	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:14.248209000 CEST	49734	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:14.249057055 CEST	49735	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:14.249062061 CEST	49734	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:14.249093056 CEST	443	49735	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:14.249099016 CEST	443	49734	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:14.249205112 CEST	443	49735	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:14.249233961 CEST	443	49734	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:14.358747959 CEST	49737	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:14.358755112 CEST	49736	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:14.358772039 CEST	443	49737	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:14.358820915 CEST	443	49736	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:14.358846903 CEST	49737	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:14.358880997 CEST	49736	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:14.359483957 CEST	49737	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:14.359503984 CEST	443	49737	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:14.359580994 CEST	443	49737	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:14.359586954 CEST	49736	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:14.359626055 CEST	443	49736	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:14.359684944 CEST	443	49736	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:14.468097925 CEST	49738	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:14.468139887 CEST	443	49738	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:14.468138933 CEST	49739	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:14.468213081 CEST	443	49739	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:14.468249083 CEST	49738	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:14.468277931 CEST	49739	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:14.468869925 CEST	49739	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:14.468879938 CEST	49738	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:14.468897104 CEST	443	49738	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:14.468905926 CEST	443	49739	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:14.468976021 CEST	443	49738	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:14.469018936 CEST	443	49739	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:14.582953930 CEST	49740	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:14.583036900 CEST	443	49740	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:14.583065987 CEST	49741	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:14.583100080 CEST	443	49741	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:14.583122969 CEST	49740	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:14.583144903 CEST	49741	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:14.584002018 CEST	49741	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:14.584017992 CEST	443	49741	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:14.584069014 CEST	443	49741	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:14.584120035 CEST	49740	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:14.584155083 CEST	443	49740	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:14.584238052 CEST	443	49740	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:14.686849117 CEST	49742	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:14.686866999 CEST	49743	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:14.686873913 CEST	443	49742	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:14.686903000 CEST	443	49743	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:14.686935902 CEST	49742	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:14.686999083 CEST	49743	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:14.687549114 CEST	49742	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:14.687558889 CEST	443	49742	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:14.687576056 CEST	49743	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:14.687660933 CEST	443	49743	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:14.687666893 CEST	443	49742	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:14.687693119 CEST	443	49743	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:14.796124935 CEST	49744	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:14.796161890 CEST	443	49744	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:14.796215057 CEST	49744	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:14.796304941 CEST	49745	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:14.796408892 CEST	443	49745	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:14.796489000 CEST	49745	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:14.796664000 CEST	49744	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:14.796680927 CEST	443	49744	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:14.796726942 CEST	443	49744	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:14.797224045 CEST	49745	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:14.797266960 CEST	443	49745	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:14.797297955 CEST	443	49745	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:14.905606031 CEST	49746	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:14.905684948 CEST	443	49746	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:14.905752897 CEST	49746	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:14.905874968 CEST	49747	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:14.905976057 CEST	443	49747	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:14.906066895 CEST	49747	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:14.911304951 CEST	49746	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:14.911339998 CEST	443	49746	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:14.911370039 CEST	443	49746	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:14.912245035 CEST	49747	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:14.912286043 CEST	443	49747	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:14.912317991 CEST	443	49747	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:15.015146971 CEST	49748	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:15.015163898 CEST	49749	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:15.015191078 CEST	443	49748	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:15.015279055 CEST	443	49749	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:15.015326023 CEST	49748	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:15.015362978 CEST	49749	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:15.016052961 CEST	49749	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:15.016098976 CEST	443	49749	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:15.016134024 CEST	443	49749	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:15.016238928 CEST	49748	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:15.016251087 CEST	443	49748	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:15.016355038 CEST	443	49748	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:15.124669075 CEST	49750	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:15.124747992 CEST	443	49750	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:15.124820948 CEST	49750	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:15.125093937 CEST	49751	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:15.125191927 CEST	443	49751	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:15.125263929 CEST	49751	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:15.126720905 CEST	49750	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:15.126754999 CEST	443	49750	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:15.126827955 CEST	443	49750	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:15.127249956 CEST	49751	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:15.127290964 CEST	443	49751	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:15.127326012 CEST	443	49751	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:15.272308111 CEST	49752	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:15.272350073 CEST	443	49752	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:15.272406101 CEST	49752	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:15.272694111 CEST	49753	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:15.272732019 CEST	443	49753	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:15.272787094 CEST	49753	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:15.273823023 CEST	49752	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:15.273842096 CEST	443	49752	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:15.273921967 CEST	443	49752	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:15.274460077 CEST	49753	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:15.274488926 CEST	443	49753	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:15.274569035 CEST	443	49753	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:15.390249968 CEST	49754	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:15.390341043 CEST	443	49754	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:15.390342951 CEST	49755	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:15.390399933 CEST	443	49755	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:15.390429020 CEST	49754	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:15.390445948 CEST	49755	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:15.391942978 CEST	49754	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:15.391979933 CEST	443	49754	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:15.392095089 CEST	443	49754	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:15.392118931 CEST	49755	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:15.392138958 CEST	443	49755	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:15.392196894 CEST	443	49755	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:15.499573946 CEST	49756	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:15.499633074 CEST	443	49756	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:15.499707937 CEST	49756	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:15.500029087 CEST	49757	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:15.500123024 CEST	443	49757	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:15.500194073 CEST	49757	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:15.501094103 CEST	49756	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:15.501111031 CEST	443	49756	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:15.501230001 CEST	443	49756	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:15.501547098 CEST	49757	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:15.501583099 CEST	443	49757	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:15.501640081 CEST	443	49757	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:15.612538099 CEST	49758	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:15.612607002 CEST	443	49758	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:15.612696886 CEST	49758	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:15.615868092 CEST	49759	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:15.615916014 CEST	443	49759	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:15.615967989 CEST	49759	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:15.622816086 CEST	49758	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:15.622845888 CEST	443	49758	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:15.622957945 CEST	443	49758	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:15.628026009 CEST	49759	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:15.628074884 CEST	443	49759	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:15.628134012 CEST	443	49759	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:15.736188889 CEST	49760	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:15.736242056 CEST	443	49760	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:15.736311913 CEST	49760	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:15.736593008 CEST	49761	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:15.736681938 CEST	443	49761	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:15.736757040 CEST	49761	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:15.756129026 CEST	49760	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:15.756148100 CEST	443	49760	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:15.756253958 CEST	443	49760	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:15.756700993 CEST	49761	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:15.756781101 CEST	443	49761	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:15.757006884 CEST	443	49761	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:15.859030008 CEST	49762	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:15.859072924 CEST	443	49762	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:15.859143972 CEST	49762	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:15.861088037 CEST	49763	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:15.861155987 CEST	443	49763	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:15.861221075 CEST	49763	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:15.862011909 CEST	49763	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:15.862042904 CEST	443	49763	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:15.862164021 CEST	443	49763	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:15.862715006 CEST	49762	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:15.862741947 CEST	443	49762	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:15.862847090 CEST	443	49762	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:15.993990898 CEST	49764	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:15.994048119 CEST	443	49764	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:15.994117975 CEST	49764	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:15.994394064 CEST	49765	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:15.994488955 CEST	443	49765	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:15.994555950 CEST	49765	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:16.010574102 CEST	49764	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:16.010593891 CEST	443	49764	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:16.010858059 CEST	443	49764	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:16.011307001 CEST	49765	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:16.011385918 CEST	443	49765	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:16.011503935 CEST	443	49765	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:16.126410961 CEST	49766	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:16.126491070 CEST	443	49766	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:16.126518965 CEST	49767	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:16.126549959 CEST	443	49767	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:16.126579046 CEST	49766	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:16.126589060 CEST	49767	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:16.130131006 CEST	49766	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:16.130172014 CEST	443	49766	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:16.130294085 CEST	443	49766	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:16.133582115 CEST	49767	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:16.133594990 CEST	443	49767	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:16.133704901 CEST	443	49767	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:16.233730078 CEST	49768	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:16.233766079 CEST	443	49768	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:16.233843088 CEST	49768	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:16.234404087 CEST	49768	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:16.234414101 CEST	443	49768	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:16.234519005 CEST	443	49768	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:16.249285936 CEST	49769	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:16.249382019 CEST	443	49769	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:16.249480963 CEST	49769	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:16.249901056 CEST	49769	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:16.249941111 CEST	443	49769	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:16.249983072 CEST	443	49769	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:16.343283892 CEST	49770	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:16.343326092 CEST	443	49770	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:16.343416929 CEST	49770	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:16.344394922 CEST	49770	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:16.344413996 CEST	443	49770	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:16.344520092 CEST	443	49770	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:16.358732939 CEST	49771	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:16.358781099 CEST	443	49771	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:16.358846903 CEST	49771	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:16.359343052 CEST	49771	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:16.359363079 CEST	443	49771	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:16.359433889 CEST	443	49771	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:16.452445030 CEST	49772	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:16.452481985 CEST	443	49772	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:16.452549934 CEST	49772	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:16.453058958 CEST	49772	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:16.453073025 CEST	443	49772	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:16.453181982 CEST	443	49772	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:16.468141079 CEST	49773	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:16.468231916 CEST	443	49773	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:16.468311071 CEST	49773	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:16.468719959 CEST	49773	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:16.468755007 CEST	443	49773	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:16.468810081 CEST	443	49773	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:16.561917067 CEST	49774	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:16.562006950 CEST	443	49774	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:16.562093019 CEST	49774	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:16.562706947 CEST	49774	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:16.562741041 CEST	443	49774	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:16.562796116 CEST	443	49774	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:16.577440977 CEST	49775	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:16.577476025 CEST	443	49775	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:16.577544928 CEST	49775	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:16.578128099 CEST	49775	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:16.578146935 CEST	443	49775	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:16.578193903 CEST	443	49775	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:16.671391010 CEST	49776	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:16.671478987 CEST	443	49776	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:16.671574116 CEST	49776	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:16.672267914 CEST	49776	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:16.672307968 CEST	443	49776	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:16.672431946 CEST	443	49776	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:16.686805010 CEST	49777	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:16.686850071 CEST	443	49777	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:16.686913013 CEST	49777	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:16.687431097 CEST	49777	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:16.687442064 CEST	443	49777	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:16.687498093 CEST	443	49777	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:16.780548096 CEST	49778	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:16.780580044 CEST	443	49778	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:16.780635118 CEST	49778	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:16.781065941 CEST	49778	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:16.781081915 CEST	443	49778	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:16.781199932 CEST	443	49778	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:16.796134949 CEST	49779	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:16.796185017 CEST	443	49779	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:16.796251059 CEST	49779	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:16.796622992 CEST	49779	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:16.796648979 CEST	443	49779	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:16.796698093 CEST	443	49779	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:16.889905930 CEST	49780	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:16.890001059 CEST	443	49780	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:16.890104055 CEST	49780	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:16.890631914 CEST	49780	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:16.890671015 CEST	443	49780	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:16.890782118 CEST	443	49780	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:16.905498028 CEST	49781	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:16.905514002 CEST	443	49781	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:16.905874968 CEST	49781	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:16.906366110 CEST	49781	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:16.906375885 CEST	443	49781	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:16.906429052 CEST	443	49781	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:17.012861013 CEST	49782	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:17.012922049 CEST	443	49782	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:17.013025045 CEST	49782	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:17.014257908 CEST	49782	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:17.014273882 CEST	443	49782	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:17.014410973 CEST	443	49782	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:17.015052080 CEST	49783	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:17.015149117 CEST	443	49783	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:17.015315056 CEST	49783	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:17.015449047 CEST	49784	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:17.015496969 CEST	443	49784	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:17.015564919 CEST	49784	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:17.015825033 CEST	49783	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:17.015862942 CEST	443	49783	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:17.015912056 CEST	443	49783	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:17.016860008 CEST	49784	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:17.016884089 CEST	443	49784	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:17.017003059 CEST	443	49784	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:17.124254942 CEST	49785	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:17.124345064 CEST	443	49785	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:17.124375105 CEST	49786	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:17.124394894 CEST	443	49786	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:17.124423981 CEST	49785	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:17.124459982 CEST	49787	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:17.124485016 CEST	49786	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:17.124532938 CEST	443	49787	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:17.124949932 CEST	49786	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:17.124980927 CEST	49787	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:17.124984980 CEST	443	49786	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:17.125097036 CEST	443	49786	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:17.125552893 CEST	49785	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:17.125580072 CEST	443	49785	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:17.125653028 CEST	49787	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:17.125686884 CEST	443	49787	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:17.125689030 CEST	443	49785	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:17.125741005 CEST	443	49787	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:17.233782053 CEST	49788	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:17.233876944 CEST	443	49788	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:17.233966112 CEST	49789	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:17.233966112 CEST	49790	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:17.233968973 CEST	49788	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:17.234003067 CEST	443	49789	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:17.234018087 CEST	443	49790	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:17.234076023 CEST	49789	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:17.234400988 CEST	49790	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:17.234543085 CEST	49788	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:17.234555960 CEST	49789	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:17.234569073 CEST	443	49789	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:17.234580040 CEST	443	49788	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:17.234675884 CEST	443	49788	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:17.234724998 CEST	443	49789	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:17.234875917 CEST	49790	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:17.234885931 CEST	443	49790	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:17.234911919 CEST	443	49790	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:17.343230009 CEST	49791	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:17.343317032 CEST	443	49791	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:17.343333960 CEST	49793	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:17.343339920 CEST	49792	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:17.343362093 CEST	443	49793	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:17.343380928 CEST	443	49792	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:17.343425989 CEST	49793	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:17.343434095 CEST	49791	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:17.343440056 CEST	49792	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:17.344460011 CEST	49791	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:17.344496965 CEST	443	49791	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:17.344538927 CEST	49793	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:17.344547987 CEST	443	49791	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:17.344564915 CEST	443	49793	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:17.344670057 CEST	443	49793	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:17.344810963 CEST	49792	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:17.344825983 CEST	443	49792	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:17.344944000 CEST	443	49792	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:17.452511072 CEST	49795	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:17.452543020 CEST	443	49795	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:17.452578068 CEST	49794	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:17.452622890 CEST	443	49794	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:17.452629089 CEST	49796	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:17.452651978 CEST	443	49796	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:17.452673912 CEST	49795	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:17.452712059 CEST	49794	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:17.452822924 CEST	49796	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:17.453303099 CEST	49795	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:17.453315020 CEST	443	49795	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:17.453341007 CEST	49794	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:17.453380108 CEST	443	49794	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:17.453394890 CEST	443	49795	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:17.453485966 CEST	443	49794	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:17.453615904 CEST	49796	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:17.453625917 CEST	443	49796	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:17.453670979 CEST	443	49796	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:17.561920881 CEST	49798	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:17.561973095 CEST	443	49798	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:17.562005997 CEST	49797	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:17.562026024 CEST	49799	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:17.562040091 CEST	49798	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:17.562093973 CEST	443	49797	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:17.562117100 CEST	443	49799	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:17.562169075 CEST	49797	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:17.562186956 CEST	49799	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:17.562694073 CEST	49798	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:17.562722921 CEST	443	49798	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:17.562796116 CEST	443	49798	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:17.563041925 CEST	49797	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:17.563079119 CEST	443	49797	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:17.563189983 CEST	443	49797	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:17.563421011 CEST	49799	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:17.563462019 CEST	443	49799	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:17.563493967 CEST	443	49799	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:17.673929930 CEST	49800	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:17.674021959 CEST	443	49800	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:17.674120903 CEST	49800	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:17.674514055 CEST	49801	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:17.674556017 CEST	443	49801	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:17.674612999 CEST	49801	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:17.675348997 CEST	49802	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:17.675379992 CEST	443	49802	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:17.675677061 CEST	49802	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:17.688251019 CEST	49800	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:17.688287973 CEST	443	49800	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:17.688309908 CEST	49801	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:17.688332081 CEST	443	49801	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:17.688338995 CEST	443	49800	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:17.688384056 CEST	443	49801	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:17.689537048 CEST	49802	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:17.689558983 CEST	443	49802	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:17.689589977 CEST	443	49802	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:17.796304941 CEST	49803	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:17.796349049 CEST	443	49803	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:17.796408892 CEST	49805	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:17.796432018 CEST	49804	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:17.796439886 CEST	443	49805	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:17.796463966 CEST	49803	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:17.796483994 CEST	443	49804	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:17.796497107 CEST	49805	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:17.796561003 CEST	49804	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:17.797425032 CEST	49803	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:17.797435045 CEST	443	49803	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:17.797461033 CEST	49805	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:17.797472000 CEST	443	49805	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:17.797509909 CEST	443	49805	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:17.797826052 CEST	49804	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:17.797842026 CEST	443	49804	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:17.797884941 CEST	443	49804	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:17.798137903 CEST	443	49803	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:17.905744076 CEST	49806	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:17.905839920 CEST	443	49806	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:17.905941010 CEST	49808	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:17.905967951 CEST	443	49808	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:17.905992031 CEST	49806	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:17.906095982 CEST	49808	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:17.906147003 CEST	49807	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:17.906203032 CEST	443	49807	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:17.906251907 CEST	49807	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:17.906675100 CEST	49808	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:17.906707048 CEST	443	49808	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:17.906819105 CEST	443	49808	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:17.907017946 CEST	49806	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:17.907042027 CEST	443	49806	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:17.907080889 CEST	443	49806	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:17.907136917 CEST	49807	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:17.907152891 CEST	443	49807	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:17.907188892 CEST	443	49807	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:18.015233040 CEST	49809	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:18.015289068 CEST	443	49809	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:18.015369892 CEST	49809	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:18.015952110 CEST	49810	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:18.015991926 CEST	49811	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:18.016041040 CEST	443	49811	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:18.016047001 CEST	443	49810	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:18.016098022 CEST	49811	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:18.016138077 CEST	49810	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:18.017273903 CEST	49809	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:18.017296076 CEST	443	49809	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:18.017415047 CEST	443	49809	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:18.017988920 CEST	49811	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:18.018003941 CEST	443	49811	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:18.018050909 CEST	443	49811	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:18.019061089 CEST	49810	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:18.019094944 CEST	443	49810	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:18.019134998 CEST	443	49810	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:18.124501944 CEST	49812	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:18.124588966 CEST	443	49812	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:18.124695063 CEST	49812	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:18.125449896 CEST	49812	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:18.125487089 CEST	443	49812	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:18.125576973 CEST	443	49812	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:18.234359026 CEST	49813	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:18.234404087 CEST	443	49813	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:18.234477043 CEST	49813	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:18.243129015 CEST	49814	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:18.243175983 CEST	443	49814	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:18.243244886 CEST	49814	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:18.243525982 CEST	49815	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:18.243556976 CEST	443	49815	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:18.243626118 CEST	49815	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:18.244496107 CEST	49813	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:18.244515896 CEST	443	49813	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:18.244627953 CEST	443	49813	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:18.245367050 CEST	49814	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:18.245381117 CEST	443	49814	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:18.245426893 CEST	443	49814	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:18.246028900 CEST	49815	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:18.246049881 CEST	443	49815	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:18.246093035 CEST	443	49815	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:18.359035015 CEST	49816	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:18.359092951 CEST	443	49816	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:18.359159946 CEST	49816	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:18.359810114 CEST	49817	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:18.359846115 CEST	443	49817	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:18.359891891 CEST	49817	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:18.360331059 CEST	49818	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:18.360398054 CEST	443	49818	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:18.360460997 CEST	49818	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:18.364763975 CEST	49816	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:18.364782095 CEST	443	49816	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:18.364870071 CEST	443	49816	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:18.365534067 CEST	49817	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:18.365550041 CEST	443	49817	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:18.365616083 CEST	443	49817	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:18.366548061 CEST	49818	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:18.366580009 CEST	443	49818	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:18.366621017 CEST	443	49818	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:18.476676941 CEST	49819	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:18.476743937 CEST	443	49819	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:18.476818085 CEST	49819	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:18.545483112 CEST	49820	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:18.545566082 CEST	443	49820	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:18.545651913 CEST	49820	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:18.545913935 CEST	49821	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:18.545955896 CEST	443	49821	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:18.545999050 CEST	49821	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:18.547722101 CEST	49819	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:18.547766924 CEST	443	49819	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:18.547816038 CEST	443	49819	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:18.548650026 CEST	49820	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:18.548682928 CEST	443	49820	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:18.548739910 CEST	443	49820	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:18.549211979 CEST	49821	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:18.549226046 CEST	443	49821	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:18.549249887 CEST	443	49821	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:18.659889936 CEST	49822	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:18.659934044 CEST	443	49822	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:18.660032988 CEST	49822	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:18.667195082 CEST	49822	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:18.667212009 CEST	443	49822	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:18.667304993 CEST	443	49822	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:18.767072916 CEST	49823	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:18.767168999 CEST	443	49823	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:18.767225981 CEST	49824	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:18.767246008 CEST	443	49824	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:18.767271996 CEST	49823	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:18.767334938 CEST	49824	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:18.767940998 CEST	49823	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:18.767976046 CEST	443	49823	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:18.768024921 CEST	443	49823	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:18.773474932 CEST	49824	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:18.773526907 CEST	443	49824	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:18.773653030 CEST	443	49824	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:18.780723095 CEST	49825	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:18.780802011 CEST	443	49825	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:18.780874968 CEST	49825	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:18.781729937 CEST	49825	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:18.781769037 CEST	443	49825	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:18.781795979 CEST	443	49825	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:18.875375032 CEST	49826	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:18.875449896 CEST	443	49826	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:18.875564098 CEST	49826	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:18.896231890 CEST	49827	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:18.896321058 CEST	443	49827	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:18.896409035 CEST	49827	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:18.896596909 CEST	49828	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:18.896644115 CEST	443	49828	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:18.896787882 CEST	49828	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:19.017666101 CEST	49826	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:19.017710924 CEST	443	49826	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:19.017781019 CEST	443	49826	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:19.018668890 CEST	49827	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:19.018716097 CEST	443	49827	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:19.018878937 CEST	443	49827	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:19.019176006 CEST	49828	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:19.019217014 CEST	443	49828	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:19.019273996 CEST	443	49828	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:19.124918938 CEST	49829	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:19.124991894 CEST	443	49829	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:19.125056028 CEST	49829	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:19.125488043 CEST	49830	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:19.125497103 CEST	443	49830	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:19.125571966 CEST	49830	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:19.126194000 CEST	49831	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:19.126269102 CEST	443	49831	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:19.126411915 CEST	49831	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:19.133898973 CEST	49829	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:19.133924961 CEST	443	49829	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:19.133938074 CEST	49830	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:19.133946896 CEST	443	49830	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:19.134006977 CEST	443	49829	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:19.134018898 CEST	443	49830	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:19.134345055 CEST	49831	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:19.134397030 CEST	443	49831	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:19.134438992 CEST	443	49831	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:19.249458075 CEST	49832	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:19.249526978 CEST	443	49832	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:19.249603033 CEST	49832	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:19.250499010 CEST	49832	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:19.250514030 CEST	443	49832	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:19.250571966 CEST	443	49832	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:19.358815908 CEST	49834	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:19.358820915 CEST	49833	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:19.358865023 CEST	443	49834	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:19.358870029 CEST	443	49833	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:19.358954906 CEST	49834	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:19.358958960 CEST	49833	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:19.359499931 CEST	49835	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:19.359534979 CEST	443	49835	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:19.359754086 CEST	49835	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:19.359956980 CEST	49834	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:19.359972000 CEST	443	49834	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:19.360019922 CEST	443	49834	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:19.360333920 CEST	49835	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:19.360335112 CEST	49833	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:19.360344887 CEST	443	49835	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:19.360349894 CEST	443	49833	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:19.360382080 CEST	443	49835	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:19.360434055 CEST	443	49833	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:19.468327999 CEST	49836	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:19.468394041 CEST	443	49836	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:19.468482971 CEST	49836	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:19.468671083 CEST	49837	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:19.468720913 CEST	443	49837	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:19.468770981 CEST	49837	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:19.468890905 CEST	49838	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:19.468928099 CEST	443	49838	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:19.468988895 CEST	49838	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:19.469496965 CEST	49836	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:19.469513893 CEST	443	49836	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:19.469559908 CEST	49837	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:19.469572067 CEST	443	49837	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:19.469587088 CEST	443	49836	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:19.469760895 CEST	443	49837	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:19.470010996 CEST	49838	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:19.470024109 CEST	443	49838	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:19.470066071 CEST	443	49838	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:19.577696085 CEST	49840	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:19.577702045 CEST	49839	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:19.577775002 CEST	443	49840	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:19.577790976 CEST	443	49839	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:19.577789068 CEST	49841	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:19.577861071 CEST	443	49841	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:19.577891111 CEST	49840	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:19.577925920 CEST	49841	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:19.578039885 CEST	49839	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:19.578689098 CEST	49840	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:19.578758955 CEST	49839	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:19.578759909 CEST	443	49840	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:19.578811884 CEST	443	49839	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:19.578821898 CEST	443	49840	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:19.578855038 CEST	443	49839	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:19.578938007 CEST	49841	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:19.578970909 CEST	443	49841	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:19.579063892 CEST	443	49841	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:19.686861038 CEST	49842	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:19.686908960 CEST	443	49842	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:19.686988115 CEST	49842	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:19.687678099 CEST	49842	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:19.687705040 CEST	443	49842	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:19.687747002 CEST	443	49842	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:19.796380043 CEST	49843	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:19.796427965 CEST	443	49843	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:19.796538115 CEST	49843	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:19.797008038 CEST	49844	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:19.797092915 CEST	443	49844	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:19.797158003 CEST	49844	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:19.797408104 CEST	49845	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:19.797463894 CEST	443	49845	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:19.797523022 CEST	49845	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:19.798095942 CEST	49843	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:19.798108101 CEST	443	49843	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:19.798152924 CEST	443	49843	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:19.798732042 CEST	49844	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:19.798768044 CEST	443	49844	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:19.798819065 CEST	443	49844	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:19.799199104 CEST	49845	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:19.799226999 CEST	443	49845	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:19.799269915 CEST	443	49845	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:19.905689955 CEST	49846	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:19.905694008 CEST	49847	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:19.905769110 CEST	443	49847	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:19.905772924 CEST	49848	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:19.905781031 CEST	443	49846	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:19.905808926 CEST	443	49848	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:19.905843973 CEST	49847	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:19.905888081 CEST	49846	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:19.905993938 CEST	49848	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:19.906610966 CEST	49846	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:19.906646013 CEST	443	49846	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:19.906696081 CEST	443	49846	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:19.906728029 CEST	49847	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:19.906764984 CEST	443	49847	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:19.906804085 CEST	443	49847	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:19.906932116 CEST	49848	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:19.906948090 CEST	443	49848	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:19.906977892 CEST	443	49848	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:20.015024900 CEST	49849	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:20.015064955 CEST	443	49849	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:20.015135050 CEST	49850	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:20.015140057 CEST	49849	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:20.015228987 CEST	443	49850	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:20.015233994 CEST	49851	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:20.015263081 CEST	443	49851	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:20.015299082 CEST	49850	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:20.015312910 CEST	49851	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:20.016016960 CEST	49850	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:20.016058922 CEST	443	49850	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:20.016125917 CEST	443	49850	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:20.016501904 CEST	49851	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:20.016515970 CEST	443	49851	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:20.016623020 CEST	443	49851	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:20.016829967 CEST	49849	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:20.016865969 CEST	443	49849	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:20.016896963 CEST	443	49849	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:20.124548912 CEST	49852	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:20.124622107 CEST	443	49852	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:20.124713898 CEST	49852	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:20.125436068 CEST	49852	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:20.125468969 CEST	443	49852	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:20.125519991 CEST	443	49852	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:20.233747959 CEST	49853	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:20.233845949 CEST	443	49853	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:20.233957052 CEST	49853	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:20.234802961 CEST	49853	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:20.234838963 CEST	443	49853	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:20.234891891 CEST	443	49853	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:20.343156099 CEST	49854	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:20.343245029 CEST	443	49854	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:20.343342066 CEST	49854	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:20.343944073 CEST	49854	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:20.343978882 CEST	443	49854	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:20.344038963 CEST	443	49854	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:20.452614069 CEST	49855	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:20.452660084 CEST	443	49855	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:20.452756882 CEST	49855	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:20.453484058 CEST	49855	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:20.453495026 CEST	443	49855	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:20.453550100 CEST	443	49855	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:20.561764956 CEST	49856	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:20.561781883 CEST	443	49856	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:20.561896086 CEST	49856	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:20.562335968 CEST	49856	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:20.562345028 CEST	443	49856	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:20.562391996 CEST	443	49856	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:20.671210051 CEST	49857	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:20.671292067 CEST	443	49857	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:20.671365976 CEST	49857	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:20.671783924 CEST	49857	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:20.671814919 CEST	443	49857	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:20.671854019 CEST	443	49857	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:20.780920029 CEST	49858	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:20.781022072 CEST	443	49858	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:20.782445908 CEST	49858	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:20.789191008 CEST	49858	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:20.789228916 CEST	443	49858	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:20.789287090 CEST	443	49858	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:20.890105963 CEST	49859	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:20.890137911 CEST	443	49859	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:20.890666008 CEST	49859	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:20.890885115 CEST	49859	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:20.890893936 CEST	443	49859	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:20.890950918 CEST	443	49859	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:20.999300003 CEST	49860	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:20.999412060 CEST	443	49860	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:20.999500036 CEST	49860	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:20.999944925 CEST	49860	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:20.999982119 CEST	443	49860	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:21.000037909 CEST	443	49860	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:21.108978033 CEST	49861	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:21.109076977 CEST	443	49861	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:21.109169006 CEST	49861	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:21.109683037 CEST	49861	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:21.109720945 CEST	443	49861	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:21.109807968 CEST	443	49861	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:21.328059912 CEST	49862	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:21.328109026 CEST	443	49862	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:21.329202890 CEST	49862	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:21.330076933 CEST	49862	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:21.330092907 CEST	443	49862	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:21.330163956 CEST	443	49862	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:21.501477957 CEST	49863	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:21.501540899 CEST	443	49863	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:21.501635075 CEST	49863	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:21.503266096 CEST	49863	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:21.503276110 CEST	443	49863	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:21.503448009 CEST	443	49863	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:21.609148026 CEST	49864	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:21.609231949 CEST	443	49864	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:21.609318972 CEST	49864	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:21.622739077 CEST	49864	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:21.622786999 CEST	443	49864	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:21.622845888 CEST	443	49864	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:21.857335091 CEST	49865	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:21.857434988 CEST	443	49865	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:21.857527018 CEST	49865	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:21.861370087 CEST	49865	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:21.861407042 CEST	443	49865	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:21.861526012 CEST	443	49865	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:21.971144915 CEST	49866	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:21.971240997 CEST	443	49866	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:21.971324921 CEST	49866	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:21.975065947 CEST	49866	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:21.975095987 CEST	443	49866	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:21.975155115 CEST	443	49866	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:22.077476978 CEST	49867	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:22.077517986 CEST	443	49867	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:22.077579975 CEST	49867	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:22.078161001 CEST	49867	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:22.078170061 CEST	443	49867	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:22.078221083 CEST	443	49867	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:22.296547890 CEST	49868	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:22.296587944 CEST	443	49868	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:22.296658039 CEST	49868	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:22.297807932 CEST	49868	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:22.297822952 CEST	443	49868	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:22.297955036 CEST	443	49868	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:22.405556917 CEST	49869	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:22.405617952 CEST	443	49869	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:22.405680895 CEST	49869	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:22.406517982 CEST	49869	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:22.406539917 CEST	443	49869	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:22.406662941 CEST	443	49869	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:22.515553951 CEST	49870	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:22.515592098 CEST	443	49870	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:22.515681028 CEST	49870	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:22.521119118 CEST	49870	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:22.521132946 CEST	443	49870	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:22.521224976 CEST	443	49870	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:22.733757973 CEST	49871	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:22.733803034 CEST	443	49871	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:22.734060049 CEST	49871	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:22.734535933 CEST	49871	443	192.168.2.4	5.252.177.228
Oct 2, 2024 14:02:22.734571934 CEST	443	49871	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:22.734631062 CEST	443	49871	5.252.177.228	192.168.2.4
Oct 2, 2024 14:02:22.843053102 CEST	49872	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:22.843091011 CEST	443	49872	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:22.843154907 CEST	49872	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:22.843693972 CEST	49872	443	192.168.2.4	80.87.206.189
Oct 2, 2024 14:02:22.843707085 CEST	443	49872	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:22.843817949 CEST	443	49872	80.87.206.189	192.168.2.4
Oct 2, 2024 14:02:22.952404976 CEST	49873	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:22.952429056 CEST	443	49873	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:22.952493906 CEST	49873	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:22.953083992 CEST	49873	443	192.168.2.4	85.239.52.252
Oct 2, 2024 14:02:22.953095913 CEST	443	49873	85.239.52.252	192.168.2.4
Oct 2, 2024 14:02:22.953207016 CEST	443	49873	85.239.52.252	192.168.2.4

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 2, 2024 14:02:31.782955885 CEST	1.1.1.1	192.168.2.4	0x93c0	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Oct 2, 2024 14:02:31.782955885 CEST	1.1.1.1	192.168.2.4	0x93c0	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: loaddll64.exePID: 6856, Parent PID: 2580

General

Target ID:	0
Start time:	08:02:13
Start date:	02/10/2024
Path:	C:\Windows\System32\loaddll64.exe
Wow64 process (32bit):	false
Commandline:	loaddll64.exe "C:\Users\user\Desktop\lK1DKi27B4.dll"
Imagebase:	0x7ff75cf40000
File size:	165'888 bytes
MD5 hash:	763455F9DCB24DFEECC2B9D9F8D46D52
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: conhost.exePID: 6876, Parent PID: 6856

General

Target ID:	1
Start time:	08:02:13
Start date:	02/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: cmd.exePID: 6992, Parent PID: 6856

General

Target ID:	2
Start time:	08:02:13
Start date:	02/10/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	cmd.exe /C rundll32.exe "C:\Users\user\Desktop\lK1DKi27B4.dll",#1
Imagebase:	0x7ff6cf750000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: rundll32.exePID: 7020, Parent PID: 6856

General

Target ID:	3
Start time:	08:02:13
Start date:	02/10/2024
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	rundll32.exe C:\Users\user\Desktop\lK1DKi27B4.dll,start
Imagebase:	0x7ff6b9870000
File size:	71'680 bytes
MD5 hash:	EF3179D498793BF4234F708D3BE28633
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: rundll32.exePID: 7088, Parent PID: 6992

General

Target ID:	4
Start time:	08:02:13
Start date:	02/10/2024
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	rundll32.exe "C:\Users\user\Desktop\lK1DKi27B4.dll",#1
Imagebase:	0x7ff6b9870000
File size:	71'680 bytes
MD5 hash:	EF3179D498793BF4234F708D3BE28633
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: rundll32.exePID: 6212, Parent PID: 6856

General

Target ID:	5
Start time:	08:02:16
Start date:	02/10/2024
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	rundll32.exe "C:\Users\user\Desktop\lK1DKi27B4.dll",start
Imagebase:	0x7ff6b9870000
File size:	71'680 bytes
MD5 hash:	EF3179D498793BF4234F708D3BE28633
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: rundll32.exePID: 2008, Parent PID: 7020

General

Target ID:	6
Start time:	08:02:19
Start date:	02/10/2024
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	rundll32.exe C:\Users\user\AppData\Local\Temp/tmpf193.dll,run C:\Users\user\Desktop\lK1DKi27B4.dll
Imagebase:	0x7ff6b9870000
File size:	71'680 bytes
MD5 hash:	EF3179D498793BF4234F708D3BE28633
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: rundll32.exePID: 4208, Parent PID: 7088

General

Target ID:	7
Start time:	08:02:19
Start date:	02/10/2024
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	rundll32.exe C:\Users\user\AppData\Local\Temp/tmpf193.dll,run C:\Users\user\Desktop\lK1DKi27B4.dll
Imagebase:	0x7ff6b9870000
File size:	71'680 bytes
MD5 hash:	EF3179D498793BF4234F708D3BE28633
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Analysis Process: rundll32.exePID: 4592, Parent PID: 6212

General

Target ID:	8
Start time:	08:02:22
Start date:	02/10/2024
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	rundll32.exe C:\Users\user\AppData\Local\Temp/tmpf193.dll,run C:\Users\user\Desktop\lK1DKi27B4.dll
Imagebase:	0x7ff6b9870000
File size:	71'680 bytes
MD5 hash:	EF3179D498793BF4234F708D3BE28633
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Disassembly

Reset < >

Analysis Process: rundll32.exePID: 7020, Parent PID: 6856COMMON

Execution Graph

Execution Coverage:	17.9%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	3.2%
Total number of Nodes:	93
Total number of Limit Nodes:	2

Callgraph

Executed
Not Executed
Opacity -> Relevance
Disassembly available

Executed Functions

Function 00007FFE133239A0 Relevance: .1, Instructions: 64
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000003.00000002.1735405785.00007FFE13321000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFE13320000, based on PE: true

Associated: 00000003.00000002.1735367602.00007FFE13320000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.1735488176.00007FFE13324000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.1735570438.00007FFE13325000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.1735634708.00007FFE13348000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffe13320000_rundll32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d068ffc1ab48445f0d0a9c54d85b72c63d2bd69f465f13f63e7f3c7fdfbaf26f
Instruction ID: 2be9231d5485ea5428f21597168ab0e1470969b8ee30f8d90b03c0125f402eb2
Opcode Fuzzy Hash: d068ffc1ab48445f0d0a9c54d85b72c63d2bd69f465f13f63e7f3c7fdfbaf26f
Instruction Fuzzy Hash: 2331CC72A04AC18EE7708E66D8407DC33A1F7197B8F01427ADE2C6BBD8DB78D6448744

Function 00007FFE133217F4 Relevance: 3.8, Strings: 3, Instructions: 55
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

temp, xrefs: 00007FFE13321831
%s/tmpf193.dll, xrefs: 00007FFE1332184A
rundll32.exe %s,run %s, xrefs: 00007FFE133218CF

Memory Dump Source

Source File: 00000003.00000002.1735405785.00007FFE13321000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFE13320000, based on PE: true

Associated: 00000003.00000002.1735367602.00007FFE13320000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.1735488176.00007FFE13324000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.1735570438.00007FFE13325000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.1735634708.00007FFE13348000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffe13320000_rundll32.jbxd

Similarity

API ID:
String ID: %s/tmpf193.dll$rundll32.exe %s,run %s$temp
API String ID: 0-1021872635
Opcode ID: 037ff5137c62a1e0d9fe509e1bdb0bac131be7c1cfe5d51d212a6f508c46df2f
Instruction ID: 298bc308244440296458f71edae7543b0ea0c88b70f53633651c7b14083c69eb
Opcode Fuzzy Hash: 037ff5137c62a1e0d9fe509e1bdb0bac131be7c1cfe5d51d212a6f508c46df2f
Instruction Fuzzy Hash: A221FC15F04B869CFE34DB56E8443E82354EF557A4F804076DD5D2B7A5EE2CE244C345

Function 00007FFE1332309F Relevance: 1.7, Strings: 1, Instructions: 472
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

liaf, xrefs: 00007FFE13323693

Memory Dump Source

Source File: 00000003.00000002.1735405785.00007FFE13321000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFE13320000, based on PE: true

Associated: 00000003.00000002.1735367602.00007FFE13320000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.1735488176.00007FFE13324000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.1735570438.00007FFE13325000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.1735634708.00007FFE13348000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffe13320000_rundll32.jbxd

Similarity

API ID:
String ID: liaf
API String ID: 0-3481663875
Opcode ID: 1ee44d9be8b281fd32dc2dfea7af1ef8e28513f8b421b1e04d39b6c80ae3c64e
Instruction ID: e03445c2d84191bff83e83c04a98286fb32f6a97f37f6a0ae938b736c33914c4
Opcode Fuzzy Hash: 1ee44d9be8b281fd32dc2dfea7af1ef8e28513f8b421b1e04d39b6c80ae3c64e
Instruction Fuzzy Hash: 89226E66F08A028DFB209AB680453BC27B0AB55778F100675EE7D777E9DE3CA4818758

Function 00007FFE133228D9 Relevance: 1.4, Strings: 1, Instructions: 119
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

85.239.52.252, xrefs: 00007FFE13322943

Memory Dump Source

Source File: 00000003.00000002.1735405785.00007FFE13321000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFE13320000, based on PE: true

Associated: 00000003.00000002.1735367602.00007FFE13320000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.1735488176.00007FFE13324000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.1735570438.00007FFE13325000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.1735634708.00007FFE13348000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffe13320000_rundll32.jbxd

Similarity

API ID:
String ID: 85.239.52.252
API String ID: 0-4133895869
Opcode ID: c8072512862064964766682b891cda1bdd396c7c321a2a9c1efabbdb2c12c2f4
Instruction ID: 6b9bb57b96e6e68da18753aa065872d6bd1fd721c312430b89705bc80b86c751
Opcode Fuzzy Hash: c8072512862064964766682b891cda1bdd396c7c321a2a9c1efabbdb2c12c2f4
Instruction Fuzzy Hash: 72516F62B09A929DFB20DBA6D8403EC3771AB15358F404075DE1DABB99DE7CD544C704

Function 00007FFE133237E0 Relevance: 1.3, Strings: 1, Instructions: 79
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

85.239.52.252, xrefs: 00007FFE133238B5

Memory Dump Source

Source File: 00000003.00000002.1735405785.00007FFE13321000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFE13320000, based on PE: true

Associated: 00000003.00000002.1735367602.00007FFE13320000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.1735488176.00007FFE13324000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.1735570438.00007FFE13325000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.1735634708.00007FFE13348000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffe13320000_rundll32.jbxd

Similarity

API ID:
String ID: 85.239.52.252
API String ID: 0-4133895869
Opcode ID: 02a0628b6d568bbba06dfb60ffc2c7ea0c403360795a489ee6e44c26b910eddc
Instruction ID: 96d0bf3f3b5fb22d7dd6f4c705a9799a7c78c73c960ef3809fd4f5b80f58c111
Opcode Fuzzy Hash: 02a0628b6d568bbba06dfb60ffc2c7ea0c403360795a489ee6e44c26b910eddc
Instruction Fuzzy Hash: 05319172B09A828FEFB49B2788053F922D19B653B4F008074D92D9B7F9EE2CA5058745

Function 00007FFE13322781 Relevance: .1, Instructions: 84
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000003.00000002.1735405785.00007FFE13321000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFE13320000, based on PE: true

Associated: 00000003.00000002.1735367602.00007FFE13320000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.1735488176.00007FFE13324000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.1735570438.00007FFE13325000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.1735634708.00007FFE13348000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffe13320000_rundll32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a7e99f209dc4062eadb156062b447773cbafa840fde06c7853fffa51e9a8b985
Instruction ID: dfe2f9e6f183e45d57c4ac08334259dd9b3db15610716b88d16f6179aea3a12c
Opcode Fuzzy Hash: a7e99f209dc4062eadb156062b447773cbafa840fde06c7853fffa51e9a8b985
Instruction Fuzzy Hash: 2B413832F04A169DFB60CBA6D9043AC36B0AB547A8F100275DE2C77BE9DF38DA008754

Function 00007FFE13323AC7 Relevance: .1, Instructions: 64
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000003.00000002.1735405785.00007FFE13321000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFE13320000, based on PE: true

Associated: 00000003.00000002.1735367602.00007FFE13320000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.1735488176.00007FFE13324000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.1735570438.00007FFE13325000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.1735634708.00007FFE13348000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffe13320000_rundll32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 17d85fab76ed55d5e5d39da0a193cf729d0284c3de407aa9a9a78387b25e80df
Instruction ID: 90bf9a50bedecc31e6c96e624132cfbea313561cf146c8bedb11859d5174d670
Opcode Fuzzy Hash: 17d85fab76ed55d5e5d39da0a193cf729d0284c3de407aa9a9a78387b25e80df
Instruction Fuzzy Hash: 2631CC76A08AC18EE7708E6AD8407DC73A1F7197B8F404266EE2C6BBD8DF7496448744

Function 00007FFE133216D0 Relevance: .0, Instructions: 39
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000003.00000002.1735405785.00007FFE13321000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFE13320000, based on PE: true

Associated: 00000003.00000002.1735367602.00007FFE13320000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.1735488176.00007FFE13324000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.1735570438.00007FFE13325000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.1735634708.00007FFE13348000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffe13320000_rundll32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4b633d004639130bec2f3cd2b0d0870f0c693c71f8dca34dc6573a98c76dd782
Instruction ID: a8da39f58551559122463d0384d809ce230daed750e738b8da738b1979cc8b74
Opcode Fuzzy Hash: 4b633d004639130bec2f3cd2b0d0870f0c693c71f8dca34dc6573a98c76dd782
Instruction Fuzzy Hash: 20118073B14B808AF7708B69E41039E6261F79439CF508235EA9C2BB98DF7DC5988B00

Function 00007FFE1332220D Relevance: .0, Instructions: 20
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000003.00000002.1735405785.00007FFE13321000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFE13320000, based on PE: true

Associated: 00000003.00000002.1735367602.00007FFE13320000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.1735488176.00007FFE13324000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.1735570438.00007FFE13325000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.1735634708.00007FFE13348000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffe13320000_rundll32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b30b0dd98c189ec07417ee6450ca6486aab83f3bfc1e95cf89db179afefbdeec
Instruction ID: c45c0335a884dbdee6e101342c4271676df186179c442d18c05863dcd338e334
Opcode Fuzzy Hash: b30b0dd98c189ec07417ee6450ca6486aab83f3bfc1e95cf89db179afefbdeec
Instruction Fuzzy Hash: C1E04622B08F018EF3605B62E8523763298EB68770F104078E52C6B7F1DF3DE8A55748

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse rundll32.exe to proxy execution of malicious code. Using rundll32.exe, vice executing directly (i.e. Shared Modules ), may avoid triggering security tools that may not monitor execution of the rundll32.exe process because of allowlists or false positives from normal operations. Rundll32.exe is commonly associated with executing DLL payloads (ex: `rundll32.exe {DLLname, DLLfunction}` ).
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report lK1DKi27B4.dll

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

HIPS / PFW / Operating System Protection Evasion

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Temp\tmpf193.dll

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Imports

Exports

Network Behavior

Network Port Distribution

TCP Packets

DNS Answers

Statistics

CPU Usage

Memory Usage

High Level Behavior Distribution

back

Behavior

System Behavior

Analysis Process: loaddll64.exePID: 6856, Parent PID: 2580

General

Chronological Activities

Analysis Process: conhost.exePID: 6876, Parent PID: 6856

General

Windows Analysis Report
lK1DKi27B4.dll

Function 00007FFE133239A0 Relevance: .1, Instructions: 64
COMMON

Function 00007FFE133217F4 Relevance: 3.8, Strings: 3, Instructions: 55
COMMON

Function 00007FFE1332309F Relevance: 1.7, Strings: 1, Instructions: 472
COMMON

Function 00007FFE133228D9 Relevance: 1.4, Strings: 1, Instructions: 119
COMMON

Function 00007FFE133237E0 Relevance: 1.3, Strings: 1, Instructions: 79
COMMON

Function 00007FFE13322781 Relevance: .1, Instructions: 84
COMMON

Function 00007FFE13323AC7 Relevance: .1, Instructions: 64
COMMON

Function 00007FFE133216D0 Relevance: .0, Instructions: 39
COMMON

Function 00007FFE1332220D Relevance: .0, Instructions: 20
COMMON