Windows
Analysis Report
eXbhgU9.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- eXbhgU9.exe (PID: 7340 cmdline:
"C:\Users\ user\Deskt op\eXbhgU9 .exe" MD5: 9BE5AC720DCF1838FD5A2D7352672F66) - conhost.exe (PID: 7348 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - powershell.exe (PID: 7456 cmdline:
"powershel l.exe" -No Profile -C ommand Add -MpPrefere nce -Exclu sionPath ' C:\FkSpRTr p' MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC) - conhost.exe (PID: 7464 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - powershell.exe (PID: 7660 cmdline:
"powershel l.exe" -No Profile -C ommand Add -MpPrefere nce -Exclu sionPath ' C:\Users' MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC) - conhost.exe (PID: 7668 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - jyidkjkfhjawd.exe (PID: 7940 cmdline:
"C:\FkSpRT rp\jyidkjk fhjawd.exe " MD5: 1B40450E11F71DA7D6F3D9C025C078E0)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Lumma Stealer, LummaC2 Stealer | Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell. | No Attribution |
{"C2 url": ["tirepublicerj.shop", "wholersorie.shop", "rabidcowse.shop", "noisycuttej.shop", "cloudewahsj.shop", "nearycrepso.shop", "abruptyopsn.shop", "framekgirus.shop", "abruptyopsn.shoph"], "Build id": "nbYRKl--"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_LummaCStealer_3 | Yara detected LummaC Stealer | Joe Security | ||
JoeSecurity_LummaCStealer_2 | Yara detected LummaC Stealer | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
Click to see the 5 entries |
System Summary |
---|
Source: | Author: Florian Roth (Nextron Systems): |
Source: | Author: Florian Roth (Nextron Systems): |
Source: | Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-12-30T11:59:39.044317+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.4 | 49732 | 104.21.18.19 | 443 | TCP |
2024-12-30T11:59:39.955988+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.4 | 49733 | 104.21.18.19 | 443 | TCP |
2024-12-30T11:59:41.382705+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.4 | 49735 | 104.21.18.19 | 443 | TCP |
2024-12-30T11:59:42.507623+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.4 | 49739 | 104.21.18.19 | 443 | TCP |
2024-12-30T11:59:43.769545+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.4 | 49741 | 104.21.18.19 | 443 | TCP |
2024-12-30T11:59:45.317754+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.4 | 49743 | 104.21.18.19 | 443 | TCP |
2024-12-30T11:59:57.871611+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.4 | 49744 | 104.21.18.19 | 443 | TCP |
2024-12-30T11:59:59.961086+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.4 | 49745 | 104.21.18.19 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-12-30T11:59:39.509278+0100 | 2054653 | 1 | A Network Trojan was detected | 192.168.2.4 | 49732 | 104.21.18.19 | 443 | TCP |
2024-12-30T11:59:40.414271+0100 | 2054653 | 1 | A Network Trojan was detected | 192.168.2.4 | 49733 | 104.21.18.19 | 443 | TCP |
2024-12-30T12:00:00.427219+0100 | 2054653 | 1 | A Network Trojan was detected | 192.168.2.4 | 49745 | 104.21.18.19 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-12-30T11:59:39.509278+0100 | 2049836 | 1 | A Network Trojan was detected | 192.168.2.4 | 49732 | 104.21.18.19 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-12-30T11:59:40.414271+0100 | 2049812 | 1 | A Network Trojan was detected | 192.168.2.4 | 49733 | 104.21.18.19 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-12-30T11:59:56.966943+0100 | 2048094 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49743 | 104.21.18.19 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-12-30T11:59:57.922786+0100 | 2843864 | 1 | A Network Trojan was detected | 192.168.2.4 | 49744 | 104.21.18.19 | 443 | TCP |
Click to jump to signature section
AV Detection |
---|
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: |
Source: | Avira: |
Source: | Malware Configuration Extractor: |
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Source: | Integrated Neural Analysis Model: |
Source: | Joe Sandbox ML: |
Source: | Joe Sandbox ML: |
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Static PE information: |
Source: | Binary string: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Code function: | 0_2_00BE3078 | |
Source: | Code function: | 0_2_00BE2A81 | |
Source: | Code function: | 7_2_00AF0480 | |
Source: | Code function: | 7_2_00AD6000 | |
Source: | Code function: | 7_2_00AD3120 | |
Source: | Code function: | 7_2_00ABC22D | |
Source: | Code function: | 7_2_00ABDE48 | |
Source: | Code function: | 7_2_00AB8640 | |
Source: | Code function: | 7_2_00AEFB80 | |
Source: | Code function: | 7_2_00AE98A0 | |
Source: | Code function: | 7_2_00AD7CB0 | |
Source: | Code function: | 7_2_00AD7CB0 | |
Source: | Code function: | 7_2_00AEC440 | |
Source: | Code function: | 7_2_00ADA050 | |
Source: | Code function: | 7_2_00AEF450 | |
Source: | Code function: | 7_2_00ABB9F1 | |
Source: | Code function: | 7_2_00AC4DC0 | |
Source: | Code function: | 7_2_00AEC510 | |
Source: | Code function: | 7_2_00AEC510 | |
Source: | Code function: | 7_2_00AEC510 | |
Source: | Code function: | 7_2_00AD9A90 | |
Source: | Code function: | 7_2_00AB8EF0 | |
Source: | Code function: | 7_2_00ABC6F0 | |
Source: | Code function: | 7_2_00AEFE20 | |
Source: | Code function: | 7_2_00AD3A60 | |
Source: | Code function: | 7_2_00AB73C0 | |
Source: | Code function: | 7_2_00AB73C0 | |
Source: | Code function: | 7_2_00AEF3C0 | |
Source: | Code function: | 7_2_00AD37D0 | |
Source: | Code function: | 7_2_00AB2B60 | |
Source: | Code function: | 7_2_00AD6360 | |
Source: | Code function: | 7_2_00AD6360 | |
Source: | Code function: | 7_2_00ABBF40 | |
Source: | Code function: | 7_2_00AD6340 | |
Source: | Code function: | 7_2_00AD6340 |
Networking |
---|
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: |
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | IP Address: | ||
Source: | IP Address: | ||
Source: | IP Address: |
Source: | ASN Name: |
Source: | JA3 fingerprint: | ||
Source: | JA3 fingerprint: |
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
System Summary |
---|
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | 0_2_00BE0F40 | |
Source: | Code function: | 0_2_00BE0F30 | |
Source: | Code function: | 2_2_0444B490 | |
Source: | Code function: | 2_2_08123A98 | |
Source: | Code function: | 5_2_0336B490 | |
Source: | Code function: | 7_2_00AF0480 | |
Source: | Code function: | 7_2_00AEBCE0 | |
Source: | Code function: | 7_2_00AD6000 | |
Source: | Code function: | 7_2_00AD1060 | |
Source: | Code function: | 7_2_00AE8860 | |
Source: | Code function: | 7_2_00AB95A0 | |
Source: | Code function: | 7_2_00AD3120 | |
Source: | Code function: | 7_2_00ABD6F8 | |
Source: | Code function: | 7_2_00ABDE48 | |
Source: | Code function: | 7_2_00AB8640 | |
Source: | Code function: | 7_2_00AEFB80 | |
Source: | Code function: | 7_2_00ABA8A0 | |
Source: | Code function: | 7_2_00AD7CB0 | |
Source: | Code function: | 7_2_00ACDC90 | |
Source: | Code function: | 7_2_00ABD0FF | |
Source: | Code function: | 7_2_00AB88F0 | |
Source: | Code function: | 7_2_00AE8040 | |
Source: | Code function: | 7_2_00AD5850 | |
Source: | Code function: | 7_2_00ADA050 | |
Source: | Code function: | 7_2_00AEF450 | |
Source: | Code function: | 7_2_00AB398B | |
Source: | Code function: | 7_2_00ABAD90 | |
Source: | Code function: | 7_2_00AC11E9 | |
Source: | Code function: | 7_2_00AC4DC0 | |
Source: | Code function: | 7_2_00AEC510 | |
Source: | Code function: | 7_2_00AB6160 | |
Source: | Code function: | 7_2_00AE2D70 | |
Source: | Code function: | 7_2_00ABED75 | |
Source: | Code function: | 7_2_00AB9140 | |
Source: | Code function: | 7_2_00AB4280 | |
Source: | Code function: | 7_2_00ABC6F0 | |
Source: | Code function: | 7_2_00AEFE20 | |
Source: | Code function: | 7_2_00AD3A60 | |
Source: | Code function: | 7_2_00ABEB80 | |
Source: | Code function: | 7_2_00AB73C0 | |
Source: | Code function: | 7_2_00AEF3C0 | |
Source: | Code function: | 7_2_00AD37D0 | |
Source: | Code function: | 7_2_00AD6360 | |
Source: | Code function: | 7_2_00AD6340 | |
Source: | Code function: | 7_2_03224676 | |
Source: | Code function: | 7_2_0322452F | |
Source: | Code function: | 7_2_03224561 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | Static file information: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Binary or memory string: |
Source: | ReversingLabs: | ||
Source: | Virustotal: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: |
Data Obfuscation |
---|
Source: | Unpacked PE file: |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | 2_2_04446351 | |
Source: | Code function: | 2_2_04443CB3 | |
Source: | Code function: | 2_2_081273E9 | |
Source: | Code function: | 5_2_03366351 | |
Source: | Code function: | 7_2_00AEF005 | |
Source: | Code function: | 7_2_00ABFE69 | |
Source: | Code function: | 7_2_03223BB6 | |
Source: | Code function: | 7_2_032246EB | |
Source: | Code function: | 7_2_032246EB | |
Source: | Code function: | 7_2_032235BA | |
Source: | Code function: | 7_2_03223606 | |
Source: | Code function: | 7_2_03220078 |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | File created: | Jump to dropped file |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Registry key monitored for changes: | Jump to behavior | ||
Source: | Registry key monitored for changes: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | WMI Queries: |
Source: | System information queried: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | WMI Queries: |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Anti Debugging |
---|
Source: | Thread information set: | Jump to behavior | ||
Source: | Thread information set: | Jump to behavior |
Source: | Code function: | 7_2_00AED910 |
Source: | Code function: | 7_2_03227E99 | |
Source: | Code function: | 7_2_0322803D |
Source: | Process token adjusted: | Jump to behavior | ||
Source: | Process token adjusted: | Jump to behavior | ||
Source: | Process token adjusted: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Code function: | 7_2_00AE8040 |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Binary or memory string: |
Source: | WMI Queries: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 12 Windows Management Instrumentation | 1 DLL Side-Loading | 11 Process Injection | 1 Masquerading | 2 OS Credential Dumping | 1 Query Registry | Remote Services | 1 Archive Collected Data | 11 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | 1 PowerShell | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 11 Disable or Modify Tools | LSASS Memory | 321 Security Software Discovery | Remote Desktop Protocol | 41 Data from Local System | 1 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 331 Virtualization/Sandbox Evasion | Security Account Manager | 1 Process Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 3 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 11 Process Injection | NTDS | 331 Virtualization/Sandbox Evasion | Distributed Component Object Model | Input Capture | 114 Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Deobfuscate/Decode Files or Information | LSA Secrets | 1 Application Window Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 3 Obfuscated Files or Information | Cached Domain Credentials | 12 File and Directory Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 12 Software Packing | DCSync | 32 System Information Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 1 Timestomp | Proc Filesystem | System Owner/User Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
Network Topology | Malvertising | Exploit Public-Facing Application | Command and Scripting Interpreter | At | At | 1 DLL Side-Loading | /etc/passwd and /etc/shadow | Network Sniffing | Direct Cloud VM Connections | Data Staged | Web Protocols | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Internal Defacement |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
13% | ReversingLabs | ByteCode-MSIL.Trojan.Zilla | ||
23% | Virustotal | Browse | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira | HEUR/AGEN.1314134 | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
github.com | 140.82.121.4 | true | false | high | |
raw.githubusercontent.com | 185.199.110.133 | true | false | high | |
framekgirus.shop | 104.21.18.19 | true | true | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
false | high | ||
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
false | high | ||
true |
| unknown | |
true |
| unknown | |
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
104.21.18.19 | framekgirus.shop | United States | 13335 | CLOUDFLARENETUS | true | |
140.82.121.4 | github.com | United States | 36459 | GITHUBUS | false | |
185.199.110.133 | raw.githubusercontent.com | Netherlands | 54113 | FASTLYUS | false |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1582366 |
Start date and time: | 2024-12-30 11:58:32 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 6m 8s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 12 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | eXbhgU9.exe |
Detection: | MAL |
Classification: | mal100.troj.spyw.evad.winEXE@10/12@3/3 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, WmiPrvSE.exe
- Excluded IPs from analysis (whitelisted): 52.149.20.212, 4.245.163.56, 13.107.246.45
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Execution Graph export aborted for target powershell.exe, PID 7660 because it is empty
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size getting too big, too many NtCreateKey calls found.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
- Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Time | Type | Description |
---|---|---|
05:59:24 | API Interceptor | |
05:59:34 | API Interceptor | |
05:59:38 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
140.82.121.4 | Get hash | malicious | Unknown | Browse |
| |
185.199.110.133 | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Metasploit | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
raw.githubusercontent.com | Get hash | malicious | LodaRAT, XRed | Browse |
| |
Get hash | malicious | LodaRAT, XRed | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LodaRAT, XRed | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | RedLine | Browse |
| ||
Get hash | malicious | LodaRAT, XRed | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
github.com | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar | Browse |
| ||
Get hash | malicious | LummaC, Amadey, Cryptbot, LummaC Stealer, Vidar, Xmrig | Browse |
| ||
Get hash | malicious | LummaC, Amadey, Cryptbot, LummaC Stealer, Vidar, Xmrig | Browse |
| ||
Get hash | malicious | Caesium Obfuscator, STRRAT | Browse |
| ||
Get hash | malicious | LummaC, Amadey, Cryptbot, LummaC Stealer, Vidar, Xmrig | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
CLOUDFLARENETUS | Get hash | malicious | DBatLoader, MassLogger RAT, PureLog Stealer | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LodaRAT, XRed | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | DBatLoader, FormBook | Browse |
| ||
Get hash | malicious | MassLogger RAT, PureLog Stealer | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
FASTLYUS | Get hash | malicious | LodaRAT, XRed | Browse |
| |
Get hash | malicious | LodaRAT, XRed | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LodaRAT, XRed | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai, Moobot | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
GITHUBUS | Get hash | malicious | FormBook | Browse |
| |
Get hash | malicious | HTMLPhisher, Tycoon2FA | Browse |
| ||
Get hash | malicious | ScreenConnect Tool, LummaC, Amadey, Cryptbot, LummaC Stealer, Vidar | Browse |
| ||
Get hash | malicious | PureCrypter, PureLog Stealer | Browse |
| ||
Get hash | malicious | WSHRat, Caesium Obfuscator, STRRAT | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Caesium Obfuscator, STRRAT | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
3b5074b1b5d032e5620f69f9f700ff0e | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | LodaRAT, XRed | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | MassLogger RAT, PureLog Stealer | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC, DarkTortilla, LummaC Stealer | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
a0e9f5d64349fb13191bc781f81f42e1 | Get hash | malicious | DBatLoader, MassLogger RAT, PureLog Stealer | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | DBatLoader, FormBook | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC Stealer | Browse |
| ||
Get hash | malicious | LummaC Stealer | Browse |
| ||
Get hash | malicious | LummaC | Browse |
|
Process: | C:\Users\user\Desktop\eXbhgU9.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1282048 |
Entropy (8bit): | 7.989392691400588 |
Encrypted: | false |
SSDEEP: | 24576:tI05w/i0EgOp2bAntruwSB/n5FqAmHrnaNWQu2/O7pOuSLBLX:tI05w/i0Ed2buawK/qAmLGWx7pOLLBz |
MD5: | 1B40450E11F71DA7D6F3D9C025C078E0 |
SHA1: | 5BDF461219E68AA7175A5FA01962AF8E3F583C7E |
SHA-256: | F7846A193C00E22D512FDC71FCA6FB3F3AF434179681D26700B11B7F4E69AB64 |
SHA-512: | BFB8DFA87AAF0DC9AFD3AE19C6082A53917501899F582DDC10A56A311B9504A64F25C1B923ABE0B5077CEF64F6EF891089358D652E4A7618DACA9418BAD03017 |
Malicious: | true |
Antivirus: |
|
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\eXbhgU9.exe |
File Type: | |
Category: | modified |
Size (bytes): | 1058 |
Entropy (8bit): | 5.356262093008712 |
Encrypted: | false |
SSDEEP: | 24:ML9E4KlKDE4KhKiKhwE4Ty1KIE4oKNzKoZAE4KzeR:MxHKlYHKh3owH8tHo6hAHKzeR |
MD5: | B2EFBF032531DD2913F648E75696B0FD |
SHA1: | 3F1AC93E4C10AE6D48E6CE1745D23696FD6554F6 |
SHA-256: | 4E02B680F9DAB8F04F2443984B5305541F73B52A612129FCD8CC0C520C831E4B |
SHA-512: | 79430DB7C12536BDC06F21D130026A72F97BB03994CE2F718F82BB9ACDFFCA926F1292100B58B0C788BDDF739E87965B8D46C8F003CF5087F75BEFDC406295BC |
Malicious: | true |
Reputation: | moderate, very likely benign file |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
Download File
Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | modified |
Size (bytes): | 2232 |
Entropy (8bit): | 5.381427237108526 |
Encrypted: | false |
SSDEEP: | 48:JWSU4y4RQmFoUeWmfgZ9tK8NPZHUm7u1iMuge//MPUyus:JLHyIFKL3IZ2KRH9Ougss |
MD5: | F92F0A6A81466A0AE1176EA8E0B118CF |
SHA1: | 17ECFC14C8F06E4209CEF33CC4EFBD24E722A410 |
SHA-256: | 6079E5D353621B5ACE8D0EE0E4515A770513ADD3BB257F38760AEC6A7DF0472D |
SHA-512: | 164F13D8FA37537D7700F565BFD43A95A60574E587F5EDC02B01B1E507608DDE6EB2C9D82B7783147A7098B4E8FEE5B2F74035AA8DC48C36B5C883DB984E2561 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 60 |
Entropy (8bit): | 4.038920595031593 |
Encrypted: | false |
SSDEEP: | 3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX |
MD5: | D17FE0A3F47BE24A6453E9EF58C94641 |
SHA1: | 6AB83620379FC69F80C0242105DDFFD7D98D5D9D |
SHA-256: | 96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7 |
SHA-512: | 5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 60 |
Entropy (8bit): | 4.038920595031593 |
Encrypted: | false |
SSDEEP: | 3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX |
MD5: | D17FE0A3F47BE24A6453E9EF58C94641 |
SHA1: | 6AB83620379FC69F80C0242105DDFFD7D98D5D9D |
SHA-256: | 96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7 |
SHA-512: | 5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 60 |
Entropy (8bit): | 4.038920595031593 |
Encrypted: | false |
SSDEEP: | 3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX |
MD5: | D17FE0A3F47BE24A6453E9EF58C94641 |
SHA1: | 6AB83620379FC69F80C0242105DDFFD7D98D5D9D |
SHA-256: | 96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7 |
SHA-512: | 5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 60 |
Entropy (8bit): | 4.038920595031593 |
Encrypted: | false |
SSDEEP: | 3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX |
MD5: | D17FE0A3F47BE24A6453E9EF58C94641 |
SHA1: | 6AB83620379FC69F80C0242105DDFFD7D98D5D9D |
SHA-256: | 96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7 |
SHA-512: | 5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 60 |
Entropy (8bit): | 4.038920595031593 |
Encrypted: | false |
SSDEEP: | 3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX |
MD5: | D17FE0A3F47BE24A6453E9EF58C94641 |
SHA1: | 6AB83620379FC69F80C0242105DDFFD7D98D5D9D |
SHA-256: | 96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7 |
SHA-512: | 5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 60 |
Entropy (8bit): | 4.038920595031593 |
Encrypted: | false |
SSDEEP: | 3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX |
MD5: | D17FE0A3F47BE24A6453E9EF58C94641 |
SHA1: | 6AB83620379FC69F80C0242105DDFFD7D98D5D9D |
SHA-256: | 96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7 |
SHA-512: | 5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 60 |
Entropy (8bit): | 4.038920595031593 |
Encrypted: | false |
SSDEEP: | 3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX |
MD5: | D17FE0A3F47BE24A6453E9EF58C94641 |
SHA1: | 6AB83620379FC69F80C0242105DDFFD7D98D5D9D |
SHA-256: | 96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7 |
SHA-512: | 5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 60 |
Entropy (8bit): | 4.038920595031593 |
Encrypted: | false |
SSDEEP: | 3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX |
MD5: | D17FE0A3F47BE24A6453E9EF58C94641 |
SHA1: | 6AB83620379FC69F80C0242105DDFFD7D98D5D9D |
SHA-256: | 96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7 |
SHA-512: | 5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\eXbhgU9.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 651 |
Entropy (8bit): | 4.964269002886412 |
Encrypted: | false |
SSDEEP: | 12:clyD3Cg81ye4A28scWIODMGN6TaWyL09Wy+621QYpTNIvLIj+GNT:nDp81sA8IaM7TaF094iv8j++ |
MD5: | CE6CC66B2A3FEE1EFC9EFD5D5E6E1B0B |
SHA1: | 485B611193E4C6EE305C2F47CE0DA5A6D2E2FBBB |
SHA-256: | 5261A00FC50367D7F57DDFD53B67AA48B7CD3012D5BB361C384B127FFF59CBFC |
SHA-512: | A5C7F0831F7B1C39D0BF71DFB030C64F616B9C02A9F5D5CB24D2B7A85B51AB0B818D4CA65534C5F33476D4AFD0A58A607536A612A919FF655FDC250A7661D0CD |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 5.03888709426846 |
TrID: |
|
File name: | eXbhgU9.exe |
File size: | 15'360 bytes |
MD5: | 9be5ac720dcf1838fd5a2d7352672f66 |
SHA1: | d8046191a1d1756768a8bad62ce3ba757deb7d53 |
SHA256: | cc5eb5ac7cb599572a1c9747efa83774221e0ad4a24ed6545d5bc03a44a23196 |
SHA512: | 72f618868c9960332931d7055a4bff5b3394979a1f5d8089d51c6dc436a121a3d9332d405a3eb3f65fcb8c5930c73606e194782fcf29b46d5e42235de29acc33 |
SSDEEP: | 384:8dGRmTbW+eO9GXSrtx2MUyQ6JCgf61FDOVV:QzGXaff61FDO7 |
TLSH: | 16620B44A3FC1617FABF0F386DB543450B71BA239C32EB5E24DCA48A2D267114AA0767 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................."...0..2...........P... ...`....@.. ....................................`................................ |
Icon Hash: | 90cececece8e8eb0 |
Entrypoint: | 0x405006 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows cui |
Image File Characteristics: | EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE |
DLL Characteristics: | HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Time Stamp: | 0xAAB116B5 [Thu Sep 30 01:13:25 2060 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
Instruction |
---|
jmp dword ptr [00402000h] |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x4fb2 | 0x4f | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x6000 | 0x58c | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x8000 | 0xc | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x4f28 | 0x38 | .text |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x2000 | 0x8 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x2008 | 0x48 | .text |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x2000 | 0x300c | 0x3200 | f27795b54e7ea13f5bbe92ccf4dd102e | False | 0.478203125 | data | 5.308111270156275 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rsrc | 0x6000 | 0x58c | 0x600 | 6e993d30dd12afeefbd7de5ec6984ff1 | False | 0.412109375 | data | 4.002562964288917 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x8000 | 0xc | 0x200 | a94e9107db21028df50d68392e82c4ff | False | 0.044921875 | data | 0.08153941234324169 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_VERSION | 0x6090 | 0x2fc | data | 0.43586387434554974 | ||
RT_MANIFEST | 0x639c | 0x1ea | XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators | 0.5489795918367347 |
DLL | Import |
---|---|
mscoree.dll | _CorExeMain |
Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-12-30T11:59:39.044317+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.4 | 49732 | 104.21.18.19 | 443 | TCP |
2024-12-30T11:59:39.509278+0100 | 2049836 | ET MALWARE Lumma Stealer Related Activity | 1 | 192.168.2.4 | 49732 | 104.21.18.19 | 443 | TCP |
2024-12-30T11:59:39.509278+0100 | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 1 | 192.168.2.4 | 49732 | 104.21.18.19 | 443 | TCP |
2024-12-30T11:59:39.955988+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.4 | 49733 | 104.21.18.19 | 443 | TCP |
2024-12-30T11:59:40.414271+0100 | 2049812 | ET MALWARE Lumma Stealer Related Activity M2 | 1 | 192.168.2.4 | 49733 | 104.21.18.19 | 443 | TCP |
2024-12-30T11:59:40.414271+0100 | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 1 | 192.168.2.4 | 49733 | 104.21.18.19 | 443 | TCP |
2024-12-30T11:59:41.382705+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.4 | 49735 | 104.21.18.19 | 443 | TCP |
2024-12-30T11:59:42.507623+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.4 | 49739 | 104.21.18.19 | 443 | TCP |
2024-12-30T11:59:43.769545+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.4 | 49741 | 104.21.18.19 | 443 | TCP |
2024-12-30T11:59:45.317754+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.4 | 49743 | 104.21.18.19 | 443 | TCP |
2024-12-30T11:59:56.966943+0100 | 2048094 | ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration | 1 | 192.168.2.4 | 49743 | 104.21.18.19 | 443 | TCP |
2024-12-30T11:59:57.871611+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.4 | 49744 | 104.21.18.19 | 443 | TCP |
2024-12-30T11:59:57.922786+0100 | 2843864 | ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2 | 1 | 192.168.2.4 | 49744 | 104.21.18.19 | 443 | TCP |
2024-12-30T11:59:59.961086+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.4 | 49745 | 104.21.18.19 | 443 | TCP |
2024-12-30T12:00:00.427219+0100 | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 1 | 192.168.2.4 | 49745 | 104.21.18.19 | 443 | TCP |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Dec 30, 2024 11:59:35.224191904 CET | 49730 | 443 | 192.168.2.4 | 140.82.121.4 |
Dec 30, 2024 11:59:35.224219084 CET | 443 | 49730 | 140.82.121.4 | 192.168.2.4 |
Dec 30, 2024 11:59:35.224282980 CET | 49730 | 443 | 192.168.2.4 | 140.82.121.4 |
Dec 30, 2024 11:59:35.249867916 CET | 49730 | 443 | 192.168.2.4 | 140.82.121.4 |
Dec 30, 2024 11:59:35.249881983 CET | 443 | 49730 | 140.82.121.4 | 192.168.2.4 |
Dec 30, 2024 11:59:35.867084026 CET | 443 | 49730 | 140.82.121.4 | 192.168.2.4 |
Dec 30, 2024 11:59:35.867156029 CET | 49730 | 443 | 192.168.2.4 | 140.82.121.4 |
Dec 30, 2024 11:59:35.870848894 CET | 49730 | 443 | 192.168.2.4 | 140.82.121.4 |
Dec 30, 2024 11:59:35.870858908 CET | 443 | 49730 | 140.82.121.4 | 192.168.2.4 |
Dec 30, 2024 11:59:35.871093035 CET | 443 | 49730 | 140.82.121.4 | 192.168.2.4 |
Dec 30, 2024 11:59:35.914887905 CET | 49730 | 443 | 192.168.2.4 | 140.82.121.4 |
Dec 30, 2024 11:59:35.955332994 CET | 443 | 49730 | 140.82.121.4 | 192.168.2.4 |
Dec 30, 2024 11:59:36.386710882 CET | 443 | 49730 | 140.82.121.4 | 192.168.2.4 |
Dec 30, 2024 11:59:36.386801004 CET | 443 | 49730 | 140.82.121.4 | 192.168.2.4 |
Dec 30, 2024 11:59:36.386858940 CET | 49730 | 443 | 192.168.2.4 | 140.82.121.4 |
Dec 30, 2024 11:59:36.386873960 CET | 443 | 49730 | 140.82.121.4 | 192.168.2.4 |
Dec 30, 2024 11:59:36.386917114 CET | 49730 | 443 | 192.168.2.4 | 140.82.121.4 |
Dec 30, 2024 11:59:36.393651009 CET | 49730 | 443 | 192.168.2.4 | 140.82.121.4 |
Dec 30, 2024 11:59:36.402988911 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:36.403054953 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:36.403146982 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:36.403538942 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:36.403557062 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:36.883898020 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:36.884027004 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:36.887250900 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:36.887268066 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:36.887569904 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:36.889919043 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:36.931358099 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.089418888 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.089651108 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.089741945 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.089780092 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.089901924 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.089997053 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.090040922 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.090059042 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.090096951 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.097208023 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.097451925 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.097513914 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.097527981 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.097557068 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.097783089 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.097839117 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.097858906 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.097907066 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.105019093 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.150913000 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.177802086 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.178139925 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.178208113 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.178227901 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.178344965 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.178401947 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.178411007 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.178966045 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.179022074 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.179030895 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.179824114 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.179903984 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.179912090 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.180015087 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.180079937 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.180088997 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.180676937 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.180730104 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.180738926 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.185616970 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.185674906 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.185684919 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.185797930 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.185848951 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.185859919 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.186456919 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.186513901 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.186523914 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.186634064 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.186717033 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.186723948 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.186747074 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.186785936 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.186821938 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.229051113 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.229083061 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.267651081 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.267676115 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.267693043 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.267699957 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.267704964 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.267741919 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.267762899 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.267788887 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.267812967 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.269355059 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.269391060 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.269402981 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.269418955 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.269426107 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.269453049 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.269457102 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.269469976 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.275096893 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.275110960 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.275304079 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.275321960 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.281559944 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.281577110 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.281644106 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.281656027 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.322784901 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.363965988 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.363981962 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.364101887 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.364123106 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.364187002 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.364245892 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.364280939 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.364310026 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.364319086 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.364346027 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.364368916 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.364526033 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.364541054 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.364593029 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.364600897 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.364615917 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.364634037 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.364635944 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.364646912 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.364665985 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.364706993 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.365983009 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.365997076 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.366049051 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.366058111 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.366096973 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.372253895 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.372271061 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.372327089 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.372335911 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.372374058 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.443057060 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.443073034 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.443393946 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.443423033 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.443495035 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.443866968 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.443881989 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.444061995 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.444072962 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.444129944 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.444287062 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.444300890 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.444355965 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.444364071 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.444415092 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.450280905 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.450297117 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.450354099 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.450362921 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.450406075 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.450930119 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.450982094 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.451005936 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.451014996 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.451040030 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.451064110 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.451560020 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.451575041 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.451634884 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.451643944 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.451692104 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.452155113 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.452191114 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.452212095 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.452219009 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.452236891 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.452264071 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.458281040 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.458327055 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.458348989 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.458359957 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.458379984 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.458403111 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.531593084 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.531610966 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.531677008 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.531693935 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.531744957 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.532146931 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.532164097 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.532219887 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.532229900 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.532278061 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.532723904 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.532738924 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.532790899 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.532799006 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.532814026 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.532839060 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.539005995 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.539021969 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.539072990 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.539082050 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.539119959 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.539279938 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.539295912 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.539341927 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.539350033 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.539390087 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.539771080 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.539788008 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.539839029 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.539845943 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.539890051 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.540168047 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.540209055 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.540226936 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.540237904 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.540256977 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.540280104 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.546725988 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.546762943 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.546827078 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.546838999 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.546885967 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.619944096 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.620002031 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.620034933 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.620049000 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.620074987 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.620110989 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.620323896 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.620337963 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.620393038 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.620400906 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.620440960 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.620865107 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.620878935 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.620938063 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.620946884 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.620985985 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.627103090 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.627118111 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.627171993 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.627182007 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.627222061 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.627671957 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.627686977 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.627743006 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.627756119 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.627791882 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.628099918 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.628113985 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.628160954 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.628171921 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.628210068 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.628599882 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.628613949 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.628678083 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.628690958 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.628750086 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.635099888 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.635116100 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.635339022 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.635354042 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.635401964 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.708515882 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.708537102 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.708602905 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.708615065 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.708661079 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.708830118 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.708843946 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.708900928 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.708909988 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.708925962 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.708949089 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.709305048 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.709321022 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.709381104 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.709391117 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.709449053 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.715559959 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.715576887 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.715636969 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.715645075 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.715689898 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.716033936 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.716048956 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.716119051 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.716128111 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.716172934 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.716603994 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.716618061 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.716674089 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.716681957 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.716727972 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.717047930 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.717072964 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.717103004 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.717111111 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.717145920 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.717160940 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.723406076 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.723421097 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.723467112 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.723476887 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.723500013 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.723526001 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.796829939 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.796849012 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.796972036 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.796984911 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.797039032 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.797072887 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.797111034 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.797139883 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.797146082 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.797159910 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.797687054 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.797702074 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.797759056 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.797768116 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.798198938 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.798226118 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.798254013 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.798264980 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.798294067 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.804152966 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.804178953 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.804207087 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.804214954 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.804233074 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.804663897 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.804677963 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.804738045 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.804748058 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.805160999 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.805174112 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.805227041 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.805236101 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.805449963 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.805463076 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.805516958 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.805526972 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.854152918 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.885390043 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.885407925 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.885514021 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.885520935 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.885545969 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.885560036 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.885566950 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.885577917 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.885611057 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.885634899 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.886070013 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.886084080 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.886158943 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.886167049 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.886215925 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.886636972 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.886656046 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.886708021 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.886715889 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.886759043 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.892498970 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.892514944 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.892575979 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.892581940 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.892628908 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.893023968 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.893038988 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.893084049 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.893093109 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.893104076 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.893135071 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.893440008 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.893452883 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.893511057 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.893517971 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.893558979 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.893958092 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.893974066 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.894031048 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.894037962 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.894081116 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.973777056 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.973798990 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.974001884 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.974014044 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.974025965 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.974045038 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.974061012 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.974071026 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.974111080 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.974144936 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.974381924 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.974395990 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.974447012 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.974453926 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.974489927 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.974514008 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.975059986 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.975075960 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.975133896 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.975142002 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.975182056 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.980798960 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.980813980 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.980875015 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.980884075 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.980923891 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.981367111 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.981391907 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.981424093 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.981431007 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.981472015 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.981491089 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.982028961 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.982043028 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.982098103 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.982105017 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.982147932 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.982333899 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.982348919 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.982403040 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:37.982410908 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:37.982454062 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:38.061952114 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:38.061970949 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:38.062072992 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:38.062084913 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:38.062134027 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:38.062340021 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:38.062355042 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:38.062407970 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:38.062414885 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:38.062453032 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:38.063057899 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:38.063075066 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:38.063148022 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:38.063154936 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:38.063203096 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:38.063632965 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:38.063651085 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:38.063708067 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:38.063716888 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:38.063760042 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:38.069381952 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:38.069400072 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:38.069447994 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:38.069457054 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:38.069511890 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:38.069659948 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:38.069726944 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:38.069741964 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:38.069801092 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:38.069807053 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:38.069847107 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:38.070360899 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:38.070384979 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:38.070420980 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:38.070426941 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:38.070457935 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:38.070477009 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:38.070894003 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:38.070909977 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:38.070974112 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:38.070985079 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:38.071022987 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:38.150298119 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:38.150315046 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:38.150388002 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:38.150410891 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:38.150455952 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:38.150513887 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:38.150567055 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:38.150573015 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:38.150594950 CET | 443 | 49731 | 185.199.110.133 | 192.168.2.4 |
Dec 30, 2024 11:59:38.150654078 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:38.151068926 CET | 49731 | 443 | 192.168.2.4 | 185.199.110.133 |
Dec 30, 2024 11:59:38.546778917 CET | 49732 | 443 | 192.168.2.4 | 104.21.18.19 |
Dec 30, 2024 11:59:38.546837091 CET | 443 | 49732 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 11:59:38.546901941 CET | 49732 | 443 | 192.168.2.4 | 104.21.18.19 |
Dec 30, 2024 11:59:38.576123953 CET | 49732 | 443 | 192.168.2.4 | 104.21.18.19 |
Dec 30, 2024 11:59:38.576163054 CET | 443 | 49732 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 11:59:39.044251919 CET | 443 | 49732 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 11:59:39.044317007 CET | 49732 | 443 | 192.168.2.4 | 104.21.18.19 |
Dec 30, 2024 11:59:39.046643972 CET | 49732 | 443 | 192.168.2.4 | 104.21.18.19 |
Dec 30, 2024 11:59:39.046654940 CET | 443 | 49732 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 11:59:39.046895027 CET | 443 | 49732 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 11:59:39.088397026 CET | 49732 | 443 | 192.168.2.4 | 104.21.18.19 |
Dec 30, 2024 11:59:39.104443073 CET | 49732 | 443 | 192.168.2.4 | 104.21.18.19 |
Dec 30, 2024 11:59:39.104473114 CET | 49732 | 443 | 192.168.2.4 | 104.21.18.19 |
Dec 30, 2024 11:59:39.104533911 CET | 443 | 49732 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 11:59:39.509236097 CET | 443 | 49732 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 11:59:39.509347916 CET | 443 | 49732 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 11:59:39.509474993 CET | 49732 | 443 | 192.168.2.4 | 104.21.18.19 |
Dec 30, 2024 11:59:39.511408091 CET | 49732 | 443 | 192.168.2.4 | 104.21.18.19 |
Dec 30, 2024 11:59:39.511429071 CET | 443 | 49732 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 11:59:39.511442900 CET | 49732 | 443 | 192.168.2.4 | 104.21.18.19 |
Dec 30, 2024 11:59:39.511452913 CET | 443 | 49732 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 11:59:39.519629955 CET | 49733 | 443 | 192.168.2.4 | 104.21.18.19 |
Dec 30, 2024 11:59:39.519686937 CET | 443 | 49733 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 11:59:39.519757986 CET | 49733 | 443 | 192.168.2.4 | 104.21.18.19 |
Dec 30, 2024 11:59:39.520114899 CET | 49733 | 443 | 192.168.2.4 | 104.21.18.19 |
Dec 30, 2024 11:59:39.520131111 CET | 443 | 49733 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 11:59:39.955893993 CET | 443 | 49733 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 11:59:39.955987930 CET | 49733 | 443 | 192.168.2.4 | 104.21.18.19 |
Dec 30, 2024 11:59:39.957762957 CET | 49733 | 443 | 192.168.2.4 | 104.21.18.19 |
Dec 30, 2024 11:59:39.957773924 CET | 443 | 49733 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 11:59:39.958015919 CET | 443 | 49733 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 11:59:39.959794998 CET | 49733 | 443 | 192.168.2.4 | 104.21.18.19 |
Dec 30, 2024 11:59:39.959878922 CET | 49733 | 443 | 192.168.2.4 | 104.21.18.19 |
Dec 30, 2024 11:59:39.959897995 CET | 443 | 49733 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 11:59:40.414241076 CET | 443 | 49733 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 11:59:40.414300919 CET | 443 | 49733 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 11:59:40.414335966 CET | 443 | 49733 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 11:59:40.414367914 CET | 443 | 49733 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 11:59:40.414405107 CET | 443 | 49733 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 11:59:40.414422989 CET | 49733 | 443 | 192.168.2.4 | 104.21.18.19 |
Dec 30, 2024 11:59:40.414436102 CET | 443 | 49733 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 11:59:40.414448977 CET | 443 | 49733 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 11:59:40.414484978 CET | 49733 | 443 | 192.168.2.4 | 104.21.18.19 |
Dec 30, 2024 11:59:40.414504051 CET | 443 | 49733 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 11:59:40.414640903 CET | 49733 | 443 | 192.168.2.4 | 104.21.18.19 |
Dec 30, 2024 11:59:40.414717913 CET | 443 | 49733 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 11:59:40.419006109 CET | 443 | 49733 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 11:59:40.419055939 CET | 49733 | 443 | 192.168.2.4 | 104.21.18.19 |
Dec 30, 2024 11:59:40.419066906 CET | 443 | 49733 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 11:59:40.419106007 CET | 443 | 49733 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 11:59:40.419171095 CET | 49733 | 443 | 192.168.2.4 | 104.21.18.19 |
Dec 30, 2024 11:59:40.419179916 CET | 443 | 49733 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 11:59:40.463392973 CET | 49733 | 443 | 192.168.2.4 | 104.21.18.19 |
Dec 30, 2024 11:59:40.496398926 CET | 443 | 49733 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 11:59:40.496468067 CET | 443 | 49733 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 11:59:40.496498108 CET | 443 | 49733 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 11:59:40.496524096 CET | 49733 | 443 | 192.168.2.4 | 104.21.18.19 |
Dec 30, 2024 11:59:40.496536970 CET | 443 | 49733 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 11:59:40.496783018 CET | 49733 | 443 | 192.168.2.4 | 104.21.18.19 |
Dec 30, 2024 11:59:40.497013092 CET | 443 | 49733 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 11:59:40.497092962 CET | 443 | 49733 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 11:59:40.497148037 CET | 49733 | 443 | 192.168.2.4 | 104.21.18.19 |
Dec 30, 2024 11:59:40.497193098 CET | 49733 | 443 | 192.168.2.4 | 104.21.18.19 |
Dec 30, 2024 11:59:40.497205973 CET | 443 | 49733 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 11:59:40.497322083 CET | 49733 | 443 | 192.168.2.4 | 104.21.18.19 |
Dec 30, 2024 11:59:40.497329950 CET | 443 | 49733 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 11:59:40.924618959 CET | 49735 | 443 | 192.168.2.4 | 104.21.18.19 |
Dec 30, 2024 11:59:40.924674034 CET | 443 | 49735 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 11:59:40.925343990 CET | 49735 | 443 | 192.168.2.4 | 104.21.18.19 |
Dec 30, 2024 11:59:40.925801992 CET | 49735 | 443 | 192.168.2.4 | 104.21.18.19 |
Dec 30, 2024 11:59:40.925825119 CET | 443 | 49735 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 11:59:41.382616997 CET | 443 | 49735 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 11:59:41.382704973 CET | 49735 | 443 | 192.168.2.4 | 104.21.18.19 |
Dec 30, 2024 11:59:41.384222984 CET | 49735 | 443 | 192.168.2.4 | 104.21.18.19 |
Dec 30, 2024 11:59:41.384232998 CET | 443 | 49735 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 11:59:41.384565115 CET | 443 | 49735 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 11:59:41.386311054 CET | 49735 | 443 | 192.168.2.4 | 104.21.18.19 |
Dec 30, 2024 11:59:41.386460066 CET | 49735 | 443 | 192.168.2.4 | 104.21.18.19 |
Dec 30, 2024 11:59:41.386501074 CET | 443 | 49735 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 11:59:41.386805058 CET | 49735 | 443 | 192.168.2.4 | 104.21.18.19 |
Dec 30, 2024 11:59:41.386814117 CET | 443 | 49735 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 11:59:41.943303108 CET | 443 | 49735 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 11:59:41.943417072 CET | 443 | 49735 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 11:59:41.943485022 CET | 49735 | 443 | 192.168.2.4 | 104.21.18.19 |
Dec 30, 2024 11:59:41.943553925 CET | 49735 | 443 | 192.168.2.4 | 104.21.18.19 |
Dec 30, 2024 11:59:41.943573952 CET | 443 | 49735 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 11:59:42.055243969 CET | 49739 | 443 | 192.168.2.4 | 104.21.18.19 |
Dec 30, 2024 11:59:42.055273056 CET | 443 | 49739 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 11:59:42.055488110 CET | 49739 | 443 | 192.168.2.4 | 104.21.18.19 |
Dec 30, 2024 11:59:42.056005001 CET | 49739 | 443 | 192.168.2.4 | 104.21.18.19 |
Dec 30, 2024 11:59:42.056020975 CET | 443 | 49739 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 11:59:42.507550955 CET | 443 | 49739 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 11:59:42.507622957 CET | 49739 | 443 | 192.168.2.4 | 104.21.18.19 |
Dec 30, 2024 11:59:42.509253979 CET | 49739 | 443 | 192.168.2.4 | 104.21.18.19 |
Dec 30, 2024 11:59:42.509265900 CET | 443 | 49739 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 11:59:42.509500980 CET | 443 | 49739 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 11:59:42.519104958 CET | 49739 | 443 | 192.168.2.4 | 104.21.18.19 |
Dec 30, 2024 11:59:42.519227982 CET | 49739 | 443 | 192.168.2.4 | 104.21.18.19 |
Dec 30, 2024 11:59:42.519256115 CET | 443 | 49739 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 11:59:42.995590925 CET | 443 | 49739 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 11:59:42.995712042 CET | 443 | 49739 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 11:59:42.995796919 CET | 49739 | 443 | 192.168.2.4 | 104.21.18.19 |
Dec 30, 2024 11:59:42.996476889 CET | 49739 | 443 | 192.168.2.4 | 104.21.18.19 |
Dec 30, 2024 11:59:42.996498108 CET | 443 | 49739 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 11:59:43.302922010 CET | 49741 | 443 | 192.168.2.4 | 104.21.18.19 |
Dec 30, 2024 11:59:43.302949905 CET | 443 | 49741 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 11:59:43.303123951 CET | 49741 | 443 | 192.168.2.4 | 104.21.18.19 |
Dec 30, 2024 11:59:43.303494930 CET | 49741 | 443 | 192.168.2.4 | 104.21.18.19 |
Dec 30, 2024 11:59:43.303507090 CET | 443 | 49741 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 11:59:43.769462109 CET | 443 | 49741 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 11:59:43.769545078 CET | 49741 | 443 | 192.168.2.4 | 104.21.18.19 |
Dec 30, 2024 11:59:43.771418095 CET | 49741 | 443 | 192.168.2.4 | 104.21.18.19 |
Dec 30, 2024 11:59:43.771429062 CET | 443 | 49741 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 11:59:43.771675110 CET | 443 | 49741 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 11:59:43.772766113 CET | 49741 | 443 | 192.168.2.4 | 104.21.18.19 |
Dec 30, 2024 11:59:43.772984982 CET | 49741 | 443 | 192.168.2.4 | 104.21.18.19 |
Dec 30, 2024 11:59:43.773020983 CET | 443 | 49741 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 11:59:43.773143053 CET | 49741 | 443 | 192.168.2.4 | 104.21.18.19 |
Dec 30, 2024 11:59:43.773143053 CET | 49741 | 443 | 192.168.2.4 | 104.21.18.19 |
Dec 30, 2024 11:59:43.773153067 CET | 443 | 49741 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 11:59:43.819331884 CET | 443 | 49741 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 11:59:44.403143883 CET | 443 | 49741 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 11:59:44.403239965 CET | 443 | 49741 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 11:59:44.403346062 CET | 49741 | 443 | 192.168.2.4 | 104.21.18.19 |
Dec 30, 2024 11:59:44.403465033 CET | 49741 | 443 | 192.168.2.4 | 104.21.18.19 |
Dec 30, 2024 11:59:44.403480053 CET | 443 | 49741 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 11:59:44.876211882 CET | 49743 | 443 | 192.168.2.4 | 104.21.18.19 |
Dec 30, 2024 11:59:44.876240015 CET | 443 | 49743 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 11:59:44.876401901 CET | 49743 | 443 | 192.168.2.4 | 104.21.18.19 |
Dec 30, 2024 11:59:44.876727104 CET | 49743 | 443 | 192.168.2.4 | 104.21.18.19 |
Dec 30, 2024 11:59:44.876741886 CET | 443 | 49743 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 11:59:45.317574024 CET | 443 | 49743 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 11:59:45.317754030 CET | 49743 | 443 | 192.168.2.4 | 104.21.18.19 |
Dec 30, 2024 11:59:45.318986893 CET | 49743 | 443 | 192.168.2.4 | 104.21.18.19 |
Dec 30, 2024 11:59:45.318995953 CET | 443 | 49743 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 11:59:45.319238901 CET | 443 | 49743 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 11:59:45.330440998 CET | 49743 | 443 | 192.168.2.4 | 104.21.18.19 |
Dec 30, 2024 11:59:45.330530882 CET | 49743 | 443 | 192.168.2.4 | 104.21.18.19 |
Dec 30, 2024 11:59:45.330538034 CET | 443 | 49743 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 11:59:56.966914892 CET | 443 | 49743 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 11:59:56.967070103 CET | 443 | 49743 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 11:59:56.967205048 CET | 49743 | 443 | 192.168.2.4 | 104.21.18.19 |
Dec 30, 2024 11:59:56.967334986 CET | 49743 | 443 | 192.168.2.4 | 104.21.18.19 |
Dec 30, 2024 11:59:56.967361927 CET | 443 | 49743 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 11:59:57.411206961 CET | 49744 | 443 | 192.168.2.4 | 104.21.18.19 |
Dec 30, 2024 11:59:57.411273956 CET | 443 | 49744 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 11:59:57.411358118 CET | 49744 | 443 | 192.168.2.4 | 104.21.18.19 |
Dec 30, 2024 11:59:57.411823034 CET | 49744 | 443 | 192.168.2.4 | 104.21.18.19 |
Dec 30, 2024 11:59:57.411858082 CET | 443 | 49744 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 11:59:57.871356964 CET | 443 | 49744 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 11:59:57.871611118 CET | 49744 | 443 | 192.168.2.4 | 104.21.18.19 |
Dec 30, 2024 11:59:57.902256966 CET | 49744 | 443 | 192.168.2.4 | 104.21.18.19 |
Dec 30, 2024 11:59:57.902302980 CET | 443 | 49744 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 11:59:57.902615070 CET | 443 | 49744 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 11:59:57.916203976 CET | 49744 | 443 | 192.168.2.4 | 104.21.18.19 |
Dec 30, 2024 11:59:57.922096014 CET | 49744 | 443 | 192.168.2.4 | 104.21.18.19 |
Dec 30, 2024 11:59:57.922156096 CET | 443 | 49744 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 11:59:57.922287941 CET | 49744 | 443 | 192.168.2.4 | 104.21.18.19 |
Dec 30, 2024 11:59:57.922338009 CET | 443 | 49744 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 11:59:57.922471046 CET | 49744 | 443 | 192.168.2.4 | 104.21.18.19 |
Dec 30, 2024 11:59:57.922509909 CET | 443 | 49744 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 11:59:57.922667027 CET | 49744 | 443 | 192.168.2.4 | 104.21.18.19 |
Dec 30, 2024 11:59:57.922718048 CET | 443 | 49744 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 11:59:57.922924995 CET | 49744 | 443 | 192.168.2.4 | 104.21.18.19 |
Dec 30, 2024 11:59:57.922970057 CET | 443 | 49744 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 11:59:57.923121929 CET | 49744 | 443 | 192.168.2.4 | 104.21.18.19 |
Dec 30, 2024 11:59:57.923163891 CET | 443 | 49744 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 11:59:57.923186064 CET | 49744 | 443 | 192.168.2.4 | 104.21.18.19 |
Dec 30, 2024 11:59:57.923202038 CET | 443 | 49744 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 11:59:57.923289061 CET | 49744 | 443 | 192.168.2.4 | 104.21.18.19 |
Dec 30, 2024 11:59:57.923326015 CET | 443 | 49744 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 11:59:57.923367023 CET | 49744 | 443 | 192.168.2.4 | 104.21.18.19 |
Dec 30, 2024 11:59:57.923451900 CET | 49744 | 443 | 192.168.2.4 | 104.21.18.19 |
Dec 30, 2024 11:59:57.923512936 CET | 49744 | 443 | 192.168.2.4 | 104.21.18.19 |
Dec 30, 2024 11:59:57.932456017 CET | 443 | 49744 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 11:59:57.932642937 CET | 49744 | 443 | 192.168.2.4 | 104.21.18.19 |
Dec 30, 2024 11:59:57.932698011 CET | 443 | 49744 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 11:59:57.932732105 CET | 49744 | 443 | 192.168.2.4 | 104.21.18.19 |
Dec 30, 2024 11:59:57.932795048 CET | 443 | 49744 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 11:59:57.932833910 CET | 49744 | 443 | 192.168.2.4 | 104.21.18.19 |
Dec 30, 2024 11:59:57.937259912 CET | 443 | 49744 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 11:59:59.509438038 CET | 443 | 49744 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 11:59:59.509547949 CET | 443 | 49744 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 11:59:59.509624004 CET | 49744 | 443 | 192.168.2.4 | 104.21.18.19 |
Dec 30, 2024 11:59:59.509910107 CET | 49744 | 443 | 192.168.2.4 | 104.21.18.19 |
Dec 30, 2024 11:59:59.509927034 CET | 443 | 49744 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 11:59:59.520682096 CET | 49745 | 443 | 192.168.2.4 | 104.21.18.19 |
Dec 30, 2024 11:59:59.520704985 CET | 443 | 49745 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 11:59:59.520807981 CET | 49745 | 443 | 192.168.2.4 | 104.21.18.19 |
Dec 30, 2024 11:59:59.521136999 CET | 49745 | 443 | 192.168.2.4 | 104.21.18.19 |
Dec 30, 2024 11:59:59.521153927 CET | 443 | 49745 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 11:59:59.960968018 CET | 443 | 49745 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 11:59:59.961086035 CET | 49745 | 443 | 192.168.2.4 | 104.21.18.19 |
Dec 30, 2024 11:59:59.965480089 CET | 49745 | 443 | 192.168.2.4 | 104.21.18.19 |
Dec 30, 2024 11:59:59.965491056 CET | 443 | 49745 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 11:59:59.965748072 CET | 443 | 49745 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 11:59:59.969655037 CET | 49745 | 443 | 192.168.2.4 | 104.21.18.19 |
Dec 30, 2024 11:59:59.969671965 CET | 49745 | 443 | 192.168.2.4 | 104.21.18.19 |
Dec 30, 2024 11:59:59.969732046 CET | 443 | 49745 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 12:00:00.427232981 CET | 443 | 49745 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 12:00:00.427361012 CET | 443 | 49745 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 12:00:00.427426100 CET | 49745 | 443 | 192.168.2.4 | 104.21.18.19 |
Dec 30, 2024 12:00:00.427592993 CET | 49745 | 443 | 192.168.2.4 | 104.21.18.19 |
Dec 30, 2024 12:00:00.427606106 CET | 443 | 49745 | 104.21.18.19 | 192.168.2.4 |
Dec 30, 2024 12:00:00.427618980 CET | 49745 | 443 | 192.168.2.4 | 104.21.18.19 |
Dec 30, 2024 12:00:00.427623987 CET | 443 | 49745 | 104.21.18.19 | 192.168.2.4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Dec 30, 2024 11:59:35.209794044 CET | 59708 | 53 | 192.168.2.4 | 1.1.1.1 |
Dec 30, 2024 11:59:35.216619015 CET | 53 | 59708 | 1.1.1.1 | 192.168.2.4 |
Dec 30, 2024 11:59:36.394910097 CET | 62439 | 53 | 192.168.2.4 | 1.1.1.1 |
Dec 30, 2024 11:59:36.401918888 CET | 53 | 62439 | 1.1.1.1 | 192.168.2.4 |
Dec 30, 2024 11:59:38.527523041 CET | 63504 | 53 | 192.168.2.4 | 1.1.1.1 |
Dec 30, 2024 11:59:38.540111065 CET | 53 | 63504 | 1.1.1.1 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Dec 30, 2024 11:59:35.209794044 CET | 192.168.2.4 | 1.1.1.1 | 0xcaf4 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Dec 30, 2024 11:59:36.394910097 CET | 192.168.2.4 | 1.1.1.1 | 0x7994 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Dec 30, 2024 11:59:38.527523041 CET | 192.168.2.4 | 1.1.1.1 | 0x99f5 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Dec 30, 2024 11:59:35.216619015 CET | 1.1.1.1 | 192.168.2.4 | 0xcaf4 | No error (0) | 140.82.121.4 | A (IP address) | IN (0x0001) | false | ||
Dec 30, 2024 11:59:36.401918888 CET | 1.1.1.1 | 192.168.2.4 | 0x7994 | No error (0) | 185.199.110.133 | A (IP address) | IN (0x0001) | false | ||
Dec 30, 2024 11:59:36.401918888 CET | 1.1.1.1 | 192.168.2.4 | 0x7994 | No error (0) | 185.199.109.133 | A (IP address) | IN (0x0001) | false | ||
Dec 30, 2024 11:59:36.401918888 CET | 1.1.1.1 | 192.168.2.4 | 0x7994 | No error (0) | 185.199.108.133 | A (IP address) | IN (0x0001) | false | ||
Dec 30, 2024 11:59:36.401918888 CET | 1.1.1.1 | 192.168.2.4 | 0x7994 | No error (0) | 185.199.111.133 | A (IP address) | IN (0x0001) | false | ||
Dec 30, 2024 11:59:38.540111065 CET | 1.1.1.1 | 192.168.2.4 | 0x99f5 | No error (0) | 104.21.18.19 | A (IP address) | IN (0x0001) | false | ||
Dec 30, 2024 11:59:38.540111065 CET | 1.1.1.1 | 192.168.2.4 | 0x99f5 | No error (0) | 172.67.179.160 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49730 | 140.82.121.4 | 443 | 7340 | C:\Users\user\Desktop\eXbhgU9.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-12-30 10:59:35 UTC | 116 | OUT | |
2024-12-30 10:59:36 UTC | 567 | IN | |
2024-12-30 10:59:36 UTC | 3383 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.4 | 49731 | 185.199.110.133 | 443 | 7340 | C:\Users\user\Desktop\eXbhgU9.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-12-30 10:59:36 UTC | 127 | OUT | |
2024-12-30 10:59:37 UTC | 903 | IN | |
2024-12-30 10:59:37 UTC | 1378 | IN | |
2024-12-30 10:59:37 UTC | 1378 | IN | |
2024-12-30 10:59:37 UTC | 1378 | IN | |
2024-12-30 10:59:37 UTC | 1378 | IN | |
2024-12-30 10:59:37 UTC | 1378 | IN | |
2024-12-30 10:59:37 UTC | 1378 | IN | |
2024-12-30 10:59:37 UTC | 1378 | IN | |
2024-12-30 10:59:37 UTC | 1378 | IN | |
2024-12-30 10:59:37 UTC | 1378 | IN | |
2024-12-30 10:59:37 UTC | 1378 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.4 | 49732 | 104.21.18.19 | 443 | 7940 | C:\FkSpRTrp\jyidkjkfhjawd.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-12-30 10:59:39 UTC | 263 | OUT | |
2024-12-30 10:59:39 UTC | 8 | OUT | |
2024-12-30 10:59:39 UTC | 1117 | IN | |
2024-12-30 10:59:39 UTC | 7 | IN | |
2024-12-30 10:59:39 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.4 | 49733 | 104.21.18.19 | 443 | 7940 | C:\FkSpRTrp\jyidkjkfhjawd.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-12-30 10:59:39 UTC | 264 | OUT | |
2024-12-30 10:59:39 UTC | 42 | OUT | |
2024-12-30 10:59:40 UTC | 1123 | IN | |
2024-12-30 10:59:40 UTC | 246 | IN | |
2024-12-30 10:59:40 UTC | 1369 | IN | |
2024-12-30 10:59:40 UTC | 1369 | IN | |
2024-12-30 10:59:40 UTC | 1369 | IN | |
2024-12-30 10:59:40 UTC | 1369 | IN | |
2024-12-30 10:59:40 UTC | 1369 | IN | |
2024-12-30 10:59:40 UTC | 255 | IN | |
2024-12-30 10:59:40 UTC | 1369 | IN | |
2024-12-30 10:59:40 UTC | 1369 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.4 | 49735 | 104.21.18.19 | 443 | 7940 | C:\FkSpRTrp\jyidkjkfhjawd.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-12-30 10:59:41 UTC | 276 | OUT | |
2024-12-30 10:59:41 UTC | 15331 | OUT | |
2024-12-30 10:59:41 UTC | 2791 | OUT | |
2024-12-30 10:59:41 UTC | 1129 | IN | |
2024-12-30 10:59:41 UTC | 20 | IN | |
2024-12-30 10:59:41 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.4 | 49739 | 104.21.18.19 | 443 | 7940 | C:\FkSpRTrp\jyidkjkfhjawd.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-12-30 10:59:42 UTC | 278 | OUT | |
2024-12-30 10:59:42 UTC | 8761 | OUT | |
2024-12-30 10:59:42 UTC | 1127 | IN | |
2024-12-30 10:59:42 UTC | 20 | IN | |
2024-12-30 10:59:42 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.4 | 49741 | 104.21.18.19 | 443 | 7940 | C:\FkSpRTrp\jyidkjkfhjawd.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-12-30 10:59:43 UTC | 274 | OUT | |
2024-12-30 10:59:43 UTC | 15331 | OUT | |
2024-12-30 10:59:43 UTC | 5053 | OUT | |
2024-12-30 10:59:44 UTC | 1125 | IN | |
2024-12-30 10:59:44 UTC | 20 | IN | |
2024-12-30 10:59:44 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
7 | 192.168.2.4 | 49743 | 104.21.18.19 | 443 | 7940 | C:\FkSpRTrp\jyidkjkfhjawd.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-12-30 10:59:45 UTC | 276 | OUT | |
2024-12-30 10:59:45 UTC | 1239 | OUT | |
2024-12-30 10:59:56 UTC | 1130 | IN | |
2024-12-30 10:59:56 UTC | 20 | IN | |
2024-12-30 10:59:56 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
8 | 192.168.2.4 | 49744 | 104.21.18.19 | 443 | 7940 | C:\FkSpRTrp\jyidkjkfhjawd.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-12-30 10:59:57 UTC | 277 | OUT | |
2024-12-30 10:59:57 UTC | 15331 | OUT | |
2024-12-30 10:59:57 UTC | 15331 | OUT | |
2024-12-30 10:59:57 UTC | 15331 | OUT | |
2024-12-30 10:59:57 UTC | 15331 | OUT | |
2024-12-30 10:59:57 UTC | 15331 | OUT | |
2024-12-30 10:59:57 UTC | 15331 | OUT | |
2024-12-30 10:59:57 UTC | 15331 | OUT | |
2024-12-30 10:59:57 UTC | 15331 | OUT | |
2024-12-30 10:59:57 UTC | 15331 | OUT | |
2024-12-30 10:59:57 UTC | 15331 | OUT | |
2024-12-30 10:59:59 UTC | 1139 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
9 | 192.168.2.4 | 49745 | 104.21.18.19 | 443 | 7940 | C:\FkSpRTrp\jyidkjkfhjawd.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-12-30 10:59:59 UTC | 264 | OUT | |
2024-12-30 10:59:59 UTC | 77 | OUT | |
2024-12-30 11:00:00 UTC | 1119 | IN | |
2024-12-30 11:00:00 UTC | 54 | IN | |
2024-12-30 11:00:00 UTC | 5 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 05:59:22 |
Start date: | 30/12/2024 |
Path: | C:\Users\user\Desktop\eXbhgU9.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x3b0000 |
File size: | 15'360 bytes |
MD5 hash: | 9BE5AC720DCF1838FD5A2D7352672F66 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 1 |
Start time: | 05:59:22 |
Start date: | 30/12/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7699e0000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 2 |
Start time: | 05:59:24 |
Start date: | 30/12/2024 |
Path: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x510000 |
File size: | 433'152 bytes |
MD5 hash: | C32CA4ACFCC635EC1EA6ED8A34DF5FAC |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 3 |
Start time: | 05:59:24 |
Start date: | 30/12/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7699e0000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 5 |
Start time: | 05:59:27 |
Start date: | 30/12/2024 |
Path: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x510000 |
File size: | 433'152 bytes |
MD5 hash: | C32CA4ACFCC635EC1EA6ED8A34DF5FAC |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 6 |
Start time: | 05:59:27 |
Start date: | 30/12/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7699e0000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 7 |
Start time: | 05:59:37 |
Start date: | 30/12/2024 |
Path: | C:\FkSpRTrp\jyidkjkfhjawd.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xab0000 |
File size: | 1'282'048 bytes |
MD5 hash: | 1B40450E11F71DA7D6F3D9C025C078E0 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Borland Delphi |
Yara matches: |
|
Antivirus matches: |
|
Reputation: | low |
Has exited: | true |
Execution Graph
Execution Coverage: | 17.5% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 0% |
Total number of Nodes: | 6 |
Total number of Limit Nodes: | 0 |
Graph
Function 00BE0F40 Relevance: 1.8, Strings: 1, Instructions: 579COMMON
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BE0F30 Relevance: .3, Instructions: 283COMMON
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BE2A81 Relevance: .1, Instructions: 129COMMON
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BE3078 Relevance: .1, Instructions: 125COMMON
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BE04D4 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BE0B7A Relevance: 1.6, APIs: 1, Instructions: 61COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B8D006 Relevance: .1, Instructions: 89COMMON
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B8D674 Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B8D66F Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B8D059 Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Execution Graph
Execution Coverage: | 6.7% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 0% |
Total number of Nodes: | 3 |
Total number of Limit Nodes: | 0 |
Graph
Function 0444B490 Relevance: 2.8, Strings: 2, Instructions: 252COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06E33CE8 Relevance: 5.6, Strings: 4, Instructions: 586COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 08126578 Relevance: 1.6, APIs: 1, Instructions: 50threadCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 08126580 Relevance: 1.5, APIs: 1, Instructions: 48threadCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 04446FE0 Relevance: 1.4, Strings: 1, Instructions: 114COMMON
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0444E610 Relevance: 1.4, Strings: 1, Instructions: 100COMMON
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0444E640 Relevance: 1.3, Strings: 1, Instructions: 83COMMON
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0444AF98 Relevance: 1.3, Strings: 1, Instructions: 82COMMON
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0444D270 Relevance: 1.3, Strings: 1, Instructions: 75COMMON
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0444D280 Relevance: 1.3, Strings: 1, Instructions: 69COMMON
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 044490CE Relevance: 1.3, Strings: 1, Instructions: 36COMMON
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0444DC88 Relevance: 1.3, Strings: 1, Instructions: 29COMMON
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0444DC98 Relevance: 1.3, Strings: 1, Instructions: 23COMMON
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 044429F0 Relevance: .2, Instructions: 209COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06E328E8 Relevance: .2, Instructions: 159COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 04447740 Relevance: .2, Instructions: 156COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0444BAC0 Relevance: .2, Instructions: 155COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06E3271F Relevance: .2, Instructions: 153COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0444BAB0 Relevance: .1, Instructions: 149COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0444E391 Relevance: .1, Instructions: 148COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0444E3A0 Relevance: .1, Instructions: 130COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0444E0E8 Relevance: .1, Instructions: 129COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06E33CCD Relevance: .1, Instructions: 122COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0444E100 Relevance: .1, Instructions: 120COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 04442B00 Relevance: .1, Instructions: 108COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0444C388 Relevance: .1, Instructions: 101COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 04446FD1 Relevance: .1, Instructions: 99COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0444AE60 Relevance: .1, Instructions: 87COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0444AE70 Relevance: .1, Instructions: 84COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0444AD28 Relevance: .1, Instructions: 82COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0444DFC0 Relevance: .1, Instructions: 81COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 044493F0 Relevance: .1, Instructions: 77COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0444AD38 Relevance: .1, Instructions: 77COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0444DFD0 Relevance: .1, Instructions: 77COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 026FF3D8 Relevance: .1, Instructions: 76COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 04442C85 Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 026FF02C Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 04449400 Relevance: .1, Instructions: 69COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0444767C Relevance: .1, Instructions: 62COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06E328E1 Relevance: .1, Instructions: 60COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 026FF3D3 Relevance: .1, Instructions: 57COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 044479C2 Relevance: .1, Instructions: 55COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 026FF027 Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0444C343 Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0444F340 Relevance: .1, Instructions: 51COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0444BCE0 Relevance: .0, Instructions: 50COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0444E540 Relevance: .0, Instructions: 48COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0444DE98 Relevance: .0, Instructions: 48COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 026FD006 Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 026FD01D Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 04447958 Relevance: .0, Instructions: 44COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0444DCD9 Relevance: .0, Instructions: 43COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0444BF10 Relevance: .0, Instructions: 43COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0444C4C0 Relevance: .0, Instructions: 38COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 026FD9A7 Relevance: .0, Instructions: 37COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0444CB52 Relevance: .0, Instructions: 37COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 026FD998 Relevance: .0, Instructions: 33COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0444F3D0 Relevance: .0, Instructions: 33COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 04447968 Relevance: .0, Instructions: 33COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0444C4D0 Relevance: .0, Instructions: 32COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0444DE38 Relevance: .0, Instructions: 32COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 04447697 Relevance: .0, Instructions: 31COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 044490E8 Relevance: .0, Instructions: 31COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 04449158 Relevance: .0, Instructions: 30COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0444DE48 Relevance: .0, Instructions: 30COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0444CB68 Relevance: .0, Instructions: 27COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 04449542 Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 04449168 Relevance: .0, Instructions: 25COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0444F868 Relevance: .0, Instructions: 25COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0444896A Relevance: .0, Instructions: 25COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 04448978 Relevance: .0, Instructions: 24COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 04449550 Relevance: .0, Instructions: 23COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0444DCE8 Relevance: .0, Instructions: 23COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0444AF88 Relevance: .0, Instructions: 23COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 04448739 Relevance: .0, Instructions: 21COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0444C580 Relevance: .0, Instructions: 20COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0444C590 Relevance: .0, Instructions: 18COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 04448800 Relevance: .0, Instructions: 18COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0444F878 Relevance: .0, Instructions: 16COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 04447932 Relevance: .0, Instructions: 16COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 04448748 Relevance: .0, Instructions: 15COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 04448810 Relevance: .0, Instructions: 15COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 04447EA0 Relevance: .0, Instructions: 13COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 04447940 Relevance: .0, Instructions: 8COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06E33928 Relevance: 12.8, Strings: 10, Instructions: 331COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06E32AD8 Relevance: 12.8, Strings: 10, Instructions: 275COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06E30FB8 Relevance: 11.4, Strings: 9, Instructions: 184COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06E32308 Relevance: 10.3, Strings: 8, Instructions: 313COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06E33678 Relevance: 8.9, Strings: 7, Instructions: 189COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06E33110 Relevance: 6.6, Strings: 5, Instructions: 366COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06E35BF8 Relevance: 5.3, Strings: 4, Instructions: 294COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06E31D80 Relevance: 5.2, Strings: 4, Instructions: 250COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 04447A21 Relevance: 5.2, Strings: 4, Instructions: 244COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 04447A30 Relevance: 5.2, Strings: 4, Instructions: 234COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06E35798 Relevance: 5.1, Strings: 4, Instructions: 94COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06E30309 Relevance: 5.1, Strings: 4, Instructions: 61COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0336B490 Relevance: 2.8, Strings: 2, Instructions: 252COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 03366FE0 Relevance: 1.4, Strings: 1, Instructions: 114COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0336AF98 Relevance: 1.3, Strings: 1, Instructions: 81COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0336DC88 Relevance: 1.3, Strings: 1, Instructions: 40COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0336DC98 Relevance: 1.3, Strings: 1, Instructions: 23COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 07872700 Relevance: .3, Instructions: 329COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 033629F0 Relevance: .2, Instructions: 210COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 03367740 Relevance: .2, Instructions: 156COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0336BAC0 Relevance: .2, Instructions: 155COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0336BAB0 Relevance: .2, Instructions: 150COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 07873DAF Relevance: .1, Instructions: 109COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 03362B00 Relevance: .1, Instructions: 109COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 03366FB0 Relevance: .1, Instructions: 108COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0336C388 Relevance: .1, Instructions: 101COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 03362C5C Relevance: .1, Instructions: 92COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0336AE60 Relevance: .1, Instructions: 90COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0336AE70 Relevance: .1, Instructions: 84COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 078726F7 Relevance: .1, Instructions: 83COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0336AD28 Relevance: .1, Instructions: 82COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 033693F0 Relevance: .1, Instructions: 77COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0336AD38 Relevance: .1, Instructions: 77COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0314F3D8 Relevance: .1, Instructions: 76COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0314F02C Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 03369400 Relevance: .1, Instructions: 69COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0336767C Relevance: .1, Instructions: 62COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0314F3D3 Relevance: .1, Instructions: 57COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0336DCD9 Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0314F027 Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0336BCE0 Relevance: .1, Instructions: 51COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0336E100 Relevance: .0, Instructions: 48COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0314D006 Relevance: .0, Instructions: 47COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0336BF10 Relevance: .0, Instructions: 46COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0314D01D Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 03367958 Relevance: .0, Instructions: 42COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 033690CF Relevance: .0, Instructions: 41COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0314D8D3 Relevance: .0, Instructions: 37COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0336DE38 Relevance: .0, Instructions: 34COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 03367968 Relevance: .0, Instructions: 33COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0314D8C4 Relevance: .0, Instructions: 33COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 033690E8 Relevance: .0, Instructions: 31COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 03367697 Relevance: .0, Instructions: 31COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 03369158 Relevance: .0, Instructions: 30COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0336DE48 Relevance: .0, Instructions: 30COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0336AF88 Relevance: .0, Instructions: 28COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 03368969 Relevance: .0, Instructions: 27COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 03369168 Relevance: .0, Instructions: 25COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 03369549 Relevance: .0, Instructions: 25COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 03368978 Relevance: .0, Instructions: 24COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 03369550 Relevance: .0, Instructions: 23COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0336DCE8 Relevance: .0, Instructions: 23COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 03368739 Relevance: .0, Instructions: 22COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0336F460 Relevance: .0, Instructions: 20COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 03368800 Relevance: .0, Instructions: 18COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0336F470 Relevance: .0, Instructions: 16COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 03368748 Relevance: .0, Instructions: 15COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 03368810 Relevance: .0, Instructions: 15COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 03367932 Relevance: .0, Instructions: 14COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 03367EA0 Relevance: .0, Instructions: 13COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 03367940 Relevance: .0, Instructions: 8COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 07871BE0 Relevance: 12.9, Strings: 10, Instructions: 436COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 07873928 Relevance: 12.8, Strings: 10, Instructions: 323COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 07873678 Relevance: 8.9, Strings: 7, Instructions: 192COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 07870488 Relevance: 6.7, Strings: 5, Instructions: 499COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 03364CB0 Relevance: 6.4, Strings: 5, Instructions: 163COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 07873F28 Relevance: 5.4, Strings: 4, Instructions: 395COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 03367A21 Relevance: 5.2, Strings: 4, Instructions: 241COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 03367A30 Relevance: 5.2, Strings: 4, Instructions: 234COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 07872327 Relevance: 5.2, Strings: 4, Instructions: 150COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 07875798 Relevance: 5.1, Strings: 4, Instructions: 94COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 07870308 Relevance: 5.1, Strings: 4, Instructions: 57COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Execution Graph
Execution Coverage: | 17.3% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 12.4% |
Total number of Nodes: | 315 |
Total number of Limit Nodes: | 18 |
Graph
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00AED910 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 03227AE7 Relevance: 1.6, APIs: 1, Instructions: 91COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 03227AEC Relevance: 1.6, APIs: 1, Instructions: 90COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00AED880 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00AB9CAE Relevance: 1.5, APIs: 1, Instructions: 22networkCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00ABC69E Relevance: 1.5, APIs: 1, Instructions: 20COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00ABC660 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00AEBC90 Relevance: 1.5, APIs: 1, Instructions: 9memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C74598 Relevance: 1.3, APIs: 1, Instructions: 21memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00AE8040 Relevance: 10.2, Strings: 8, Instructions: 194COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0322803D Relevance: .1, Instructions: 67COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 03227E99 Relevance: .1, Instructions: 55COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|