Edit tour
Windows
Analysis Report
m0CZ8H4jfl.exe
Overview
General Information
| Sample name: | m0CZ8H4jfl.exerenamed because original name is a hash value |
| Original sample name: | d279cafd050cd071af764df4cc856e9e188ce0c920d13429a3b33129c7e4cee2.exe |
| Analysis ID: | 1587963 |
| MD5: | ad29d6168abbec988896c57d4d25e2ed |
| SHA1: | 469b06a2d18997abeb8829bd6e495cdfee811270 |
| SHA256: | d279cafd050cd071af764df4cc856e9e188ce0c920d13429a3b33129c7e4cee2 |
| Tags: | exeGuLoaderuser-adrian__luca |
| Infos: |  |
 | |
Detection
GuLoader, MassLogger RAT
| Score: | 100 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected GuLoader
Yara detected MassLogger RAT
Yara detected Telegram RAT
AI detected suspicious sample
Disable Task Manager(disabletaskmgr)
Disables CMD prompt
Disables the Windows task manager (taskmgr)
Switches to a custom stack to bypass stack traces
Tries to detect the country of the analysis system (by using the IP)
Tries to detect virtualization through RDTSC time measurements
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses the Telegram API (likely for C&C communication)
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to dynamically determine API calls
Contains functionality to shutdown / reboot the system
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer
Classification
- System is w10x64
m0CZ8H4jfl.exe (PID: 7280 cmdline: "C:\Users\ user\Deskt op\m0CZ8H4 jfl.exe" MD5: AD29D6168ABBEC988896C57D4D25E2ED) - m0CZ8H4jfl.exe (PID: 7628 cmdline:
"C:\Users\ user\Deskt op\m0CZ8H4 jfl.exe" MD5: AD29D6168ABBEC988896C57D4D25E2ED)
- cleanup
| Name | Description | Attribution | Blogpost URLs | Link |
|---|---|---|---|---|
| CloudEyE, GuLoader | CloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored. | No Attribution |
{"C2 url": "https://api.telegram.org/bot7766574905:AAGkK12NqfgMWNTsNJqrFtr2J3oH0W_DuqA/sendMessage"}{"EXfil Mode": "Telegram", "Telegram Token": "7766574905:AAGkK12NqfgMWNTsNJqrFtr2J3oH0W_DuqA", "Telegram Chatid": "2065242915"}| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_MassLogger | Yara detected MassLogger RAT | Joe Security | ||
| JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
| JoeSecurity_TelegramRAT | Yara detected Telegram RAT | Joe Security | ||
| JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security | ||
| JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security | ||
| Click to see the 3 entries | ||||
⊘No Sigma rule has matched
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-01-10T19:56:32.177767+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.9 | 49978 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:56:33.861648+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.9 | 49980 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:56:35.693207+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.9 | 49982 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:56:37.490510+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.9 | 49984 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:56:39.489661+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.9 | 49986 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:56:41.456118+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.9 | 49988 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:56:43.133611+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.9 | 49990 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:56:44.714361+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.9 | 49992 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:56:46.560662+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.9 | 49994 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:56:48.242610+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.9 | 49996 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:56:50.101630+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.9 | 49998 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:56:52.036258+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.9 | 50000 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:56:53.769670+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.9 | 50002 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:56:55.394028+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.9 | 50004 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:56:57.036409+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.9 | 50006 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:56:58.782032+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.9 | 50008 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:57:00.408259+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.9 | 50010 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:57:02.211258+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.9 | 50012 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:57:03.848515+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.9 | 50014 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:57:05.506662+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.9 | 50016 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:57:07.300338+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.9 | 50018 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:57:09.117249+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.9 | 50020 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:57:10.850360+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.9 | 50022 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:57:12.700886+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.9 | 50024 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:57:14.362942+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.9 | 50026 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:57:16.226507+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.9 | 50028 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:57:17.839667+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.9 | 50030 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:57:19.456246+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.9 | 50032 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:57:21.448036+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.9 | 50034 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:57:23.378003+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.9 | 50036 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:57:25.113171+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.9 | 50038 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:57:26.997515+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.9 | 50040 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:57:29.619187+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.9 | 50042 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:57:31.750008+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.9 | 50044 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:57:33.598481+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.9 | 50046 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:57:39.793053+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.9 | 50048 | 149.154.167.220 | 443 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-01-10T19:56:23.891367+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.9 | 49975 | 193.122.6.168 | 80 | TCP |
| 2025-01-10T19:56:30.891377+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.9 | 49975 | 193.122.6.168 | 80 | TCP |
| 2025-01-10T19:56:33.032027+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.9 | 49979 | 193.122.6.168 | 80 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-01-10T19:56:18.646039+0100 | 2803270 | 2 | Potentially Bad Traffic | 192.168.2.9 | 49973 | 142.250.185.110 | 443 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-01-10T19:56:31.807597+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.9 | 49978 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:56:33.618945+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.9 | 49980 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:56:35.330479+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.9 | 49982 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:56:36.964352+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.9 | 49984 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:56:39.028995+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.9 | 49986 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:56:40.972524+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.9 | 49988 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:56:42.787510+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.9 | 49990 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:56:44.379360+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.9 | 49992 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:56:46.219496+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.9 | 49994 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:56:47.844249+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.9 | 49996 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:56:49.523005+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.9 | 49998 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:56:51.474015+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.9 | 50000 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:56:53.341257+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.9 | 50002 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:56:55.067585+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.9 | 50004 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:56:56.718469+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.9 | 50006 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:56:58.352507+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.9 | 50008 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:57:00.088414+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.9 | 50010 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:57:01.883437+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.9 | 50012 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:57:03.527252+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.9 | 50014 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:57:05.151965+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.9 | 50016 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:57:06.936842+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.9 | 50018 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:57:08.567100+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.9 | 50020 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:57:10.433174+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.9 | 50022 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:57:12.362356+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.9 | 50024 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:57:14.069016+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.9 | 50026 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:57:15.709271+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.9 | 50028 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:57:17.521702+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.9 | 50030 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:57:19.212304+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.9 | 50032 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:57:20.936355+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.9 | 50034 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:57:23.096862+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.9 | 50036 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:57:24.780435+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.9 | 50038 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:57:26.774780+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.9 | 50040 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:57:29.270759+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.9 | 50042 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:57:31.445917+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.9 | 50044 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:57:33.309516+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.9 | 50046 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:57:39.436070+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.9 | 50048 | 149.154.167.220 | 443 | TCP |
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | Malware Configuration Extractor: | ||
| Source: | Malware Configuration Extractor: | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | ReversingLabs: | |||
| Source: | Integrated Neural Analysis Model: | ||
Location Tracking | |
|---|
| Source: | DNS query: | ||
| Source: | Code function: | 3_2_3474D1EC | |
| Source: | Static PE information: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 0_2_00405846 | |
| Source: | Code function: | 0_2_004027FB | |
| Source: | Code function: | 0_2_00406398 | |
| Source: | Code function: | 3_2_00405846 | |
| Source: | Code function: | 3_2_004027FB | |
| Source: | Code function: | 3_2_00406398 | |
| Source: | Code function: | 3_2_34740C28 | |
| Source: | Code function: | 3_2_347403AF | |
| Source: | Code function: | 3_2_34740C1B | |
| Source: | Code function: | 3_2_34740F6F | |
| Source: | Code function: | 3_2_36AB8650 | |
| Source: | Code function: | 3_2_36AB8650 | |
| Source: | Code function: | 3_2_36ABBDF0 | |
| Source: | Code function: | 3_2_36AB6368 | |
| Source: | Code function: | 3_2_36AB36C0 | |
| Source: | Code function: | 3_2_36AB2E10 | |
| Source: | Code function: | 3_2_36AB5660 | |
| Source: | Code function: | 3_2_36AB0FA8 | |
| Source: | Code function: | 3_2_36AB67C0 | |
| Source: | Code function: | 3_2_36AB5F10 | |
| Source: | Code function: | 3_2_36AB3F70 | |
| Source: | Code function: | 3_2_36AB1CB0 | |
| Source: | Code function: | 3_2_36AB74C8 | |
| Source: | Code function: | 3_2_36AB1400 | |
| Source: | Code function: | 3_2_36AB6C18 | |
| Source: | Code function: | 3_2_36AB4DB0 | |
| Source: | Code function: | 3_2_36AB2560 | |
| Source: | Code function: | 3_2_36AB5AB8 | |
| Source: | Code function: | 3_2_36AB5208 | |
| Source: | Code function: | 3_2_36AB3268 | |
| Source: | Code function: | 3_2_36AB43C8 | |
| Source: | Code function: | 3_2_36AB3B18 | |
| Source: | Code function: | 3_2_36AB7B4F | |
| Source: | Code function: | 3_2_36AB4820 | |
| Source: | Code function: | 3_2_36AB7070 | |
| Source: | Code function: | 3_2_36AB1858 | |
| Source: | Code function: | 3_2_36AB29B8 | |
| Source: | Code function: | 3_2_36AB2108 | |
| Source: | Code function: | 3_2_37AFE7C8 | |
Networking | |
|---|
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | JA3 fingerprint: | ||
| Source: | JA3 fingerprint: | ||
| Source: | JA3 fingerprint: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Code function: | 0_2_004052F3 | |
| Source: | Code function: | 0_2_004032A0 | |
| Source: | Code function: | 3_2_004032A0 | |
| Source: | Code function: | 0_2_00404B30 | |
| Source: | Code function: | 0_2_00407041 | |
| Source: | Code function: | 0_2_0040686A | |
| Source: | Code function: | 3_2_00407041 | |
| Source: | Code function: | 3_2_0040686A | |
| Source: | Code function: | 3_2_00404B30 | |
| Source: | Code function: | 3_2_00154328 | |
| Source: | Code function: | 3_2_00158E0C | |
| Source: | Code function: | 3_2_00155978 | |
| Source: | Code function: | 3_2_347454E9 | |
| Source: | Code function: | 3_2_3474CCA0 | |
| Source: | Code function: | 3_2_3474603D | |
| Source: | Code function: | 3_2_347403AF | |
| Source: | Code function: | 3_2_36AB96C8 | |
| Source: | Code function: | 3_2_36AB8650 | |
| Source: | Code function: | 3_2_36ABBDF0 | |
| Source: | Code function: | 3_2_36AB9D10 | |
| Source: | Code function: | 3_2_36AB6368 | |
| Source: | Code function: | 3_2_36ABA360 | |
| Source: | Code function: | 3_2_36ABA9B0 | |
| Source: | Code function: | 3_2_36AB96B8 | |
| Source: | Code function: | 3_2_36AB36B0 | |
| Source: | Code function: | 3_2_36AB36C0 | |
| Source: | Code function: | 3_2_36AB2E10 | |
| Source: | Code function: | 3_2_36AB5660 | |
| Source: | Code function: | 3_2_36AB8640 | |
| Source: | Code function: | 3_2_36AB5650 | |
| Source: | Code function: | 3_2_36AB0FA8 | |
| Source: | Code function: | 3_2_36AB67B0 | |
| Source: | Code function: | 3_2_36ABAFF8 | |
| Source: | Code function: | 3_2_36ABAFF7 | |
| Source: | Code function: | 3_2_36AB67C0 | |
| Source: | Code function: | 3_2_36AB5F01 | |
| Source: | Code function: | 3_2_36AB5F10 | |
| Source: | Code function: | 3_2_36AB3F60 | |
| Source: | Code function: | 3_2_36AB3F70 | |
| Source: | Code function: | 3_2_36AB1CA0 | |
| Source: | Code function: | 3_2_36AB74B8 | |
| Source: | Code function: | 3_2_36AB1CB0 | |
| Source: | Code function: | 3_2_36AB74C8 | |
| Source: | Code function: | 3_2_36AB6C09 | |
| Source: | Code function: | 3_2_36AB1400 | |
| Source: | Code function: | 3_2_36AB6C18 | |
| Source: | Code function: | 3_2_36AB4DA0 | |
| Source: | Code function: | 3_2_36AB4DB0 | |
| Source: | Code function: | 3_2_36AB9D00 | |
| Source: | Code function: | 3_2_36AB2560 | |
| Source: | Code function: | 3_2_36AB2550 | |
| Source: | Code function: | 3_2_36AB5AA8 | |
| Source: | Code function: | 3_2_36AB5AB8 | |
| Source: | Code function: | 3_2_36ABBA97 | |
| Source: | Code function: | 3_2_36AB5208 | |
| Source: | Code function: | 3_2_36AB3268 | |
| Source: | Code function: | 3_2_36AB43B9 | |
| Source: | Code function: | 3_2_36AB43C8 | |
| Source: | Code function: | 3_2_36AB3B08 | |
| Source: | Code function: | 3_2_36AB3B18 | |
| Source: | Code function: | 3_2_36AB7B4F | |
| Source: | Code function: | 3_2_36AB6358 | |
| Source: | Code function: | 3_2_36ABA352 | |
| Source: | Code function: | 3_2_36AB20FA | |
| Source: | Code function: | 3_2_36AB4820 | |
| Source: | Code function: | 3_2_36AB4810 | |
| Source: | Code function: | 3_2_36AB7061 | |
| Source: | Code function: | 3_2_36AB7070 | |
| Source: | Code function: | 3_2_36AB0040 | |
| Source: | Code function: | 3_2_36AB1858 | |
| Source: | Code function: | 3_2_36AB29A8 | |
| Source: | Code function: | 3_2_36ABA9A0 | |
| Source: | Code function: | 3_2_36AB29B8 | |
| Source: | Code function: | 3_2_36AB51F8 | |
| Source: | Code function: | 3_2_36ABF136 | |
| Source: | Code function: | 3_2_36AB2108 | |
| Source: | Code function: | 3_2_37AFE7C8 | |
| Source: | Code function: | 3_2_37AFD608 | |
| Source: | Code function: | 3_2_37AF8328 | |
| Source: | Code function: | ||
| Source: | Binary or memory string: | ||
| Source: | Static PE information: | ||
| Source: | Classification label: | ||
| Source: | Code function: | 0_2_004032A0 | |
| Source: | Code function: | 3_2_004032A0 | |
| Source: | Code function: | 0_2_004045B4 | |
| Source: | Code function: | 0_2_00402095 | |
| Source: | File created: | Jump to behavior | ||
| Source: | Mutant created: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Virustotal: | ||
| Source: | ReversingLabs: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | LNK file: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Static PE information: | ||
Data Obfuscation | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | Code function: | 0_2_10001B18 | |
| Source: | Code function: | 0_2_10002E0E | |
| Source: | Code function: | 3_2_0015A492 | |
| Source: | Code function: | 3_2_0015A4FD | |
| Source: | Code function: | 3_2_347477EB | |
| Source: | File created: | Jump to dropped file | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
Malware Analysis System Evasion | |
|---|
| Source: | API/Special instruction interceptor: | ||
| Source: | API/Special instruction interceptor: | ||
| Source: | RDTSC instruction interceptor: | ||
| Source: | RDTSC instruction interceptor: | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | API coverage: | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Code function: | 0_2_00405846 | |
| Source: | Code function: | 0_2_004027FB | |
| Source: | Code function: | 0_2_00406398 | |
| Source: | Code function: | 3_2_00405846 | |
| Source: | Code function: | 3_2_004027FB | |
| Source: | Code function: | 3_2_00406398 | |
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | API call chain: | graph_0-3933 | ||
| Source: | API call chain: | graph_0-3752 | ||
| Source: | Code function: | 0_2_00403C41 | |
| Source: | Code function: | 0_2_10001B18 | |
| Source: | Process token adjusted: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Code function: | 0_2_00406077 | |
| Source: | Key value queried: | Jump to behavior | ||
Lowering of HIPS / PFW / Operating System Security Settings | |
|---|
| Source: | Registry value created: | Jump to behavior | ||
| Source: | Registry value created: | Jump to behavior | ||
| Source: | Registry key created or modified: | Jump to behavior | ||
Stealing of Sensitive Information | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | File source: | ||
| Source: | File source: | ||
Remote Access Functionality | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Native API | 1 DLL Side-Loading | 1 Access Token Manipulation | 1 Masquerading | 1 OS Credential Dumping | 21 Security Software Discovery | Remote Services | 1 Email Collection | 1 Web Service | Exfiltration Over Other Network Medium | 1 System Shutdown/Reboot |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 11 Process Injection | 31 Disable or Modify Tools | LSASS Memory | 31 Virtualization/Sandbox Evasion | Remote Desktop Protocol | 1 Archive Collected Data | 21 Encrypted Channel | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 1 DLL Side-Loading | 31 Virtualization/Sandbox Evasion | Security Account Manager | 1 Application Window Discovery | SMB/Windows Admin Shares | 1 Data from Local System | 1 Ingress Tool Transfer | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Access Token Manipulation | NTDS | 1 System Network Configuration Discovery | Distributed Component Object Model | 1 Clipboard Data | 3 Non-Application Layer Protocol | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 11 Process Injection | LSA Secrets | 2 File and Directory Discovery | SSH | Keylogging | 14 Application Layer Protocol | Scheduled Transfer | Data Encrypted for Impact |
| Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 Deobfuscate/Decode Files or Information | Cached Domain Credentials | 215 System Information Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
| DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 3 Obfuscated Files or Information | DCSync | Remote System Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
| Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 1 DLL Side-Loading | Proc Filesystem | System Owner/User Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 72% | Virustotal | Browse | ||
| 61% | ReversingLabs | Win32.Trojan.Guloader |
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | ReversingLabs |
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe |
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| drive.google.com | 142.250.185.110 | true | false | high | |
| drive.usercontent.google.com | 142.250.185.161 | true | false | high | |
| reallyfreegeoip.org | 104.21.96.1 | true | false | high | |
| api.telegram.org | 149.154.167.220 | true | false | high | |
| checkip.dyndns.com | 193.122.6.168 | true | false | high | |
| checkip.dyndns.org | unknown | unknown | false | high |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| false | high | ||
| false | high | ||
| false | high |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| true |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 149.154.167.220 | api.telegram.org | United Kingdom | 62041 | TELEGRAMRU | false | |
| 142.250.185.161 | drive.usercontent.google.com | United States | 15169 | GOOGLEUS | false | |
| 193.122.6.168 | checkip.dyndns.com | United States | 31898 | ORACLE-BMC-31898US | false | |
| 104.21.96.1 | reallyfreegeoip.org | United States | 13335 | CLOUDFLARENETUS | false | |
| 142.250.185.110 | drive.google.com | United States | 15169 | GOOGLEUS | false |
| Joe Sandbox version: | 42.0.0 Malachite |
| Analysis ID: | 1587963 |
| Start date and time: | 2025-01-10 19:54:34 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 7m 34s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 8 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | m0CZ8H4jfl.exerenamed because original name is a hash value |
| Original Sample Name: | d279cafd050cd071af764df4cc856e9e188ce0c920d13429a3b33129c7e4cee2.exe |
| Detection: | MAL |
| Classification: | mal100.troj.spyw.evad.winEXE@3/8@6/5 |
| EGA Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
- Excluded IPs from analysis (whitelisted): 13.107.246.45, 20.12.23.50
- Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, otelrules.azureedge.net, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
- Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
| Time | Type | Description |
|---|---|---|
| 13:56:30 | API Interceptor |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 149.154.167.220 | Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse | ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse | |||
| Get hash | malicious | AsyncRAT, StormKitty, WorldWind Stealer | Browse | |||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse | |||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse | |||
| Get hash | malicious | MassLogger RAT | Browse | |||
| Get hash | malicious | MassLogger RAT | Browse | |||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse | |||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse | |||
| Get hash | malicious | AgentTesla | Browse | |||
| 193.122.6.168 | Get hash | malicious | MassLogger RAT | Browse |
| |
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| reallyfreegeoip.org | Get hash | malicious | MassLogger RAT | Browse |
| |
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT, PureLog Stealer | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| checkip.dyndns.com | Get hash | malicious | MassLogger RAT | Browse |
| |
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT, PureLog Stealer | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| api.telegram.org | Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| |
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | AsyncRAT, StormKitty, WorldWind Stealer | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| ORACLE-BMC-31898US | Get hash | malicious | MassLogger RAT | Browse |
| |
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| TELEGRAMRU | Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| |
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | AsyncRAT, StormKitty, WorldWind Stealer | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| CLOUDFLARENETUS | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Azorult | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 54328bd36c14bd82ddaa0c04b25ed9ad | Get hash | malicious | MassLogger RAT | Browse |
| |
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT, PureLog Stealer | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| 3b5074b1b5d032e5620f69f9f700ff0e | Get hash | malicious | AgentTesla | Browse |
| |
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | AsyncRAT, StormKitty, WorldWind Stealer | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| 37f463bf4616ecd445d4a1937da06e19 | Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| |
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | Vidar | Browse |
| ||
| Get hash | malicious | Vidar | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | GuLoader | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader | Browse |
| ||
| Get hash | malicious | GuLoader | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| C:\Users\user\AppData\Local\Temp\nsw2CAB.tmp\System.dll | Get hash | malicious | GuLoader, MassLogger RAT | Browse | ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse | |||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse | |||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse | |||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse | |||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse | |||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse | |||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse | |||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse | |||
| Get hash | malicious | Unknown | Browse |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\rapiditetens\fremtving\Crosspiece.Gly
Download File
| Process: | C:\Users\user\Desktop\m0CZ8H4jfl.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 35898 |
| Entropy (8bit): | 4.579363273950714 |
| Encrypted: | false |
| SSDEEP: | 384:N0tkFClF9lfUBtLjaEW7WIiOnvFjwJo2PX6Av1FMRvCGlxp8EKtyZQFH2:NjFw9wt36WyqJXJFMtCG79K8ZQg |
| MD5: | 781E08B28F6FF42F07049A8394BA7E21 |
| SHA1: | 11F03490DF96BBA3D463E80FEF706BF1D8ABC0D0 |
| SHA-256: | 4CF7FB5C20E8C886C32125C2406D63B48ED997EBECDE2DA05314BE47D633FB8C |
| SHA-512: | 0BD1560B8C6140ABAC9F85B67A26EED9E8EF0CAB4AAA39C98325A8752348238238C34ECC1216774D8373A3BA927C01B49D93FF9EC3380B81DC20F0C7AA97F6F1 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\rapiditetens\fremtving\Riprap43.gaw
Download File
| Process: | C:\Users\user\Desktop\m0CZ8H4jfl.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 56641 |
| Entropy (8bit): | 1.2318917163845036 |
| Encrypted: | false |
| SSDEEP: | 384:vrBeaW6xu5Pd9GW0Zq+/HXF1qcGNMUd8phxiFQHOV7hpvZlq:t9+Pdop/306xixrlq |
| MD5: | 39C9A5F767D8C170B5CE38EA8D5734D4 |
| SHA1: | 4B4CA81EB3D093645B504004F62A269D4EACDECC |
| SHA-256: | 87A7017021050071DBE5726BF9AC505763CD923E2BDE93336CA0905802CD8D49 |
| SHA-512: | AE2D66B801251046FA4D3093391B916955B43BE75A954DD398583B1B8881A9F109F51F81D6E4FE759F83AC7B921FA89B02185013AFDE16D3C8EAB422BE89B4FF |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\rapiditetens\fremtving\Skattereduktion.Pre29
Download File
| Process: | C:\Users\user\Desktop\m0CZ8H4jfl.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 268719 |
| Entropy (8bit): | 7.819557885033517 |
| Encrypted: | false |
| SSDEEP: | 6144:FYAs+3YWbK7pvS5/d7Grkyhao1wVniHp33Kpm8:GAs+3hK7pvSVd7no1wZgmm8 |
| MD5: | 6298E6324DAADEF6250CF15ED77A3701 |
| SHA1: | 62C54C2615C13B3A5416B41E592380280C224EF0 |
| SHA-256: | 29601B875D0D865DEF56CDEF4F56FBBC297E6D543057F4FA27BEB60402D92A95 |
| SHA-512: | B4F69E9BC6ECF8800ACF2D211DD48AC71670C00BFC7F7BE04A7BB227D65B40D87E7A72FA3E3ED37BB7654ECFD82EE40EC29EC251977AD4841295E411D2B56249 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\rapiditetens\fremtving\forskansningens.txt
Download File
| Process: | C:\Users\user\Desktop\m0CZ8H4jfl.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 345 |
| Entropy (8bit): | 4.241929841155785 |
| Encrypted: | false |
| SSDEEP: | 6:dvkdMOL4xnuXGNQWjMIDw1luhPB46xAJX7sBJOdkmLA8gMfArpIXbgOwQWiQJEEC:dufExIoDe1lYnGJLsBQdtL6rpIrWQkJA |
| MD5: | AE69FE0F4D1E1115BC470031E661785C |
| SHA1: | 8D3799826FE457C61C1E8EE5E3071683A8125BC5 |
| SHA-256: | 6B18768503395C809263568D3A8858810404C2B7D49DC7CB6CE5F717F5D6C7DE |
| SHA-512: | 969C0DB048EAC4A9B447A0C0C463A7983F1B4091B6206E274B9D249F8311439B6C33F5AA1EDF9CD1AA27502DA49378D3E1B45F16909C55DF830E51684E9648BE |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\rapiditetens\fremtving\fyldebtten.soi
Download File
| Process: | C:\Users\user\Desktop\m0CZ8H4jfl.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 210366 |
| Entropy (8bit): | 1.240975322465592 |
| Encrypted: | false |
| SSDEEP: | 768:vBTwJOLxCIF0V6iLboHog6BQlsMqlN1R0pmGy30wbfq6+9GmlsNh34k0uJ/QohER:cJigyyDJnLH7zA |
| MD5: | AEF78D8D561E8802286A78AAC6C73ED6 |
| SHA1: | DDF5DA649482D0A553802827BB9F0EF64A7069E1 |
| SHA-256: | 45F24543C01C9A11CC2246A9B27569AF433EEF61C877A4E191B683315D3566BE |
| SHA-512: | 93D43C0CECADF8E1F507F8E58D2B4D92995D8F7ECF213A23559938B380033A6D0D80B0816A8D6603864F821F4FEDC988E0F79BE14C6892089178970E08DC4199 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\rapiditetens\fremtving\wildwestfilm.sto
Download File
| Process: | C:\Users\user\Desktop\m0CZ8H4jfl.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 363811 |
| Entropy (8bit): | 1.2512349423386382 |
| Encrypted: | false |
| SSDEEP: | 768:y2f405GRYtnSLOBbyCociR2TVuEpHsVURGxwGmXjyMB+CtKDOgt9rlHF1QOs+9m5:pIuagbnK7CwVwFpYogwhUsvCq |
| MD5: | BFEA15C03AB295424981A73637A19491 |
| SHA1: | A5ADABDDC373D6B3004F96946D84B651E42D9F5C |
| SHA-256: | 83E9CE74259889DCABD39D41131F286882B224698DCDEB8D0B4074069AAA687B |
| SHA-512: | CB5969BFFAED8AF1791938E924E0CC9F876E45165F4E7EA5E9249131FACA831C0600F14BD68EF041D18C81A3FBE087970043D1B3B8A6786C1E5E5049834D4D0D |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\m0CZ8H4jfl.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 11776 |
| Entropy (8bit): | 5.655335921632966 |
| Encrypted: | false |
| SSDEEP: | 192:eF24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35Ol9Sl:h8QIl975eXqlWBrz7YLOl9 |
| MD5: | EE260C45E97B62A5E42F17460D406068 |
| SHA1: | DF35F6300A03C4D3D3BD69752574426296B78695 |
| SHA-256: | E94A1F7BCD7E0D532B660D0AF468EB3321536C3EFDCA265E61F9EC174B1AEF27 |
| SHA-512: | A98F350D17C9057F33E5847462A87D59CBF2AAEDA7F6299B0D49BB455E484CE4660C12D2EB8C4A0D21DF523E729222BBD6C820BF25B081BC7478152515B414B3 |
| Malicious: | false |
| Antivirus: |
|
| Joe Sandbox View: |
|
| Preview: |
| Process: | C:\Users\user\Desktop\m0CZ8H4jfl.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1152 |
| Entropy (8bit): | 3.243517107466583 |
| Encrypted: | false |
| SSDEEP: | 12:8wl0IsXyEKW2je/tz0/CSL6/cBnwgXl341DEDeG41DED0MsQ1olfW+kjcmAahwbn:8HlKPjeWLrFPjPI4izZMWJpqy |
| MD5: | 4E09F5DB5EB2E6D5C23DB2EDAB5B1012 |
| SHA1: | 9A69B01C329E9F7F2177F570B331DFB27265B1E9 |
| SHA-256: | FF83A11BEC2485FC24A0D8C76FD9A1477FE91B755557DBD553B0719C87ECF56B |
| SHA-512: | C6ABFBD534F32F05DCBD56241C95FC4A7352AB44ED639DEA79897CBFFA0A4A5F603CA352CD51AFED3A078FFA6ED38FB5862D6F5F9EEB6EF3DC11B044D178EBBA |
| Malicious: | false |
| Preview: |
| File type: | |
| Entropy (8bit): | 7.9579000021212085 |
| TrID: |
|
| File name: | m0CZ8H4jfl.exe |
| File size: | 432'979 bytes |
| MD5: | ad29d6168abbec988896c57d4d25e2ed |
| SHA1: | 469b06a2d18997abeb8829bd6e495cdfee811270 |
| SHA256: | d279cafd050cd071af764df4cc856e9e188ce0c920d13429a3b33129c7e4cee2 |
| SHA512: | 5b5c702fc4d24dc03e46f5238969d7f6010d1298a928cc6dcdbfedf69cc8440e53480ddbac57deef9d100499f97d18b55f895770bb916a5f29a6770594041468 |
| SSDEEP: | 12288:I5AeDyYI91QcLmn1XNu7Jj1JK8s5FEeKJ:ZebIEXNu7Jj1Jices |
| TLSH: | D79422116220D593E1FA4E364E70A3DF997ABB1695205F17C3C829963C376C3E81FA4E |
| File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...P...P...P..*_...P...P..NP..*_...P...s...P...V...P..Rich.P..........................PE..L......V.................d......... |
 | |
| Icon Hash: | 3d2e0f95332b3399 |
| Entrypoint: | 0x4032a0 |
| Entrypoint Section: | .text |
| Digitally signed: | false |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
| DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
| Time Stamp: | 0x567F847F [Sun Dec 27 06:26:07 2015 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 4 |
| OS Version Minor: | 0 |
| File Version Major: | 4 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 4 |
| Subsystem Version Minor: | 0 |
| Import Hash: | d4b94e8ee3f620a89d114b9da4b31873 |
| Instruction |
|---|
| sub esp, 000002D4h |
| push ebp |
| push esi |
| push 00000020h |
| xor ebp, ebp |
| pop esi |
| mov dword ptr [esp+0Ch], ebp |
| push 00008001h |
| mov dword ptr [esp+0Ch], 0040A300h |
| mov dword ptr [esp+18h], ebp |
| call dword ptr [004080B0h] |
| call dword ptr [004080ACh] |
| cmp ax, 00000006h |
| je 00007F0F091A14D3h |
| push ebp |
| call 00007F0F091A4616h |
| cmp eax, ebp |
| je 00007F0F091A14C9h |
| push 00000C00h |
| call eax |
| push ebx |
| push edi |
| push 0040A2F4h |
| call 00007F0F091A4593h |
| push 0040A2ECh |
| call 00007F0F091A4589h |
| push 0040A2E0h |
| call 00007F0F091A457Fh |
| push 00000009h |
| call 00007F0F091A45E4h |
| push 00000007h |
| call 00007F0F091A45DDh |
| mov dword ptr [00434F04h], eax |
| call dword ptr [00408044h] |
| push ebp |
| call dword ptr [004082A8h] |
| mov dword ptr [00434FB8h], eax |
| push ebp |
| lea eax, dword ptr [esp+34h] |
| push 000002B4h |
| push eax |
| push ebp |
| push 0042B228h |
| call dword ptr [0040818Ch] |
| push 0040A2C8h |
| push 00433F00h |
| call 00007F0F091A41CAh |
| call dword ptr [004080A8h] |
| mov ebx, 0043F000h |
| push eax |
| push ebx |
| call 00007F0F091A41B8h |
| push ebp |
| call dword ptr [00408178h] |
| Programming Language: |
|
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0x85c8 | 0xa0 | .rdata |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x5d000 | 0x11e0 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x8000 | 0x2b8 | .rdata |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0x637c | 0x6400 | 83ff228d6dae8dd738eb2f78afbc793f | False | 0.672421875 | data | 6.491609540807675 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .rdata | 0x8000 | 0x147c | 0x1600 | d9f9b0b330e238260616b62a7a3cac09 | False | 0.42933238636363635 | data | 4.973928345594701 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .data | 0xa000 | 0x2aff8 | 0x600 | 3f2b05c8fbb8b2e4c9c89e93d30e7252 | False | 0.53125 | data | 4.133631086111171 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .ndata | 0x35000 | 0x28000 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .rsrc | 0x5d000 | 0x11e0 | 0x1200 | 20639f4e7c421f5379e2fb9ea4a1530d | False | 0.3684895833333333 | data | 4.485045860065118 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
|---|---|---|---|---|---|---|
| RT_BITMAP | 0x5d268 | 0x368 | Device independent bitmap graphic, 96 x 16 x 4, image size 768 | English | United States | 0.23623853211009174 |
| RT_ICON | 0x5d5d0 | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 640 | English | United States | 0.42473118279569894 |
| RT_DIALOG | 0x5d8b8 | 0x144 | data | English | United States | 0.5216049382716049 |
| RT_DIALOG | 0x5da00 | 0x13c | data | English | United States | 0.5506329113924051 |
| RT_DIALOG | 0x5db40 | 0x100 | data | English | United States | 0.5234375 |
| RT_DIALOG | 0x5dc40 | 0x11c | data | English | United States | 0.6056338028169014 |
| RT_DIALOG | 0x5dd60 | 0xc4 | data | English | United States | 0.5918367346938775 |
| RT_DIALOG | 0x5de28 | 0x60 | data | English | United States | 0.7291666666666666 |
| RT_GROUP_ICON | 0x5de88 | 0x14 | data | English | United States | 1.2 |
| RT_MANIFEST | 0x5dea0 | 0x33f | XML 1.0 document, ASCII text, with very long lines (831), with no line terminators | English | United States | 0.5547533092659447 |
| DLL | Import |
|---|---|
| KERNEL32.dll | SetCurrentDirectoryW, GetFileAttributesW, GetFullPathNameW, Sleep, GetTickCount, GetFileSize, GetModuleFileNameW, MoveFileW, SetFileAttributesW, GetCurrentProcess, ExitProcess, SetEnvironmentVariableW, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, GetVersion, SetErrorMode, lstrlenW, lstrcpynW, CopyFileW, CompareFileTime, GlobalLock, CreateThread, GetLastError, CreateDirectoryW, CreateProcessW, RemoveDirectoryW, lstrcmpiA, CreateFileW, GetTempFileNameW, WriteFile, lstrcpyA, lstrcpyW, MoveFileExW, lstrcatW, GetSystemDirectoryW, LoadLibraryW, GetProcAddress, GetModuleHandleA, ExpandEnvironmentStringsW, GetShortPathNameW, SearchPathW, lstrcmpiW, SetFileTime, CloseHandle, GlobalFree, lstrcmpW, GlobalAlloc, WaitForSingleObject, GlobalUnlock, GetDiskFreeSpaceW, GetExitCodeProcess, FindFirstFileW, FindNextFileW, DeleteFileW, SetFilePointer, ReadFile, FindClose, MulDiv, MultiByteToWideChar, lstrlenA, WideCharToMultiByte, GetPrivateProfileStringW, WritePrivateProfileStringW, FreeLibrary, LoadLibraryExW, GetModuleHandleW |
| USER32.dll | GetSystemMenu, SetClassLongW, IsWindowEnabled, EnableMenuItem, SetWindowPos, GetSysColor, GetWindowLongW, SetCursor, LoadCursorW, CheckDlgButton, GetMessagePos, LoadBitmapW, CallWindowProcW, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, wsprintfW, ScreenToClient, GetWindowRect, GetSystemMetrics, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharPrevW, CharNextA, wsprintfA, DispatchMessageW, PeekMessageW, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, GetDC, SetWindowTextW, PostQuitMessage, ShowWindow, GetDlgItem, IsWindow, LoadImageW, SetWindowLongW, TrackPopupMenu, AppendMenuW, CreatePopupMenu, EndPaint, SetTimer, FindWindowExW, SendMessageTimeoutW, SetForegroundWindow |
| GDI32.dll | SelectObject, SetBkMode, CreateFontIndirectW, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor |
| SHELL32.dll | SHGetSpecialFolderLocation, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, ShellExecuteW, SHFileOperationW |
| ADVAPI32.dll | RegDeleteKeyW, SetFileSecurityW, OpenProcessToken, LookupPrivilegeValueW, AdjustTokenPrivileges, RegOpenKeyExW, RegEnumValueW, RegDeleteValueW, RegCloseKey, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, RegEnumKeyW |
| COMCTL32.dll | ImageList_Create, ImageList_AddMasked, ImageList_Destroy |
| ole32.dll | OleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance |
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| English | United States |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-01-10T19:56:18.646039+0100 | 2803270 | ETPRO MALWARE Common Downloader Header Pattern UHCa | 2 | 192.168.2.9 | 49973 | 142.250.185.110 | 443 | TCP |
| 2025-01-10T19:56:23.891367+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.9 | 49975 | 193.122.6.168 | 80 | TCP |
| 2025-01-10T19:56:30.891377+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.9 | 49975 | 193.122.6.168 | 80 | TCP |
| 2025-01-10T19:56:31.807597+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.9 | 49978 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:56:32.177767+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.9 | 49978 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:56:33.032027+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.9 | 49979 | 193.122.6.168 | 80 | TCP |
| 2025-01-10T19:56:33.618945+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.9 | 49980 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:56:33.861648+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.9 | 49980 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:56:35.330479+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.9 | 49982 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:56:35.693207+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.9 | 49982 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:56:36.964352+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.9 | 49984 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:56:37.490510+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.9 | 49984 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:56:39.028995+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.9 | 49986 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:56:39.489661+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.9 | 49986 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:56:40.972524+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.9 | 49988 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:56:41.456118+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.9 | 49988 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:56:42.787510+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.9 | 49990 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:56:43.133611+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.9 | 49990 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:56:44.379360+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.9 | 49992 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:56:44.714361+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.9 | 49992 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:56:46.219496+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.9 | 49994 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:56:46.560662+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.9 | 49994 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:56:47.844249+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.9 | 49996 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:56:48.242610+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.9 | 49996 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:56:49.523005+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.9 | 49998 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:56:50.101630+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.9 | 49998 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:56:51.474015+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.9 | 50000 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:56:52.036258+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.9 | 50000 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:56:53.341257+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.9 | 50002 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:56:53.769670+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.9 | 50002 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:56:55.067585+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.9 | 50004 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:56:55.394028+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.9 | 50004 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:56:56.718469+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.9 | 50006 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:56:57.036409+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.9 | 50006 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:56:58.352507+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.9 | 50008 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:56:58.782032+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.9 | 50008 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:57:00.088414+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.9 | 50010 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:57:00.408259+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.9 | 50010 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:57:01.883437+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.9 | 50012 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:57:02.211258+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.9 | 50012 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:57:03.527252+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.9 | 50014 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:57:03.848515+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.9 | 50014 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:57:05.151965+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.9 | 50016 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:57:05.506662+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.9 | 50016 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:57:06.936842+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.9 | 50018 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:57:07.300338+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.9 | 50018 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:57:08.567100+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.9 | 50020 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:57:09.117249+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.9 | 50020 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:57:10.433174+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.9 | 50022 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:57:10.850360+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.9 | 50022 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:57:12.362356+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.9 | 50024 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:57:12.700886+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.9 | 50024 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:57:14.069016+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.9 | 50026 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:57:14.362942+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.9 | 50026 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:57:15.709271+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.9 | 50028 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:57:16.226507+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.9 | 50028 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:57:17.521702+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.9 | 50030 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:57:17.839667+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.9 | 50030 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:57:19.212304+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.9 | 50032 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:57:19.456246+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.9 | 50032 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:57:20.936355+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.9 | 50034 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:57:21.448036+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.9 | 50034 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:57:23.096862+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.9 | 50036 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:57:23.378003+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.9 | 50036 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:57:24.780435+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.9 | 50038 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:57:25.113171+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.9 | 50038 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:57:26.774780+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.9 | 50040 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:57:26.997515+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.9 | 50040 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:57:29.270759+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.9 | 50042 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:57:29.619187+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.9 | 50042 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:57:31.445917+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.9 | 50044 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:57:31.750008+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.9 | 50044 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:57:33.309516+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.9 | 50046 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:57:33.598481+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.9 | 50046 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:57:39.436070+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.9 | 50048 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T19:57:39.793053+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.9 | 50048 | 149.154.167.220 | 443 | TCP |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Jan 10, 2025 19:56:17.507174969 CET | 49973 | 443 | 192.168.2.9 | 142.250.185.110 |
| Jan 10, 2025 19:56:17.507220984 CET | 443 | 49973 | 142.250.185.110 | 192.168.2.9 |
| Jan 10, 2025 19:56:17.507333994 CET | 49973 | 443 | 192.168.2.9 | 142.250.185.110 |
| Jan 10, 2025 19:56:17.521965027 CET | 49973 | 443 | 192.168.2.9 | 142.250.185.110 |
| Jan 10, 2025 19:56:17.522003889 CET | 443 | 49973 | 142.250.185.110 | 192.168.2.9 |
| Jan 10, 2025 19:56:18.177457094 CET | 443 | 49973 | 142.250.185.110 | 192.168.2.9 |
| Jan 10, 2025 19:56:18.177598000 CET | 49973 | 443 | 192.168.2.9 | 142.250.185.110 |
| Jan 10, 2025 19:56:18.178266048 CET | 443 | 49973 | 142.250.185.110 | 192.168.2.9 |
| Jan 10, 2025 19:56:18.179097891 CET | 49973 | 443 | 192.168.2.9 | 142.250.185.110 |
| Jan 10, 2025 19:56:18.236407042 CET | 49973 | 443 | 192.168.2.9 | 142.250.185.110 |
| Jan 10, 2025 19:56:18.236443043 CET | 443 | 49973 | 142.250.185.110 | 192.168.2.9 |
| Jan 10, 2025 19:56:18.236747980 CET | 443 | 49973 | 142.250.185.110 | 192.168.2.9 |
| Jan 10, 2025 19:56:18.237602949 CET | 49973 | 443 | 192.168.2.9 | 142.250.185.110 |
| Jan 10, 2025 19:56:18.240601063 CET | 49973 | 443 | 192.168.2.9 | 142.250.185.110 |
| Jan 10, 2025 19:56:18.283329964 CET | 443 | 49973 | 142.250.185.110 | 192.168.2.9 |
| Jan 10, 2025 19:56:18.646025896 CET | 443 | 49973 | 142.250.185.110 | 192.168.2.9 |
| Jan 10, 2025 19:56:18.646204948 CET | 49973 | 443 | 192.168.2.9 | 142.250.185.110 |
| Jan 10, 2025 19:56:18.646816969 CET | 49973 | 443 | 192.168.2.9 | 142.250.185.110 |
| Jan 10, 2025 19:56:18.646867990 CET | 443 | 49973 | 142.250.185.110 | 192.168.2.9 |
| Jan 10, 2025 19:56:18.646935940 CET | 49973 | 443 | 192.168.2.9 | 142.250.185.110 |
| Jan 10, 2025 19:56:18.671574116 CET | 49974 | 443 | 192.168.2.9 | 142.250.185.161 |
| Jan 10, 2025 19:56:18.671607971 CET | 443 | 49974 | 142.250.185.161 | 192.168.2.9 |
| Jan 10, 2025 19:56:18.671680927 CET | 49974 | 443 | 192.168.2.9 | 142.250.185.161 |
| Jan 10, 2025 19:56:18.671931028 CET | 49974 | 443 | 192.168.2.9 | 142.250.185.161 |
| Jan 10, 2025 19:56:18.671945095 CET | 443 | 49974 | 142.250.185.161 | 192.168.2.9 |
| Jan 10, 2025 19:56:19.358052015 CET | 443 | 49974 | 142.250.185.161 | 192.168.2.9 |
| Jan 10, 2025 19:56:19.358170986 CET | 49974 | 443 | 192.168.2.9 | 142.250.185.161 |
| Jan 10, 2025 19:56:19.370199919 CET | 49974 | 443 | 192.168.2.9 | 142.250.185.161 |
| Jan 10, 2025 19:56:19.370228052 CET | 443 | 49974 | 142.250.185.161 | 192.168.2.9 |
| Jan 10, 2025 19:56:19.370480061 CET | 443 | 49974 | 142.250.185.161 | 192.168.2.9 |
| Jan 10, 2025 19:56:19.370534897 CET | 49974 | 443 | 192.168.2.9 | 142.250.185.161 |
| Jan 10, 2025 19:56:19.370876074 CET | 49974 | 443 | 192.168.2.9 | 142.250.185.161 |
| Jan 10, 2025 19:56:19.411330938 CET | 443 | 49974 | 142.250.185.161 | 192.168.2.9 |
| Jan 10, 2025 19:56:21.868748903 CET | 443 | 49974 | 142.250.185.161 | 192.168.2.9 |
| Jan 10, 2025 19:56:21.868899107 CET | 49974 | 443 | 192.168.2.9 | 142.250.185.161 |
| Jan 10, 2025 19:56:21.874660015 CET | 443 | 49974 | 142.250.185.161 | 192.168.2.9 |
| Jan 10, 2025 19:56:21.874743938 CET | 49974 | 443 | 192.168.2.9 | 142.250.185.161 |
| Jan 10, 2025 19:56:21.903917074 CET | 443 | 49974 | 142.250.185.161 | 192.168.2.9 |
| Jan 10, 2025 19:56:21.904000044 CET | 443 | 49974 | 142.250.185.161 | 192.168.2.9 |
| Jan 10, 2025 19:56:21.904032946 CET | 49974 | 443 | 192.168.2.9 | 142.250.185.161 |
| Jan 10, 2025 19:56:21.904052973 CET | 443 | 49974 | 142.250.185.161 | 192.168.2.9 |
| Jan 10, 2025 19:56:21.904068947 CET | 49974 | 443 | 192.168.2.9 | 142.250.185.161 |
| Jan 10, 2025 19:56:21.904102087 CET | 49974 | 443 | 192.168.2.9 | 142.250.185.161 |
| Jan 10, 2025 19:56:21.960949898 CET | 443 | 49974 | 142.250.185.161 | 192.168.2.9 |
| Jan 10, 2025 19:56:21.961016893 CET | 443 | 49974 | 142.250.185.161 | 192.168.2.9 |
| Jan 10, 2025 19:56:21.961044073 CET | 443 | 49974 | 142.250.185.161 | 192.168.2.9 |
| Jan 10, 2025 19:56:21.961070061 CET | 49974 | 443 | 192.168.2.9 | 142.250.185.161 |
| Jan 10, 2025 19:56:21.961103916 CET | 443 | 49974 | 142.250.185.161 | 192.168.2.9 |
| Jan 10, 2025 19:56:21.961122036 CET | 49974 | 443 | 192.168.2.9 | 142.250.185.161 |
| Jan 10, 2025 19:56:21.961158991 CET | 49974 | 443 | 192.168.2.9 | 142.250.185.161 |
| Jan 10, 2025 19:56:21.961287975 CET | 443 | 49974 | 142.250.185.161 | 192.168.2.9 |
| Jan 10, 2025 19:56:21.961338043 CET | 49974 | 443 | 192.168.2.9 | 142.250.185.161 |
| Jan 10, 2025 19:56:21.963531971 CET | 443 | 49974 | 142.250.185.161 | 192.168.2.9 |
| Jan 10, 2025 19:56:21.963588953 CET | 49974 | 443 | 192.168.2.9 | 142.250.185.161 |
| Jan 10, 2025 19:56:21.963644981 CET | 443 | 49974 | 142.250.185.161 | 192.168.2.9 |
| Jan 10, 2025 19:56:21.963691950 CET | 49974 | 443 | 192.168.2.9 | 142.250.185.161 |
| Jan 10, 2025 19:56:21.969764948 CET | 443 | 49974 | 142.250.185.161 | 192.168.2.9 |
| Jan 10, 2025 19:56:21.969824076 CET | 49974 | 443 | 192.168.2.9 | 142.250.185.161 |
| Jan 10, 2025 19:56:21.969835997 CET | 443 | 49974 | 142.250.185.161 | 192.168.2.9 |
| Jan 10, 2025 19:56:21.969894886 CET | 49974 | 443 | 192.168.2.9 | 142.250.185.161 |
| Jan 10, 2025 19:56:21.976129055 CET | 443 | 49974 | 142.250.185.161 | 192.168.2.9 |
| Jan 10, 2025 19:56:21.976198912 CET | 49974 | 443 | 192.168.2.9 | 142.250.185.161 |
| Jan 10, 2025 19:56:21.976218939 CET | 443 | 49974 | 142.250.185.161 | 192.168.2.9 |
| Jan 10, 2025 19:56:21.976275921 CET | 49974 | 443 | 192.168.2.9 | 142.250.185.161 |
| Jan 10, 2025 19:56:21.982417107 CET | 443 | 49974 | 142.250.185.161 | 192.168.2.9 |
| Jan 10, 2025 19:56:21.982475042 CET | 49974 | 443 | 192.168.2.9 | 142.250.185.161 |
| Jan 10, 2025 19:56:21.982486963 CET | 443 | 49974 | 142.250.185.161 | 192.168.2.9 |
| Jan 10, 2025 19:56:21.982538939 CET | 49974 | 443 | 192.168.2.9 | 142.250.185.161 |
| Jan 10, 2025 19:56:21.988585949 CET | 443 | 49974 | 142.250.185.161 | 192.168.2.9 |
| Jan 10, 2025 19:56:21.988640070 CET | 49974 | 443 | 192.168.2.9 | 142.250.185.161 |
| Jan 10, 2025 19:56:21.988648891 CET | 443 | 49974 | 142.250.185.161 | 192.168.2.9 |
| Jan 10, 2025 19:56:21.988701105 CET | 49974 | 443 | 192.168.2.9 | 142.250.185.161 |
| Jan 10, 2025 19:56:21.994716883 CET | 443 | 49974 | 142.250.185.161 | 192.168.2.9 |
| Jan 10, 2025 19:56:21.994777918 CET | 49974 | 443 | 192.168.2.9 | 142.250.185.161 |
| Jan 10, 2025 19:56:21.994862080 CET | 443 | 49974 | 142.250.185.161 | 192.168.2.9 |
| Jan 10, 2025 19:56:21.994909048 CET | 49974 | 443 | 192.168.2.9 | 142.250.185.161 |
| Jan 10, 2025 19:56:22.000639915 CET | 443 | 49974 | 142.250.185.161 | 192.168.2.9 |
| Jan 10, 2025 19:56:22.000709057 CET | 49974 | 443 | 192.168.2.9 | 142.250.185.161 |
| Jan 10, 2025 19:56:22.000716925 CET | 443 | 49974 | 142.250.185.161 | 192.168.2.9 |
| Jan 10, 2025 19:56:22.000756025 CET | 49974 | 443 | 192.168.2.9 | 142.250.185.161 |
| Jan 10, 2025 19:56:22.006330967 CET | 443 | 49974 | 142.250.185.161 | 192.168.2.9 |
| Jan 10, 2025 19:56:22.007136106 CET | 49974 | 443 | 192.168.2.9 | 142.250.185.161 |
| Jan 10, 2025 19:56:22.007143974 CET | 443 | 49974 | 142.250.185.161 | 192.168.2.9 |
| Jan 10, 2025 19:56:22.007188082 CET | 49974 | 443 | 192.168.2.9 | 142.250.185.161 |
| Jan 10, 2025 19:56:22.012083054 CET | 443 | 49974 | 142.250.185.161 | 192.168.2.9 |
| Jan 10, 2025 19:56:22.012137890 CET | 49974 | 443 | 192.168.2.9 | 142.250.185.161 |
| Jan 10, 2025 19:56:22.012145042 CET | 443 | 49974 | 142.250.185.161 | 192.168.2.9 |
| Jan 10, 2025 19:56:22.012190104 CET | 49974 | 443 | 192.168.2.9 | 142.250.185.161 |
| Jan 10, 2025 19:56:22.017843962 CET | 443 | 49974 | 142.250.185.161 | 192.168.2.9 |
| Jan 10, 2025 19:56:22.017920017 CET | 49974 | 443 | 192.168.2.9 | 142.250.185.161 |
| Jan 10, 2025 19:56:22.017942905 CET | 443 | 49974 | 142.250.185.161 | 192.168.2.9 |
| Jan 10, 2025 19:56:22.017986059 CET | 49974 | 443 | 192.168.2.9 | 142.250.185.161 |
| Jan 10, 2025 19:56:22.023529053 CET | 443 | 49974 | 142.250.185.161 | 192.168.2.9 |
| Jan 10, 2025 19:56:22.023581982 CET | 49974 | 443 | 192.168.2.9 | 142.250.185.161 |
| Jan 10, 2025 19:56:22.053337097 CET | 443 | 49974 | 142.250.185.161 | 192.168.2.9 |
| Jan 10, 2025 19:56:22.053417921 CET | 49974 | 443 | 192.168.2.9 | 142.250.185.161 |
| Jan 10, 2025 19:56:22.053431988 CET | 443 | 49974 | 142.250.185.161 | 192.168.2.9 |
| Jan 10, 2025 19:56:22.053464890 CET | 443 | 49974 | 142.250.185.161 | 192.168.2.9 |
| Jan 10, 2025 19:56:22.053478956 CET | 49974 | 443 | 192.168.2.9 | 142.250.185.161 |
| Jan 10, 2025 19:56:22.053488970 CET | 443 | 49974 | 142.250.185.161 | 192.168.2.9 |
| Jan 10, 2025 19:56:22.053509951 CET | 49974 | 443 | 192.168.2.9 | 142.250.185.161 |
| Jan 10, 2025 19:56:22.053550959 CET | 49974 | 443 | 192.168.2.9 | 142.250.185.161 |
| Jan 10, 2025 19:56:22.053555012 CET | 443 | 49974 | 142.250.185.161 | 192.168.2.9 |
| Jan 10, 2025 19:56:22.053594112 CET | 49974 | 443 | 192.168.2.9 | 142.250.185.161 |
| Jan 10, 2025 19:56:22.054193020 CET | 443 | 49974 | 142.250.185.161 | 192.168.2.9 |
| Jan 10, 2025 19:56:22.054238081 CET | 49974 | 443 | 192.168.2.9 | 142.250.185.161 |
| Jan 10, 2025 19:56:22.054244995 CET | 443 | 49974 | 142.250.185.161 | 192.168.2.9 |
| Jan 10, 2025 19:56:22.054275036 CET | 443 | 49974 | 142.250.185.161 | 192.168.2.9 |
| Jan 10, 2025 19:56:22.054294109 CET | 49974 | 443 | 192.168.2.9 | 142.250.185.161 |
| Jan 10, 2025 19:56:22.054300070 CET | 443 | 49974 | 142.250.185.161 | 192.168.2.9 |
| Jan 10, 2025 19:56:22.054317951 CET | 49974 | 443 | 192.168.2.9 | 142.250.185.161 |
| Jan 10, 2025 19:56:22.054344893 CET | 49974 | 443 | 192.168.2.9 | 142.250.185.161 |
| Jan 10, 2025 19:56:22.054348946 CET | 443 | 49974 | 142.250.185.161 | 192.168.2.9 |
| Jan 10, 2025 19:56:22.054406881 CET | 49974 | 443 | 192.168.2.9 | 142.250.185.161 |
| Jan 10, 2025 19:56:22.054855108 CET | 443 | 49974 | 142.250.185.161 | 192.168.2.9 |
| Jan 10, 2025 19:56:22.054903030 CET | 49974 | 443 | 192.168.2.9 | 142.250.185.161 |
| Jan 10, 2025 19:56:22.055893898 CET | 443 | 49974 | 142.250.185.161 | 192.168.2.9 |
| Jan 10, 2025 19:56:22.055988073 CET | 49974 | 443 | 192.168.2.9 | 142.250.185.161 |
| Jan 10, 2025 19:56:22.059535980 CET | 443 | 49974 | 142.250.185.161 | 192.168.2.9 |
| Jan 10, 2025 19:56:22.059592962 CET | 49974 | 443 | 192.168.2.9 | 142.250.185.161 |
| Jan 10, 2025 19:56:22.059609890 CET | 443 | 49974 | 142.250.185.161 | 192.168.2.9 |
| Jan 10, 2025 19:56:22.059674978 CET | 49974 | 443 | 192.168.2.9 | 142.250.185.161 |
| Jan 10, 2025 19:56:22.064466953 CET | 443 | 49974 | 142.250.185.161 | 192.168.2.9 |
| Jan 10, 2025 19:56:22.064517975 CET | 49974 | 443 | 192.168.2.9 | 142.250.185.161 |
| Jan 10, 2025 19:56:22.064526081 CET | 443 | 49974 | 142.250.185.161 | 192.168.2.9 |
| Jan 10, 2025 19:56:22.064574003 CET | 49974 | 443 | 192.168.2.9 | 142.250.185.161 |
| Jan 10, 2025 19:56:22.069444895 CET | 443 | 49974 | 142.250.185.161 | 192.168.2.9 |
| Jan 10, 2025 19:56:22.069519997 CET | 49974 | 443 | 192.168.2.9 | 142.250.185.161 |
| Jan 10, 2025 19:56:22.069528103 CET | 443 | 49974 | 142.250.185.161 | 192.168.2.9 |
| Jan 10, 2025 19:56:22.069575071 CET | 49974 | 443 | 192.168.2.9 | 142.250.185.161 |
| Jan 10, 2025 19:56:22.074930906 CET | 443 | 49974 | 142.250.185.161 | 192.168.2.9 |
| Jan 10, 2025 19:56:22.074985027 CET | 49974 | 443 | 192.168.2.9 | 142.250.185.161 |
| Jan 10, 2025 19:56:22.075032949 CET | 443 | 49974 | 142.250.185.161 | 192.168.2.9 |
| Jan 10, 2025 19:56:22.075088024 CET | 49974 | 443 | 192.168.2.9 | 142.250.185.161 |
| Jan 10, 2025 19:56:22.082072020 CET | 443 | 49974 | 142.250.185.161 | 192.168.2.9 |
| Jan 10, 2025 19:56:22.083323002 CET | 443 | 49974 | 142.250.185.161 | 192.168.2.9 |
| Jan 10, 2025 19:56:22.083355904 CET | 443 | 49974 | 142.250.185.161 | 192.168.2.9 |
| Jan 10, 2025 19:56:22.083378077 CET | 49974 | 443 | 192.168.2.9 | 142.250.185.161 |
| Jan 10, 2025 19:56:22.083389997 CET | 443 | 49974 | 142.250.185.161 | 192.168.2.9 |
| Jan 10, 2025 19:56:22.083404064 CET | 49974 | 443 | 192.168.2.9 | 142.250.185.161 |
| Jan 10, 2025 19:56:22.083437920 CET | 49974 | 443 | 192.168.2.9 | 142.250.185.161 |
| Jan 10, 2025 19:56:22.088728905 CET | 443 | 49974 | 142.250.185.161 | 192.168.2.9 |
| Jan 10, 2025 19:56:22.092727900 CET | 443 | 49974 | 142.250.185.161 | 192.168.2.9 |
| Jan 10, 2025 19:56:22.092782021 CET | 443 | 49974 | 142.250.185.161 | 192.168.2.9 |
| Jan 10, 2025 19:56:22.092824936 CET | 49974 | 443 | 192.168.2.9 | 142.250.185.161 |
| Jan 10, 2025 19:56:22.092837095 CET | 443 | 49974 | 142.250.185.161 | 192.168.2.9 |
| Jan 10, 2025 19:56:22.092886925 CET | 49974 | 443 | 192.168.2.9 | 142.250.185.161 |
| Jan 10, 2025 19:56:22.092886925 CET | 49974 | 443 | 192.168.2.9 | 142.250.185.161 |
| Jan 10, 2025 19:56:22.097116947 CET | 443 | 49974 | 142.250.185.161 | 192.168.2.9 |
| Jan 10, 2025 19:56:22.100106955 CET | 49974 | 443 | 192.168.2.9 | 142.250.185.161 |
| Jan 10, 2025 19:56:22.100119114 CET | 443 | 49974 | 142.250.185.161 | 192.168.2.9 |
| Jan 10, 2025 19:56:22.100174904 CET | 49974 | 443 | 192.168.2.9 | 142.250.185.161 |
| Jan 10, 2025 19:56:22.101510048 CET | 443 | 49974 | 142.250.185.161 | 192.168.2.9 |
| Jan 10, 2025 19:56:22.101574898 CET | 49974 | 443 | 192.168.2.9 | 142.250.185.161 |
| Jan 10, 2025 19:56:22.101582050 CET | 443 | 49974 | 142.250.185.161 | 192.168.2.9 |
| Jan 10, 2025 19:56:22.101629972 CET | 49974 | 443 | 192.168.2.9 | 142.250.185.161 |
| Jan 10, 2025 19:56:22.105725050 CET | 443 | 49974 | 142.250.185.161 | 192.168.2.9 |
| Jan 10, 2025 19:56:22.105791092 CET | 49974 | 443 | 192.168.2.9 | 142.250.185.161 |
| Jan 10, 2025 19:56:22.105798960 CET | 443 | 49974 | 142.250.185.161 | 192.168.2.9 |
| Jan 10, 2025 19:56:22.105863094 CET | 49974 | 443 | 192.168.2.9 | 142.250.185.161 |
| Jan 10, 2025 19:56:22.105869055 CET | 443 | 49974 | 142.250.185.161 | 192.168.2.9 |
| Jan 10, 2025 19:56:22.105920076 CET | 49974 | 443 | 192.168.2.9 | 142.250.185.161 |
| Jan 10, 2025 19:56:22.105926991 CET | 443 | 49974 | 142.250.185.161 | 192.168.2.9 |
| Jan 10, 2025 19:56:22.105977058 CET | 49974 | 443 | 192.168.2.9 | 142.250.185.161 |
| Jan 10, 2025 19:56:22.119956970 CET | 49974 | 443 | 192.168.2.9 | 142.250.185.161 |
| Jan 10, 2025 19:56:22.119992971 CET | 443 | 49974 | 142.250.185.161 | 192.168.2.9 |
| Jan 10, 2025 19:56:22.645441055 CET | 49975 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:56:22.650893927 CET | 80 | 49975 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:56:22.651007891 CET | 49975 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:56:22.651230097 CET | 49975 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:56:22.656048059 CET | 80 | 49975 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:56:23.626229048 CET | 80 | 49975 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:56:23.630548000 CET | 49975 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:56:23.635545015 CET | 80 | 49975 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:56:23.843231916 CET | 80 | 49975 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:56:23.891366959 CET | 49975 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:56:24.350162983 CET | 49977 | 443 | 192.168.2.9 | 104.21.96.1 |
| Jan 10, 2025 19:56:24.350204945 CET | 443 | 49977 | 104.21.96.1 | 192.168.2.9 |
| Jan 10, 2025 19:56:24.350405931 CET | 49977 | 443 | 192.168.2.9 | 104.21.96.1 |
| Jan 10, 2025 19:56:24.383943081 CET | 49977 | 443 | 192.168.2.9 | 104.21.96.1 |
| Jan 10, 2025 19:56:24.383968115 CET | 443 | 49977 | 104.21.96.1 | 192.168.2.9 |
| Jan 10, 2025 19:56:24.849666119 CET | 443 | 49977 | 104.21.96.1 | 192.168.2.9 |
| Jan 10, 2025 19:56:24.849780083 CET | 49977 | 443 | 192.168.2.9 | 104.21.96.1 |
| Jan 10, 2025 19:56:24.852977991 CET | 49977 | 443 | 192.168.2.9 | 104.21.96.1 |
| Jan 10, 2025 19:56:24.852986097 CET | 443 | 49977 | 104.21.96.1 | 192.168.2.9 |
| Jan 10, 2025 19:56:24.853318930 CET | 443 | 49977 | 104.21.96.1 | 192.168.2.9 |
| Jan 10, 2025 19:56:24.857080936 CET | 49977 | 443 | 192.168.2.9 | 104.21.96.1 |
| Jan 10, 2025 19:56:24.899323940 CET | 443 | 49977 | 104.21.96.1 | 192.168.2.9 |
| Jan 10, 2025 19:56:25.008797884 CET | 443 | 49977 | 104.21.96.1 | 192.168.2.9 |
| Jan 10, 2025 19:56:25.008888006 CET | 443 | 49977 | 104.21.96.1 | 192.168.2.9 |
| Jan 10, 2025 19:56:25.008987904 CET | 49977 | 443 | 192.168.2.9 | 104.21.96.1 |
| Jan 10, 2025 19:56:25.014329910 CET | 49977 | 443 | 192.168.2.9 | 104.21.96.1 |
| Jan 10, 2025 19:56:30.658612967 CET | 49975 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:56:30.663650990 CET | 80 | 49975 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:56:30.850446939 CET | 80 | 49975 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:56:30.862185955 CET | 49978 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:30.862243891 CET | 443 | 49978 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:30.862309933 CET | 49978 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:30.862843037 CET | 49978 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:30.862859011 CET | 443 | 49978 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:30.891376972 CET | 49975 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:56:31.669264078 CET | 443 | 49978 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:31.669349909 CET | 49978 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:31.696732998 CET | 49978 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:31.696768045 CET | 443 | 49978 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:31.697082996 CET | 443 | 49978 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:31.750799894 CET | 49978 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:31.764389992 CET | 49978 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:31.807384014 CET | 443 | 49978 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:31.807465076 CET | 49978 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:31.807499886 CET | 443 | 49978 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:32.177815914 CET | 443 | 49978 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:32.177901030 CET | 443 | 49978 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:32.177994013 CET | 49978 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:32.178400040 CET | 49978 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:32.331492901 CET | 49975 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:56:32.332792997 CET | 49979 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:56:32.336500883 CET | 80 | 49975 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:56:32.336565018 CET | 49975 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:56:32.337676048 CET | 80 | 49979 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:56:32.337749004 CET | 49979 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:56:32.337862015 CET | 49979 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:56:32.342677116 CET | 80 | 49979 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:56:32.987696886 CET | 80 | 49979 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:56:32.991425037 CET | 49980 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:32.991475105 CET | 443 | 49980 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:32.991544008 CET | 49980 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:32.992131948 CET | 49980 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:32.992146969 CET | 443 | 49980 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:33.032027006 CET | 49979 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:56:33.617018938 CET | 443 | 49980 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:33.618782997 CET | 49980 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:33.618796110 CET | 443 | 49980 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:33.618860960 CET | 49980 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:33.618870974 CET | 443 | 49980 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:33.861639977 CET | 443 | 49980 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:33.861718893 CET | 443 | 49980 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:33.861762047 CET | 49980 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:33.862169981 CET | 49980 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:33.866528034 CET | 49981 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:56:33.871299982 CET | 80 | 49981 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:56:33.871454954 CET | 49981 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:56:33.871454954 CET | 49981 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:56:33.876312017 CET | 80 | 49981 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:56:34.519035101 CET | 80 | 49981 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:56:34.539136887 CET | 49982 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:34.539206982 CET | 443 | 49982 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:34.539283037 CET | 49982 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:34.539657116 CET | 49982 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:34.539675951 CET | 443 | 49982 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:34.563263893 CET | 49981 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:56:35.328644991 CET | 443 | 49982 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:35.330288887 CET | 49982 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:35.330301046 CET | 443 | 49982 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:35.330357075 CET | 49982 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:35.330367088 CET | 443 | 49982 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:35.693257093 CET | 443 | 49982 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:35.693355083 CET | 443 | 49982 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:35.693542004 CET | 49982 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:35.693809032 CET | 49982 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:35.697323084 CET | 49981 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:56:35.698364019 CET | 49983 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:56:35.702306032 CET | 80 | 49981 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:56:35.702446938 CET | 49981 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:56:35.703190088 CET | 80 | 49983 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:56:35.703332901 CET | 49983 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:56:35.703413010 CET | 49983 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:56:35.708148956 CET | 80 | 49983 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:56:36.331829071 CET | 80 | 49983 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:56:36.332884073 CET | 49984 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:36.332928896 CET | 443 | 49984 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:36.333003044 CET | 49984 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:36.333270073 CET | 49984 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:36.333280087 CET | 443 | 49984 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:36.375804901 CET | 49983 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:56:36.962656021 CET | 443 | 49984 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:36.964210033 CET | 49984 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:36.964220047 CET | 443 | 49984 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:36.964265108 CET | 49984 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:36.964273930 CET | 443 | 49984 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:37.490655899 CET | 443 | 49984 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:37.490865946 CET | 443 | 49984 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:37.490932941 CET | 49984 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:37.496067047 CET | 49984 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:37.666853905 CET | 49983 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:56:37.672835112 CET | 80 | 49983 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:56:37.672903061 CET | 49983 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:56:37.681952953 CET | 49985 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:56:37.686707973 CET | 80 | 49985 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:56:37.686770916 CET | 49985 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:56:37.695169926 CET | 49985 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:56:37.700422049 CET | 80 | 49985 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:56:38.349946022 CET | 80 | 49985 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:56:38.351337910 CET | 49986 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:38.351398945 CET | 443 | 49986 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:38.351491928 CET | 49986 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:38.351782084 CET | 49986 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:38.351804972 CET | 443 | 49986 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:38.391563892 CET | 49985 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:56:39.027198076 CET | 443 | 49986 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:39.028825998 CET | 49986 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:39.028855085 CET | 443 | 49986 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:39.028912067 CET | 49986 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:39.028920889 CET | 443 | 49986 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:39.489701033 CET | 443 | 49986 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:39.489794970 CET | 443 | 49986 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:39.489944935 CET | 49986 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:39.490403891 CET | 49986 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:39.493539095 CET | 49985 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:56:39.494823933 CET | 49987 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:56:39.498528004 CET | 80 | 49985 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:56:39.498625994 CET | 49985 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:56:39.499609947 CET | 80 | 49987 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:56:39.499717951 CET | 49987 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:56:39.500016928 CET | 49987 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:56:39.504777908 CET | 80 | 49987 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:56:40.242940903 CET | 80 | 49987 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:56:40.243882895 CET | 49988 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:40.243940115 CET | 443 | 49988 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:40.244000912 CET | 49988 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:40.244227886 CET | 49988 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:40.244245052 CET | 443 | 49988 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:40.297661066 CET | 49987 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:56:40.970637083 CET | 443 | 49988 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:40.972348928 CET | 49988 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:40.972367048 CET | 443 | 49988 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:40.972414017 CET | 49988 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:40.972425938 CET | 443 | 49988 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:41.456171989 CET | 443 | 49988 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:41.456255913 CET | 443 | 49988 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:41.456367016 CET | 49988 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:41.459753036 CET | 49988 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:41.490838051 CET | 49987 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:56:41.492073059 CET | 49989 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:56:41.495765924 CET | 80 | 49987 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:56:41.496840000 CET | 80 | 49989 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:56:41.496903896 CET | 49987 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:56:41.496938944 CET | 49989 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:56:41.497037888 CET | 49989 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:56:41.501775026 CET | 80 | 49989 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:56:42.144658089 CET | 80 | 49989 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:56:42.147182941 CET | 49990 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:42.147229910 CET | 443 | 49990 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:42.147305012 CET | 49990 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:42.147562027 CET | 49990 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:42.147578001 CET | 443 | 49990 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:42.188312054 CET | 49989 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:56:42.785598040 CET | 443 | 49990 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:42.787297964 CET | 49990 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:42.787342072 CET | 443 | 49990 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:42.787411928 CET | 49990 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:42.787420988 CET | 443 | 49990 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:43.133565903 CET | 443 | 49990 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:43.133707047 CET | 443 | 49990 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:43.133796930 CET | 49990 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:43.134135962 CET | 49990 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:43.137113094 CET | 49989 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:56:43.137826920 CET | 49991 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:56:43.142160892 CET | 80 | 49989 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:56:43.142297029 CET | 49989 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:56:43.142683983 CET | 80 | 49991 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:56:43.142746925 CET | 49991 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:56:43.151722908 CET | 49991 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:56:43.156512976 CET | 80 | 49991 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:56:43.768310070 CET | 80 | 49991 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:56:43.770095110 CET | 49992 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:43.770122051 CET | 443 | 49992 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:43.770217896 CET | 49992 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:43.770487070 CET | 49992 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:43.770498991 CET | 443 | 49992 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:43.813283920 CET | 49991 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:56:44.376713037 CET | 443 | 49992 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:44.378649950 CET | 49992 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:44.378665924 CET | 443 | 49992 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:44.379286051 CET | 49992 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:44.379290104 CET | 443 | 49992 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:44.714368105 CET | 443 | 49992 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:44.714454889 CET | 443 | 49992 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:44.714596033 CET | 49992 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:44.715020895 CET | 49992 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:44.718235970 CET | 49991 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:56:44.719271898 CET | 49993 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:56:44.723206997 CET | 80 | 49991 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:56:44.724091053 CET | 80 | 49993 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:56:44.724179029 CET | 49991 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:56:44.724217892 CET | 49993 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:56:44.724353075 CET | 49993 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:56:44.729072094 CET | 80 | 49993 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:56:45.430491924 CET | 80 | 49993 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:56:45.431767941 CET | 49994 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:45.431812048 CET | 443 | 49994 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:45.431883097 CET | 49994 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:45.432164907 CET | 49994 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:45.432178020 CET | 443 | 49994 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:45.485165119 CET | 49993 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:56:46.217468977 CET | 443 | 49994 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:46.219306946 CET | 49994 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:46.219337940 CET | 443 | 49994 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:46.219430923 CET | 49994 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:46.219436884 CET | 443 | 49994 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:46.560698032 CET | 443 | 49994 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:46.560794115 CET | 443 | 49994 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:46.560883999 CET | 49994 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:46.561430931 CET | 49994 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:46.564709902 CET | 49993 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:56:46.565738916 CET | 49995 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:56:46.569911003 CET | 80 | 49993 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:56:46.570012093 CET | 49993 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:56:46.570488930 CET | 80 | 49995 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:56:46.570554972 CET | 49995 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:56:46.570641994 CET | 49995 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:56:46.575445890 CET | 80 | 49995 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:56:47.220339060 CET | 80 | 49995 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:56:47.221767902 CET | 49996 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:47.221806049 CET | 443 | 49996 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:47.221888065 CET | 49996 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:47.222254992 CET | 49996 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:47.222265959 CET | 443 | 49996 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:47.266465902 CET | 49995 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:56:47.842503071 CET | 443 | 49996 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:47.844105005 CET | 49996 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:47.844127893 CET | 443 | 49996 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:47.844177961 CET | 49996 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:47.844185114 CET | 443 | 49996 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:48.242643118 CET | 443 | 49996 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:48.242731094 CET | 443 | 49996 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:48.242791891 CET | 49996 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:48.243702888 CET | 49996 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:48.246699095 CET | 49995 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:56:48.247407913 CET | 49997 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:56:48.251619101 CET | 80 | 49995 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:56:48.251671076 CET | 49995 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:56:48.252372026 CET | 80 | 49997 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:56:48.252433062 CET | 49997 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:56:48.252563953 CET | 49997 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:56:48.257288933 CET | 80 | 49997 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:56:48.906281948 CET | 80 | 49997 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:56:48.909272909 CET | 49998 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:48.909307957 CET | 443 | 49998 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:48.909578085 CET | 49998 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:48.909914017 CET | 49998 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:48.909925938 CET | 443 | 49998 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:48.953978062 CET | 49997 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:56:49.519782066 CET | 443 | 49998 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:49.522788048 CET | 49998 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:49.522799969 CET | 443 | 49998 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:49.522954941 CET | 49998 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:49.522963047 CET | 443 | 49998 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:50.101700068 CET | 443 | 49998 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:50.101794958 CET | 443 | 49998 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:50.101865053 CET | 49998 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:50.102973938 CET | 49998 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:50.109364986 CET | 49997 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:56:50.110631943 CET | 49999 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:56:50.114427090 CET | 80 | 49997 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:56:50.114499092 CET | 49997 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:56:50.115417957 CET | 80 | 49999 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:56:50.115504980 CET | 49999 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:56:50.115611076 CET | 49999 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:56:50.120346069 CET | 80 | 49999 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:56:50.741583109 CET | 80 | 49999 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:56:50.742866993 CET | 50000 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:50.742896080 CET | 443 | 50000 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:50.743007898 CET | 50000 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:50.743325949 CET | 50000 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:50.743339062 CET | 443 | 50000 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:50.782058954 CET | 49999 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:56:51.472140074 CET | 443 | 50000 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:51.473783016 CET | 50000 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:51.473803043 CET | 443 | 50000 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:51.473902941 CET | 50000 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:51.473908901 CET | 443 | 50000 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:52.036277056 CET | 443 | 50000 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:52.036354065 CET | 443 | 50000 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:52.036556005 CET | 50000 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:52.036947966 CET | 50000 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:52.040119886 CET | 49999 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:56:52.040721893 CET | 50001 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:56:52.045057058 CET | 80 | 49999 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:56:52.045129061 CET | 49999 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:56:52.045545101 CET | 80 | 50001 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:56:52.045623064 CET | 50001 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:56:52.045753002 CET | 50001 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:56:52.050520897 CET | 80 | 50001 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:56:52.690864086 CET | 80 | 50001 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:56:52.692817926 CET | 50002 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:52.692858934 CET | 443 | 50002 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:52.692959070 CET | 50002 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:52.693583965 CET | 50002 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:52.693610907 CET | 443 | 50002 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:52.735188961 CET | 50001 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:56:53.339575052 CET | 443 | 50002 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:53.341082096 CET | 50002 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:53.341099977 CET | 443 | 50002 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:53.341150045 CET | 50002 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:53.341160059 CET | 443 | 50002 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:53.769709110 CET | 443 | 50002 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:53.769795895 CET | 443 | 50002 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:53.769859076 CET | 50002 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:53.770263910 CET | 50002 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:53.772970915 CET | 50001 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:56:53.773935080 CET | 50003 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:56:53.777964115 CET | 80 | 50001 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:56:53.778037071 CET | 50001 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:56:53.778706074 CET | 80 | 50003 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:56:53.778774023 CET | 50003 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:56:53.778923988 CET | 50003 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:56:53.783786058 CET | 80 | 50003 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:56:54.443841934 CET | 80 | 50003 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:56:54.445091009 CET | 50004 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:54.445126057 CET | 443 | 50004 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:54.445179939 CET | 50004 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:54.445421934 CET | 50004 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:54.445430040 CET | 443 | 50004 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:54.485234976 CET | 50003 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:56:55.065759897 CET | 443 | 50004 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:55.067311049 CET | 50004 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:55.067333937 CET | 443 | 50004 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:55.067384005 CET | 50004 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:55.067389011 CET | 443 | 50004 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:55.393879890 CET | 443 | 50004 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:55.393949032 CET | 443 | 50004 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:55.394056082 CET | 50004 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:55.394480944 CET | 50004 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:55.397389889 CET | 50003 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:56:55.398668051 CET | 50005 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:56:55.402487993 CET | 80 | 50003 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:56:55.402571917 CET | 50003 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:56:55.403493881 CET | 80 | 50005 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:56:55.403580904 CET | 50005 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:56:55.403677940 CET | 50005 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:56:55.408437014 CET | 80 | 50005 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:56:56.106746912 CET | 80 | 50005 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:56:56.108069897 CET | 50006 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:56.108102083 CET | 443 | 50006 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:56.108201027 CET | 50006 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:56.108443975 CET | 50006 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:56.108455896 CET | 443 | 50006 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:56.157157898 CET | 50005 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:56:56.716442108 CET | 443 | 50006 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:56.718310118 CET | 50006 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:56.718329906 CET | 443 | 50006 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:56.718381882 CET | 50006 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:56.718389034 CET | 443 | 50006 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:57.036413908 CET | 443 | 50006 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:57.036489964 CET | 443 | 50006 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:57.036550999 CET | 50006 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:57.037048101 CET | 50006 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:57.040534973 CET | 50005 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:56:57.041665077 CET | 50007 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:56:57.046139002 CET | 80 | 50005 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:56:57.046240091 CET | 50005 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:56:57.046753883 CET | 80 | 50007 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:56:57.046834946 CET | 50007 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:56:57.046950102 CET | 50007 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:56:57.051935911 CET | 80 | 50007 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:56:57.694842100 CET | 80 | 50007 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:56:57.696125984 CET | 50008 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:57.696176052 CET | 443 | 50008 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:57.696361065 CET | 50008 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:57.696686029 CET | 50008 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:57.696700096 CET | 443 | 50008 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:57.735238075 CET | 50007 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:56:58.350049973 CET | 443 | 50008 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:58.352236032 CET | 50008 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:58.352284908 CET | 443 | 50008 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:58.352359056 CET | 50008 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:58.352370977 CET | 443 | 50008 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:58.781943083 CET | 443 | 50008 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:58.782049894 CET | 443 | 50008 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:58.782126904 CET | 50008 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:58.782670975 CET | 50008 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:58.785640955 CET | 50007 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:56:58.786664009 CET | 50009 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:56:58.790769100 CET | 80 | 50007 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:56:58.790834904 CET | 50007 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:56:58.791600943 CET | 80 | 50009 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:56:58.791719913 CET | 50009 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:56:58.791788101 CET | 50009 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:56:58.796566010 CET | 80 | 50009 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:56:59.457020998 CET | 80 | 50009 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:56:59.458460093 CET | 50010 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:59.458515882 CET | 443 | 50010 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:59.458602905 CET | 50010 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:59.458885908 CET | 50010 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:56:59.458900928 CET | 443 | 50010 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:56:59.500854015 CET | 50009 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:00.085971117 CET | 443 | 50010 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:00.087867022 CET | 50010 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:00.087894917 CET | 443 | 50010 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:00.087958097 CET | 50010 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:00.087966919 CET | 443 | 50010 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:00.408315897 CET | 443 | 50010 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:00.408404112 CET | 443 | 50010 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:00.408478022 CET | 50010 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:00.408915043 CET | 50010 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:00.411747932 CET | 50009 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:00.413166046 CET | 50011 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:00.416693926 CET | 80 | 50009 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:57:00.416774035 CET | 50009 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:00.418023109 CET | 80 | 50011 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:57:00.418107033 CET | 50011 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:00.418203115 CET | 50011 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:00.422947884 CET | 80 | 50011 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:57:01.092299938 CET | 80 | 50011 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:57:01.093645096 CET | 50012 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:01.093691111 CET | 443 | 50012 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:01.093888044 CET | 50012 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:01.094232082 CET | 50012 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:01.094245911 CET | 443 | 50012 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:01.141508102 CET | 50011 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:01.881367922 CET | 443 | 50012 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:01.883246899 CET | 50012 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:01.883274078 CET | 443 | 50012 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:01.883326054 CET | 50012 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:01.883335114 CET | 443 | 50012 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:02.211272955 CET | 443 | 50012 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:02.211364985 CET | 443 | 50012 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:02.211441040 CET | 50012 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:02.211894989 CET | 50012 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:02.214786053 CET | 50011 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:02.215960979 CET | 50013 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:02.220285892 CET | 80 | 50011 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:57:02.220355034 CET | 50011 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:02.222217083 CET | 80 | 50013 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:57:02.222290993 CET | 50013 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:02.222388983 CET | 50013 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:02.228329897 CET | 80 | 50013 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:57:02.869720936 CET | 80 | 50013 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:57:02.884869099 CET | 50014 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:02.884901047 CET | 443 | 50014 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:02.884994030 CET | 50014 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:02.885551929 CET | 50014 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:02.885560036 CET | 443 | 50014 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:02.922705889 CET | 50013 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:03.520445108 CET | 443 | 50014 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:03.527021885 CET | 50014 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:03.527057886 CET | 443 | 50014 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:03.527107000 CET | 50014 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:03.527117014 CET | 443 | 50014 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:03.848570108 CET | 443 | 50014 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:03.848655939 CET | 443 | 50014 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:03.848747969 CET | 50014 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:03.852150917 CET | 50014 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:03.856580973 CET | 50013 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:03.857513905 CET | 50015 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:03.861624956 CET | 80 | 50013 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:57:03.861670971 CET | 50013 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:03.862384081 CET | 80 | 50015 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:57:03.862435102 CET | 50015 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:03.862551928 CET | 50015 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:03.867281914 CET | 80 | 50015 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:57:04.492100000 CET | 80 | 50015 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:57:04.498114109 CET | 50016 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:04.498143911 CET | 443 | 50016 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:04.502094030 CET | 50016 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:04.502094030 CET | 50016 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:04.502126932 CET | 443 | 50016 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:04.532085896 CET | 50015 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:05.150105953 CET | 443 | 50016 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:05.151803017 CET | 50016 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:05.151813030 CET | 443 | 50016 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:05.151901960 CET | 50016 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:05.151907921 CET | 443 | 50016 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:05.506675005 CET | 443 | 50016 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:05.506830931 CET | 443 | 50016 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:05.507280111 CET | 50016 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:05.507280111 CET | 50016 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:05.511323929 CET | 50015 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:05.511986971 CET | 50017 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:05.516386986 CET | 80 | 50015 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:57:05.516470909 CET | 50015 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:05.516822100 CET | 80 | 50017 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:57:05.516887903 CET | 50017 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:05.516987085 CET | 50017 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:05.521725893 CET | 80 | 50017 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:57:06.283077002 CET | 80 | 50017 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:57:06.298779964 CET | 50018 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:06.298826933 CET | 443 | 50018 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:06.298886061 CET | 50018 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:06.299623966 CET | 50018 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:06.299648046 CET | 443 | 50018 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:06.329001904 CET | 50017 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:06.934926033 CET | 443 | 50018 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:06.936604977 CET | 50018 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:06.936633110 CET | 443 | 50018 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:06.936779022 CET | 50018 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:06.936784983 CET | 443 | 50018 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:07.300259113 CET | 443 | 50018 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:07.300378084 CET | 443 | 50018 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:07.300455093 CET | 50018 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:07.300960064 CET | 50018 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:07.309649944 CET | 50017 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:07.313735962 CET | 50019 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:07.314606905 CET | 80 | 50017 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:57:07.314656019 CET | 50017 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:07.318617105 CET | 80 | 50019 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:57:07.318706036 CET | 50019 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:07.318825006 CET | 50019 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:07.323630095 CET | 80 | 50019 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:57:07.949659109 CET | 80 | 50019 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:57:07.950941086 CET | 50020 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:07.950988054 CET | 443 | 50020 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:07.951056004 CET | 50020 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:07.951351881 CET | 50020 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:07.951364994 CET | 443 | 50020 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:08.000891924 CET | 50019 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:08.565356016 CET | 443 | 50020 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:08.566914082 CET | 50020 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:08.566943884 CET | 443 | 50020 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:08.567001104 CET | 50020 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:08.567008972 CET | 443 | 50020 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:09.116714954 CET | 443 | 50020 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:09.116919041 CET | 443 | 50020 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:09.116978884 CET | 50020 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:09.120959997 CET | 50020 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:09.150034904 CET | 50019 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:09.155005932 CET | 80 | 50019 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:57:09.155067921 CET | 50019 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:09.157448053 CET | 50021 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:09.162334919 CET | 80 | 50021 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:57:09.162400961 CET | 50021 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:09.162843943 CET | 50021 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:09.167650938 CET | 80 | 50021 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:57:09.795720100 CET | 80 | 50021 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:57:09.796785116 CET | 50022 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:09.796824932 CET | 443 | 50022 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:09.796931982 CET | 50022 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:09.797178030 CET | 50022 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:09.797194004 CET | 443 | 50022 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:09.844647884 CET | 50021 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:10.431231976 CET | 443 | 50022 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:10.432948112 CET | 50022 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:10.432960033 CET | 443 | 50022 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:10.433015108 CET | 50022 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:10.433022976 CET | 443 | 50022 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:10.849832058 CET | 443 | 50022 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:10.850043058 CET | 443 | 50022 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:10.850121975 CET | 50022 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:10.850543976 CET | 50022 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:10.853147984 CET | 50021 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:10.854415894 CET | 50023 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:10.858200073 CET | 80 | 50021 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:57:10.858391047 CET | 50021 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:10.859349012 CET | 80 | 50023 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:57:10.859425068 CET | 50023 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:10.859555006 CET | 50023 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:10.864363909 CET | 80 | 50023 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:57:11.676215887 CET | 80 | 50023 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:57:11.699814081 CET | 50024 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:11.699866056 CET | 443 | 50024 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:11.699930906 CET | 50024 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:11.700500965 CET | 50024 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:11.700512886 CET | 443 | 50024 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:11.719628096 CET | 50023 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:12.333865881 CET | 443 | 50024 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:12.362070084 CET | 50024 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:12.362111092 CET | 443 | 50024 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:12.362178087 CET | 50024 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:12.362194061 CET | 443 | 50024 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:12.700944901 CET | 443 | 50024 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:12.701031923 CET | 443 | 50024 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:12.701212883 CET | 50024 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:12.701785088 CET | 50024 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:12.704936028 CET | 50023 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:12.706110954 CET | 50025 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:12.709996939 CET | 80 | 50023 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:57:12.710119009 CET | 50023 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:12.710928917 CET | 80 | 50025 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:57:12.711003065 CET | 50025 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:12.711165905 CET | 50025 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:12.715897083 CET | 80 | 50025 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:57:13.354516983 CET | 80 | 50025 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:57:13.357000113 CET | 50026 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:13.357034922 CET | 443 | 50026 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:13.357110023 CET | 50026 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:13.357428074 CET | 50026 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:13.357436895 CET | 443 | 50026 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:13.407145023 CET | 50025 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:14.062376976 CET | 443 | 50026 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:14.065139055 CET | 50026 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:14.065151930 CET | 443 | 50026 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:14.068969011 CET | 50026 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:14.068977118 CET | 443 | 50026 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:14.362984896 CET | 443 | 50026 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:14.363066912 CET | 443 | 50026 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:14.363213062 CET | 50026 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:14.363596916 CET | 50026 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:14.366573095 CET | 50025 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:14.367728949 CET | 50027 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:14.371534109 CET | 80 | 50025 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:57:14.371627092 CET | 50025 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:14.372508049 CET | 80 | 50027 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:57:14.372610092 CET | 50027 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:14.372728109 CET | 50027 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:14.377538919 CET | 80 | 50027 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:57:15.077299118 CET | 80 | 50027 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:57:15.080089092 CET | 50028 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:15.080151081 CET | 443 | 50028 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:15.080209017 CET | 50028 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:15.080811977 CET | 50028 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:15.080825090 CET | 443 | 50028 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:15.125866890 CET | 50027 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:15.707226992 CET | 443 | 50028 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:15.709101915 CET | 50028 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:15.709136963 CET | 443 | 50028 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:15.709181070 CET | 50028 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:15.709191084 CET | 443 | 50028 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:16.226684093 CET | 443 | 50028 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:16.226893902 CET | 443 | 50028 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:16.226960897 CET | 50028 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:16.227384090 CET | 50028 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:16.230230093 CET | 50027 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:16.231369019 CET | 50029 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:16.236128092 CET | 80 | 50027 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:57:16.236196995 CET | 50027 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:16.238095999 CET | 80 | 50029 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:57:16.238179922 CET | 50029 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:16.238293886 CET | 50029 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:16.245358944 CET | 80 | 50029 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:57:16.874577999 CET | 80 | 50029 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:57:16.876245022 CET | 50030 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:16.876296043 CET | 443 | 50030 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:16.876374006 CET | 50030 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:16.876698017 CET | 50030 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:16.876714945 CET | 443 | 50030 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:16.922821045 CET | 50029 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:17.519675970 CET | 443 | 50030 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:17.521394014 CET | 50030 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:17.521480083 CET | 443 | 50030 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:17.521560907 CET | 50030 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:17.521586895 CET | 443 | 50030 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:17.839730024 CET | 443 | 50030 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:17.839809895 CET | 443 | 50030 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:17.839884996 CET | 50030 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:17.842657089 CET | 50030 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:17.952971935 CET | 50029 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:17.955468893 CET | 50031 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:17.958638906 CET | 80 | 50029 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:57:17.958683968 CET | 50029 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:17.960835934 CET | 80 | 50031 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:57:17.960890055 CET | 50031 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:17.961086035 CET | 50031 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:17.965846062 CET | 80 | 50031 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:57:18.595966101 CET | 80 | 50031 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:57:18.597713947 CET | 50032 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:18.597764015 CET | 443 | 50032 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:18.597917080 CET | 50032 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:18.598284960 CET | 50032 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:18.598304033 CET | 443 | 50032 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:18.641593933 CET | 50031 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:19.210455894 CET | 443 | 50032 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:19.212130070 CET | 50032 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:19.212157011 CET | 443 | 50032 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:19.212228060 CET | 50032 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:19.212234974 CET | 443 | 50032 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:19.456212044 CET | 443 | 50032 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:19.456304073 CET | 443 | 50032 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:19.456394911 CET | 50032 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:19.456804037 CET | 50032 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:19.459656954 CET | 50031 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:19.460886002 CET | 50033 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:19.464637995 CET | 80 | 50031 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:57:19.464719057 CET | 50031 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:19.465693951 CET | 80 | 50033 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:57:19.465784073 CET | 50033 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:19.465866089 CET | 50033 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:19.471812963 CET | 80 | 50033 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:57:20.159671068 CET | 80 | 50033 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:57:20.160933018 CET | 50034 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:20.161000967 CET | 443 | 50034 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:20.161072969 CET | 50034 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:20.161350965 CET | 50034 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:20.161370039 CET | 443 | 50034 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:20.204022884 CET | 50033 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:20.933485985 CET | 443 | 50034 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:20.935494900 CET | 50034 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:20.935524940 CET | 443 | 50034 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:20.935576916 CET | 50034 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:20.935585022 CET | 443 | 50034 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:21.448014975 CET | 443 | 50034 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:21.448115110 CET | 443 | 50034 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:21.448291063 CET | 50034 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:21.448904037 CET | 50034 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:21.452756882 CET | 50033 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:21.453430891 CET | 50035 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:21.457707882 CET | 80 | 50033 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:57:21.457823992 CET | 50033 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:21.458226919 CET | 80 | 50035 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:57:21.458302021 CET | 50035 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:21.458517075 CET | 50035 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:21.463335991 CET | 80 | 50035 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:57:22.451500893 CET | 80 | 50035 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:57:22.453147888 CET | 50036 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:22.453200102 CET | 443 | 50036 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:22.453279972 CET | 50036 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:22.453634977 CET | 50036 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:22.453649998 CET | 443 | 50036 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:22.500890970 CET | 50035 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:23.074166059 CET | 443 | 50036 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:23.096030951 CET | 50036 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:23.096115112 CET | 443 | 50036 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:23.096791029 CET | 50036 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:23.096806049 CET | 443 | 50036 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:23.378051996 CET | 443 | 50036 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:23.378133059 CET | 443 | 50036 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:23.378248930 CET | 50036 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:23.380198956 CET | 50036 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:23.398121119 CET | 50035 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:23.399647951 CET | 50037 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:23.403172016 CET | 80 | 50035 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:57:23.403218031 CET | 50035 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:23.404494047 CET | 80 | 50037 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:57:23.404553890 CET | 50037 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:23.404653072 CET | 50037 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:23.409390926 CET | 80 | 50037 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:57:24.156219959 CET | 80 | 50037 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:57:24.161684036 CET | 50038 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:24.161724091 CET | 443 | 50038 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:24.161798000 CET | 50038 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:24.162105083 CET | 49979 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:24.162472010 CET | 50038 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:24.162483931 CET | 443 | 50038 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:24.204037905 CET | 50037 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:24.774715900 CET | 443 | 50038 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:24.780220032 CET | 50038 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:24.780249119 CET | 443 | 50038 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:24.780325890 CET | 50038 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:24.780338049 CET | 443 | 50038 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:25.113234997 CET | 443 | 50038 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:25.113320112 CET | 443 | 50038 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:25.113415003 CET | 50038 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:25.114029884 CET | 50038 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:25.117464066 CET | 50037 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:25.122121096 CET | 50039 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:25.122426033 CET | 80 | 50037 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:57:25.126297951 CET | 50037 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:25.127515078 CET | 80 | 50039 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:57:25.130359888 CET | 50039 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:25.130359888 CET | 50039 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:25.135179996 CET | 80 | 50039 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:57:26.156943083 CET | 80 | 50039 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:57:26.161073923 CET | 50040 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:26.161099911 CET | 443 | 50040 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:26.161175966 CET | 50040 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:26.161520958 CET | 50040 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:26.161530972 CET | 443 | 50040 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:26.204051971 CET | 50039 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:26.768114090 CET | 443 | 50040 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:26.774516106 CET | 50040 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:26.774532080 CET | 443 | 50040 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:26.774669886 CET | 50040 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:26.774679899 CET | 443 | 50040 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:26.997565031 CET | 443 | 50040 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:26.997662067 CET | 443 | 50040 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:26.997770071 CET | 50040 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:26.998306990 CET | 50040 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:27.002063036 CET | 50039 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:27.003356934 CET | 50041 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:27.007167101 CET | 80 | 50039 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:57:27.007349014 CET | 50039 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:27.008296967 CET | 80 | 50041 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:57:27.008383989 CET | 50041 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:27.008522987 CET | 50041 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:27.013376951 CET | 80 | 50041 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:57:28.607250929 CET | 80 | 50041 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:57:28.609015942 CET | 50042 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:28.609066963 CET | 443 | 50042 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:28.609224081 CET | 50042 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:28.609540939 CET | 50042 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:28.609555006 CET | 443 | 50042 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:28.657164097 CET | 50041 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:29.261157036 CET | 443 | 50042 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:29.270172119 CET | 50042 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:29.270185947 CET | 443 | 50042 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:29.270320892 CET | 50042 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:29.270332098 CET | 443 | 50042 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:29.619237900 CET | 443 | 50042 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:29.619369030 CET | 443 | 50042 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:29.619465113 CET | 50042 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:29.621715069 CET | 50042 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:29.640866041 CET | 50041 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:29.644244909 CET | 50043 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:29.645893097 CET | 80 | 50041 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:57:29.645948887 CET | 50041 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:29.649080992 CET | 80 | 50043 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:57:29.649270058 CET | 50043 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:29.664640903 CET | 50043 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:29.669498920 CET | 80 | 50043 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:57:30.791426897 CET | 80 | 50043 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:57:30.795686960 CET | 50044 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:30.795732021 CET | 443 | 50044 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:30.795844078 CET | 50044 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:30.796164989 CET | 50044 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:30.796181917 CET | 443 | 50044 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:30.844685078 CET | 50043 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:31.442893028 CET | 443 | 50044 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:31.445574999 CET | 50044 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:31.445600033 CET | 443 | 50044 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:31.445662022 CET | 50044 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:31.445668936 CET | 443 | 50044 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:31.750068903 CET | 443 | 50044 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:31.750163078 CET | 443 | 50044 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:31.750276089 CET | 50044 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:31.751714945 CET | 50044 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:31.755486965 CET | 50043 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:31.756756067 CET | 50045 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:31.760426044 CET | 80 | 50043 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:57:31.760500908 CET | 50043 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:31.761550903 CET | 80 | 50045 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:57:31.761629105 CET | 50045 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:31.761778116 CET | 50045 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:31.766531944 CET | 80 | 50045 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:57:32.441133022 CET | 80 | 50045 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:57:32.485336065 CET | 50045 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:32.670736074 CET | 50046 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:32.670784950 CET | 443 | 50046 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:32.670897007 CET | 50046 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:32.671829939 CET | 50046 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:32.671842098 CET | 443 | 50046 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:33.304533005 CET | 443 | 50046 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:33.309237003 CET | 50046 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:33.309262991 CET | 443 | 50046 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:33.309465885 CET | 50046 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:33.309473991 CET | 443 | 50046 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:33.598537922 CET | 443 | 50046 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:33.598618984 CET | 443 | 50046 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:33.598660946 CET | 50046 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:33.599212885 CET | 50046 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:33.603173018 CET | 50045 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:33.604150057 CET | 50047 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:33.609225988 CET | 80 | 50045 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:57:33.609294891 CET | 50045 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:33.609954119 CET | 80 | 50047 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:57:33.610039949 CET | 50047 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:33.610366106 CET | 50047 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:33.616076946 CET | 80 | 50047 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:57:37.391494036 CET | 80 | 50047 | 193.122.6.168 | 192.168.2.9 |
| Jan 10, 2025 19:57:37.438426971 CET | 50047 | 80 | 192.168.2.9 | 193.122.6.168 |
| Jan 10, 2025 19:57:38.776715994 CET | 50048 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:38.776762009 CET | 443 | 50048 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:38.776963949 CET | 50048 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:38.777323008 CET | 50048 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:38.777333021 CET | 443 | 50048 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:39.433514118 CET | 443 | 50048 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:39.435915947 CET | 50048 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:39.435925961 CET | 443 | 50048 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:39.435986042 CET | 50048 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 19:57:39.435992956 CET | 443 | 50048 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:39.793164015 CET | 443 | 50048 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:39.793546915 CET | 443 | 50048 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 19:57:39.793591976 CET | 50048 | 443 | 192.168.2.9 | 149.154.167.220 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Jan 10, 2025 19:56:17.492767096 CET | 56321 | 53 | 192.168.2.9 | 1.1.1.1 |
| Jan 10, 2025 19:56:17.499944925 CET | 53 | 56321 | 1.1.1.1 | 192.168.2.9 |
| Jan 10, 2025 19:56:18.663100958 CET | 51292 | 53 | 192.168.2.9 | 1.1.1.1 |
| Jan 10, 2025 19:56:18.670830965 CET | 53 | 51292 | 1.1.1.1 | 192.168.2.9 |
| Jan 10, 2025 19:56:22.627509117 CET | 62546 | 53 | 192.168.2.9 | 1.1.1.1 |
| Jan 10, 2025 19:56:22.636420965 CET | 53 | 62546 | 1.1.1.1 | 192.168.2.9 |
| Jan 10, 2025 19:56:24.339093924 CET | 63955 | 53 | 192.168.2.9 | 1.1.1.1 |
| Jan 10, 2025 19:56:24.346666098 CET | 53 | 63955 | 1.1.1.1 | 192.168.2.9 |
| Jan 10, 2025 19:56:30.854527950 CET | 56157 | 53 | 192.168.2.9 | 1.1.1.1 |
| Jan 10, 2025 19:56:30.861440897 CET | 53 | 56157 | 1.1.1.1 | 192.168.2.9 |
| Jan 10, 2025 19:57:06.290363073 CET | 55102 | 53 | 192.168.2.9 | 1.1.1.1 |
| Jan 10, 2025 19:57:06.297399044 CET | 53 | 55102 | 1.1.1.1 | 192.168.2.9 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Jan 10, 2025 19:56:17.492767096 CET | 192.168.2.9 | 1.1.1.1 | 0x5f86 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Jan 10, 2025 19:56:18.663100958 CET | 192.168.2.9 | 1.1.1.1 | 0x60e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Jan 10, 2025 19:56:22.627509117 CET | 192.168.2.9 | 1.1.1.1 | 0xc16e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Jan 10, 2025 19:56:24.339093924 CET | 192.168.2.9 | 1.1.1.1 | 0xc3b4 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Jan 10, 2025 19:56:30.854527950 CET | 192.168.2.9 | 1.1.1.1 | 0x7d30 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Jan 10, 2025 19:57:06.290363073 CET | 192.168.2.9 | 1.1.1.1 | 0xfd4a | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Jan 10, 2025 19:56:17.499944925 CET | 1.1.1.1 | 192.168.2.9 | 0x5f86 | No error (0) | 142.250.185.110 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 19:56:18.670830965 CET | 1.1.1.1 | 192.168.2.9 | 0x60e | No error (0) | 142.250.185.161 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 19:56:22.636420965 CET | 1.1.1.1 | 192.168.2.9 | 0xc16e | No error (0) | checkip.dyndns.com | CNAME (Canonical name) | IN (0x0001) | false | ||
| Jan 10, 2025 19:56:22.636420965 CET | 1.1.1.1 | 192.168.2.9 | 0xc16e | No error (0) | 193.122.6.168 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 19:56:22.636420965 CET | 1.1.1.1 | 192.168.2.9 | 0xc16e | No error (0) | 158.101.44.242 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 19:56:22.636420965 CET | 1.1.1.1 | 192.168.2.9 | 0xc16e | No error (0) | 132.226.247.73 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 19:56:22.636420965 CET | 1.1.1.1 | 192.168.2.9 | 0xc16e | No error (0) | 193.122.130.0 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 19:56:22.636420965 CET | 1.1.1.1 | 192.168.2.9 | 0xc16e | No error (0) | 132.226.8.169 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 19:56:24.346666098 CET | 1.1.1.1 | 192.168.2.9 | 0xc3b4 | No error (0) | 104.21.96.1 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 19:56:24.346666098 CET | 1.1.1.1 | 192.168.2.9 | 0xc3b4 | No error (0) | 104.21.32.1 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 19:56:24.346666098 CET | 1.1.1.1 | 192.168.2.9 | 0xc3b4 | No error (0) | 104.21.64.1 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 19:56:24.346666098 CET | 1.1.1.1 | 192.168.2.9 | 0xc3b4 | No error (0) | 104.21.16.1 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 19:56:24.346666098 CET | 1.1.1.1 | 192.168.2.9 | 0xc3b4 | No error (0) | 104.21.48.1 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 19:56:24.346666098 CET | 1.1.1.1 | 192.168.2.9 | 0xc3b4 | No error (0) | 104.21.80.1 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 19:56:24.346666098 CET | 1.1.1.1 | 192.168.2.9 | 0xc3b4 | No error (0) | 104.21.112.1 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 19:56:30.861440897 CET | 1.1.1.1 | 192.168.2.9 | 0x7d30 | No error (0) | 149.154.167.220 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 19:57:06.297399044 CET | 1.1.1.1 | 192.168.2.9 | 0xfd4a | No error (0) | 149.154.167.220 | A (IP address) | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.9 | 49975 | 193.122.6.168 | 80 | 7628 | C:\Users\user\Desktop\m0CZ8H4jfl.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 19:56:22.651230097 CET | 151 | OUT | |
| Jan 10, 2025 19:56:23.626229048 CET | 273 | IN | |
| Jan 10, 2025 19:56:23.630548000 CET | 127 | OUT | |
| Jan 10, 2025 19:56:23.843231916 CET | 273 | IN | |
| Jan 10, 2025 19:56:30.658612967 CET | 127 | OUT | |
| Jan 10, 2025 19:56:30.850446939 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.9 | 49979 | 193.122.6.168 | 80 | 7628 | C:\Users\user\Desktop\m0CZ8H4jfl.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 19:56:32.337862015 CET | 127 | OUT | |
| Jan 10, 2025 19:56:32.987696886 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 2 | 192.168.2.9 | 49981 | 193.122.6.168 | 80 | 7628 | C:\Users\user\Desktop\m0CZ8H4jfl.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 19:56:33.871454954 CET | 151 | OUT | |
| Jan 10, 2025 19:56:34.519035101 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 3 | 192.168.2.9 | 49983 | 193.122.6.168 | 80 | 7628 | C:\Users\user\Desktop\m0CZ8H4jfl.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 19:56:35.703413010 CET | 151 | OUT | |
| Jan 10, 2025 19:56:36.331829071 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 4 | 192.168.2.9 | 49985 | 193.122.6.168 | 80 | 7628 | C:\Users\user\Desktop\m0CZ8H4jfl.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 19:56:37.695169926 CET | 151 | OUT | |
| Jan 10, 2025 19:56:38.349946022 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 5 | 192.168.2.9 | 49987 | 193.122.6.168 | 80 | 7628 | C:\Users\user\Desktop\m0CZ8H4jfl.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 19:56:39.500016928 CET | 151 | OUT | |
| Jan 10, 2025 19:56:40.242940903 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 6 | 192.168.2.9 | 49989 | 193.122.6.168 | 80 | 7628 | C:\Users\user\Desktop\m0CZ8H4jfl.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 19:56:41.497037888 CET | 151 | OUT | |
| Jan 10, 2025 19:56:42.144658089 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 7 | 192.168.2.9 | 49991 | 193.122.6.168 | 80 | 7628 | C:\Users\user\Desktop\m0CZ8H4jfl.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 19:56:43.151722908 CET | 151 | OUT | |
| Jan 10, 2025 19:56:43.768310070 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 8 | 192.168.2.9 | 49993 | 193.122.6.168 | 80 | 7628 | C:\Users\user\Desktop\m0CZ8H4jfl.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 19:56:44.724353075 CET | 151 | OUT | |
| Jan 10, 2025 19:56:45.430491924 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 9 | 192.168.2.9 | 49995 | 193.122.6.168 | 80 | 7628 | C:\Users\user\Desktop\m0CZ8H4jfl.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 19:56:46.570641994 CET | 151 | OUT | |
| Jan 10, 2025 19:56:47.220339060 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 10 | 192.168.2.9 | 49997 | 193.122.6.168 | 80 | 7628 | C:\Users\user\Desktop\m0CZ8H4jfl.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 19:56:48.252563953 CET | 151 | OUT | |
| Jan 10, 2025 19:56:48.906281948 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 11 | 192.168.2.9 | 49999 | 193.122.6.168 | 80 | 7628 | C:\Users\user\Desktop\m0CZ8H4jfl.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 19:56:50.115611076 CET | 151 | OUT | |
| Jan 10, 2025 19:56:50.741583109 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 12 | 192.168.2.9 | 50001 | 193.122.6.168 | 80 | 7628 | C:\Users\user\Desktop\m0CZ8H4jfl.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 19:56:52.045753002 CET | 151 | OUT | |
| Jan 10, 2025 19:56:52.690864086 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 13 | 192.168.2.9 | 50003 | 193.122.6.168 | 80 | 7628 | C:\Users\user\Desktop\m0CZ8H4jfl.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 19:56:53.778923988 CET | 151 | OUT | |
| Jan 10, 2025 19:56:54.443841934 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 14 | 192.168.2.9 | 50005 | 193.122.6.168 | 80 | 7628 | C:\Users\user\Desktop\m0CZ8H4jfl.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 19:56:55.403677940 CET | 151 | OUT | |
| Jan 10, 2025 19:56:56.106746912 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 15 | 192.168.2.9 | 50007 | 193.122.6.168 | 80 | 7628 | C:\Users\user\Desktop\m0CZ8H4jfl.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 19:56:57.046950102 CET | 151 | OUT | |
| Jan 10, 2025 19:56:57.694842100 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 16 | 192.168.2.9 | 50009 | 193.122.6.168 | 80 | 7628 | C:\Users\user\Desktop\m0CZ8H4jfl.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 19:56:58.791788101 CET | 151 | OUT | |
| Jan 10, 2025 19:56:59.457020998 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 17 | 192.168.2.9 | 50011 | 193.122.6.168 | 80 | 7628 | C:\Users\user\Desktop\m0CZ8H4jfl.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 19:57:00.418203115 CET | 151 | OUT | |
| Jan 10, 2025 19:57:01.092299938 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 18 | 192.168.2.9 | 50013 | 193.122.6.168 | 80 | 7628 | C:\Users\user\Desktop\m0CZ8H4jfl.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 19:57:02.222388983 CET | 151 | OUT | |
| Jan 10, 2025 19:57:02.869720936 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 19 | 192.168.2.9 | 50015 | 193.122.6.168 | 80 | 7628 | C:\Users\user\Desktop\m0CZ8H4jfl.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 19:57:03.862551928 CET | 151 | OUT | |
| Jan 10, 2025 19:57:04.492100000 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 20 | 192.168.2.9 | 50017 | 193.122.6.168 | 80 | 7628 | C:\Users\user\Desktop\m0CZ8H4jfl.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 19:57:05.516987085 CET | 151 | OUT | |
| Jan 10, 2025 19:57:06.283077002 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 21 | 192.168.2.9 | 50019 | 193.122.6.168 | 80 | 7628 | C:\Users\user\Desktop\m0CZ8H4jfl.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 19:57:07.318825006 CET | 151 | OUT | |
| Jan 10, 2025 19:57:07.949659109 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 22 | 192.168.2.9 | 50021 | 193.122.6.168 | 80 | 7628 | C:\Users\user\Desktop\m0CZ8H4jfl.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 19:57:09.162843943 CET | 151 | OUT | |
| Jan 10, 2025 19:57:09.795720100 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 23 | 192.168.2.9 | 50023 | 193.122.6.168 | 80 | 7628 | C:\Users\user\Desktop\m0CZ8H4jfl.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 19:57:10.859555006 CET | 151 | OUT | |
| Jan 10, 2025 19:57:11.676215887 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 24 | 192.168.2.9 | 50025 | 193.122.6.168 | 80 | 7628 | C:\Users\user\Desktop\m0CZ8H4jfl.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 19:57:12.711165905 CET | 151 | OUT | |
| Jan 10, 2025 19:57:13.354516983 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 25 | 192.168.2.9 | 50027 | 193.122.6.168 | 80 | 7628 | C:\Users\user\Desktop\m0CZ8H4jfl.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 19:57:14.372728109 CET | 151 | OUT | |
| Jan 10, 2025 19:57:15.077299118 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 26 | 192.168.2.9 | 50029 | 193.122.6.168 | 80 | 7628 | C:\Users\user\Desktop\m0CZ8H4jfl.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 19:57:16.238293886 CET | 151 | OUT | |
| Jan 10, 2025 19:57:16.874577999 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 27 | 192.168.2.9 | 50031 | 193.122.6.168 | 80 | 7628 | C:\Users\user\Desktop\m0CZ8H4jfl.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 19:57:17.961086035 CET | 151 | OUT | |
| Jan 10, 2025 19:57:18.595966101 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 28 | 192.168.2.9 | 50033 | 193.122.6.168 | 80 | 7628 | C:\Users\user\Desktop\m0CZ8H4jfl.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 19:57:19.465866089 CET | 151 | OUT | |
| Jan 10, 2025 19:57:20.159671068 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 29 | 192.168.2.9 | 50035 | 193.122.6.168 | 80 | 7628 | C:\Users\user\Desktop\m0CZ8H4jfl.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 19:57:21.458517075 CET | 151 | OUT | |
| Jan 10, 2025 19:57:22.451500893 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 30 | 192.168.2.9 | 50037 | 193.122.6.168 | 80 | 7628 | C:\Users\user\Desktop\m0CZ8H4jfl.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 19:57:23.404653072 CET | 151 | OUT | |
| Jan 10, 2025 19:57:24.156219959 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 31 | 192.168.2.9 | 50039 | 193.122.6.168 | 80 | 7628 | C:\Users\user\Desktop\m0CZ8H4jfl.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 19:57:25.130359888 CET | 151 | OUT | |
| Jan 10, 2025 19:57:26.156943083 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 32 | 192.168.2.9 | 50041 | 193.122.6.168 | 80 | 7628 | C:\Users\user\Desktop\m0CZ8H4jfl.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 19:57:27.008522987 CET | 151 | OUT | |
| Jan 10, 2025 19:57:28.607250929 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 33 | 192.168.2.9 | 50043 | 193.122.6.168 | 80 | 7628 | C:\Users\user\Desktop\m0CZ8H4jfl.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 19:57:29.664640903 CET | 151 | OUT | |
| Jan 10, 2025 19:57:30.791426897 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 34 | 192.168.2.9 | 50045 | 193.122.6.168 | 80 | 7628 | C:\Users\user\Desktop\m0CZ8H4jfl.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 19:57:31.761778116 CET | 151 | OUT | |
| Jan 10, 2025 19:57:32.441133022 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 35 | 192.168.2.9 | 50047 | 193.122.6.168 | 80 | 7628 | C:\Users\user\Desktop\m0CZ8H4jfl.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 19:57:33.610366106 CET | 151 | OUT | |
| Jan 10, 2025 19:57:37.391494036 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.9 | 49973 | 142.250.185.110 | 443 | 7628 | C:\Users\user\Desktop\m0CZ8H4jfl.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 18:56:18 UTC | 216 | OUT | |
| 2025-01-10 18:56:18 UTC | 1920 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.9 | 49974 | 142.250.185.161 | 443 | 7628 | C:\Users\user\Desktop\m0CZ8H4jfl.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 18:56:19 UTC | 258 | OUT | |
| 2025-01-10 18:56:21 UTC | 4944 | IN | |
| 2025-01-10 18:56:21 UTC | 4944 | IN | |
| 2025-01-10 18:56:21 UTC | 4810 | IN | |
| 2025-01-10 18:56:21 UTC | 1323 | IN | |
| 2025-01-10 18:56:21 UTC | 1390 | IN | |
| 2025-01-10 18:56:21 UTC | 1390 | IN | |
| 2025-01-10 18:56:21 UTC | 1390 | IN | |
| 2025-01-10 18:56:21 UTC | 1390 | IN | |
| 2025-01-10 18:56:21 UTC | 1390 | IN | |
| 2025-01-10 18:56:21 UTC | 1390 | IN | |
| 2025-01-10 18:56:21 UTC | 1390 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 2 | 192.168.2.9 | 49977 | 104.21.96.1 | 443 | 7628 | C:\Users\user\Desktop\m0CZ8H4jfl.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 18:56:24 UTC | 85 | OUT | |
| 2025-01-10 18:56:25 UTC | 857 | IN | |
| 2025-01-10 18:56:25 UTC | 362 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 3 | 192.168.2.9 | 49978 | 149.154.167.220 | 443 | 7628 | C:\Users\user\Desktop\m0CZ8H4jfl.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 18:56:31 UTC | 294 | OUT | |
| 2025-01-10 18:56:31 UTC | 1090 | OUT | |
| 2025-01-10 18:56:32 UTC | 388 | IN | |
| 2025-01-10 18:56:32 UTC | 534 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 4 | 192.168.2.9 | 49980 | 149.154.167.220 | 443 | 7628 | C:\Users\user\Desktop\m0CZ8H4jfl.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 18:56:33 UTC | 294 | OUT | |
| 2025-01-10 18:56:33 UTC | 1090 | OUT | |
| 2025-01-10 18:56:33 UTC | 388 | IN | |
| 2025-01-10 18:56:33 UTC | 534 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 5 | 192.168.2.9 | 49982 | 149.154.167.220 | 443 | 7628 | C:\Users\user\Desktop\m0CZ8H4jfl.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 18:56:35 UTC | 270 | OUT | |
| 2025-01-10 18:56:35 UTC | 1090 | OUT | |
| 2025-01-10 18:56:35 UTC | 388 | IN | |
| 2025-01-10 18:56:35 UTC | 534 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 6 | 192.168.2.9 | 49984 | 149.154.167.220 | 443 | 7628 | C:\Users\user\Desktop\m0CZ8H4jfl.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 18:56:36 UTC | 270 | OUT | |
| 2025-01-10 18:56:36 UTC | 1090 | OUT | |
| 2025-01-10 18:56:37 UTC | 388 | IN | |
| 2025-01-10 18:56:37 UTC | 534 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 7 | 192.168.2.9 | 49986 | 149.154.167.220 | 443 | 7628 | C:\Users\user\Desktop\m0CZ8H4jfl.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 18:56:39 UTC | 294 | OUT | |
| 2025-01-10 18:56:39 UTC | 1090 | OUT | |
| 2025-01-10 18:56:39 UTC | 388 | IN | |
| 2025-01-10 18:56:39 UTC | 534 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 8 | 192.168.2.9 | 49988 | 149.154.167.220 | 443 | 7628 | C:\Users\user\Desktop\m0CZ8H4jfl.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 18:56:40 UTC | 270 | OUT | |
| 2025-01-10 18:56:40 UTC | 1090 | OUT | |
| 2025-01-10 18:56:41 UTC | 388 | IN | |
| 2025-01-10 18:56:41 UTC | 534 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 9 | 192.168.2.9 | 49990 | 149.154.167.220 | 443 | 7628 | C:\Users\user\Desktop\m0CZ8H4jfl.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 18:56:42 UTC | 294 | OUT | |
| 2025-01-10 18:56:42 UTC | 1090 | OUT | |
| 2025-01-10 18:56:43 UTC | 388 | IN | |
| 2025-01-10 18:56:43 UTC | 534 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 10 | 192.168.2.9 | 49992 | 149.154.167.220 | 443 | 7628 | C:\Users\user\Desktop\m0CZ8H4jfl.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 18:56:44 UTC | 270 | OUT | |
| 2025-01-10 18:56:44 UTC | 1090 | OUT | |
| 2025-01-10 18:56:44 UTC | 388 | IN | |
| 2025-01-10 18:56:44 UTC | 534 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 11 | 192.168.2.9 | 49994 | 149.154.167.220 | 443 | 7628 | C:\Users\user\Desktop\m0CZ8H4jfl.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 18:56:46 UTC | 270 | OUT | |
| 2025-01-10 18:56:46 UTC | 1090 | OUT | |
| 2025-01-10 18:56:46 UTC | 388 | IN | |
| 2025-01-10 18:56:46 UTC | 534 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 12 | 192.168.2.9 | 49996 | 149.154.167.220 | 443 | 7628 | C:\Users\user\Desktop\m0CZ8H4jfl.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 18:56:47 UTC | 270 | OUT | |
| 2025-01-10 18:56:47 UTC | 1090 | OUT | |
| 2025-01-10 18:56:48 UTC | 388 | IN | |
| 2025-01-10 18:56:48 UTC | 534 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 13 | 192.168.2.9 | 49998 | 149.154.167.220 | 443 | 7628 | C:\Users\user\Desktop\m0CZ8H4jfl.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 18:56:49 UTC | 270 | OUT | |
| 2025-01-10 18:56:49 UTC | 1090 | OUT | |
| 2025-01-10 18:56:50 UTC | 388 | IN | |
| 2025-01-10 18:56:50 UTC | 535 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 14 | 192.168.2.9 | 50000 | 149.154.167.220 | 443 | 7628 | C:\Users\user\Desktop\m0CZ8H4jfl.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 18:56:51 UTC | 270 | OUT | |
| 2025-01-10 18:56:51 UTC | 1090 | OUT | |
| 2025-01-10 18:56:52 UTC | 388 | IN | |
| 2025-01-10 18:56:52 UTC | 534 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 15 | 192.168.2.9 | 50002 | 149.154.167.220 | 443 | 7628 | C:\Users\user\Desktop\m0CZ8H4jfl.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 18:56:53 UTC | 270 | OUT | |
| 2025-01-10 18:56:53 UTC | 1090 | OUT | |
| 2025-01-10 18:56:53 UTC | 388 | IN | |
| 2025-01-10 18:56:53 UTC | 534 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 16 | 192.168.2.9 | 50004 | 149.154.167.220 | 443 | 7628 | C:\Users\user\Desktop\m0CZ8H4jfl.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 18:56:55 UTC | 270 | OUT | |
| 2025-01-10 18:56:55 UTC | 1090 | OUT | |
| 2025-01-10 18:56:55 UTC | 388 | IN | |
| 2025-01-10 18:56:55 UTC | 534 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 17 | 192.168.2.9 | 50006 | 149.154.167.220 | 443 | 7628 | C:\Users\user\Desktop\m0CZ8H4jfl.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 18:56:56 UTC | 270 | OUT | |
| 2025-01-10 18:56:56 UTC | 1090 | OUT | |
| 2025-01-10 18:56:57 UTC | 388 | IN | |
| 2025-01-10 18:56:57 UTC | 534 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 18 | 192.168.2.9 | 50008 | 149.154.167.220 | 443 | 7628 | C:\Users\user\Desktop\m0CZ8H4jfl.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 18:56:58 UTC | 270 | OUT | |
| 2025-01-10 18:56:58 UTC | 1090 | OUT | |
| 2025-01-10 18:56:58 UTC | 388 | IN | |
| 2025-01-10 18:56:58 UTC | 534 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 19 | 192.168.2.9 | 50010 | 149.154.167.220 | 443 | 7628 | C:\Users\user\Desktop\m0CZ8H4jfl.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 18:57:00 UTC | 270 | OUT | |
| 2025-01-10 18:57:00 UTC | 1090 | OUT | |
| 2025-01-10 18:57:00 UTC | 388 | IN | |
| 2025-01-10 18:57:00 UTC | 534 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 20 | 192.168.2.9 | 50012 | 149.154.167.220 | 443 | 7628 | C:\Users\user\Desktop\m0CZ8H4jfl.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 18:57:01 UTC | 270 | OUT | |
| 2025-01-10 18:57:01 UTC | 1090 | OUT | |
| 2025-01-10 18:57:02 UTC | 388 | IN | |
| 2025-01-10 18:57:02 UTC | 534 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 21 | 192.168.2.9 | 50014 | 149.154.167.220 | 443 | 7628 | C:\Users\user\Desktop\m0CZ8H4jfl.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 18:57:03 UTC | 270 | OUT | |
| 2025-01-10 18:57:03 UTC | 1090 | OUT | |
| 2025-01-10 18:57:03 UTC | 388 | IN | |
| 2025-01-10 18:57:03 UTC | 534 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 22 | 192.168.2.9 | 50016 | 149.154.167.220 | 443 | 7628 | C:\Users\user\Desktop\m0CZ8H4jfl.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 18:57:05 UTC | 270 | OUT | |
| 2025-01-10 18:57:05 UTC | 1090 | OUT | |
| 2025-01-10 18:57:05 UTC | 388 | IN | |
| 2025-01-10 18:57:05 UTC | 534 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 23 | 192.168.2.9 | 50018 | 149.154.167.220 | 443 | 7628 | C:\Users\user\Desktop\m0CZ8H4jfl.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 18:57:06 UTC | 294 | OUT | |
| 2025-01-10 18:57:06 UTC | 1090 | OUT | |
| 2025-01-10 18:57:07 UTC | 388 | IN | |
| 2025-01-10 18:57:07 UTC | 534 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 24 | 192.168.2.9 | 50020 | 149.154.167.220 | 443 | 7628 | C:\Users\user\Desktop\m0CZ8H4jfl.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 18:57:08 UTC | 294 | OUT | |
| 2025-01-10 18:57:08 UTC | 1090 | OUT | |
| 2025-01-10 18:57:09 UTC | 388 | IN | |
| 2025-01-10 18:57:09 UTC | 534 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 25 | 192.168.2.9 | 50022 | 149.154.167.220 | 443 | 7628 | C:\Users\user\Desktop\m0CZ8H4jfl.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 18:57:10 UTC | 294 | OUT | |
| 2025-01-10 18:57:10 UTC | 1090 | OUT | |
| 2025-01-10 18:57:10 UTC | 388 | IN | |
| 2025-01-10 18:57:10 UTC | 534 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 26 | 192.168.2.9 | 50024 | 149.154.167.220 | 443 | 7628 | C:\Users\user\Desktop\m0CZ8H4jfl.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 18:57:12 UTC | 294 | OUT | |
| 2025-01-10 18:57:12 UTC | 1090 | OUT | |
| 2025-01-10 18:57:12 UTC | 388 | IN | |
| 2025-01-10 18:57:12 UTC | 534 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 27 | 192.168.2.9 | 50026 | 149.154.167.220 | 443 | 7628 | C:\Users\user\Desktop\m0CZ8H4jfl.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 18:57:14 UTC | 294 | OUT | |
| 2025-01-10 18:57:14 UTC | 1090 | OUT | |
| 2025-01-10 18:57:14 UTC | 388 | IN | |
| 2025-01-10 18:57:14 UTC | 534 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 28 | 192.168.2.9 | 50028 | 149.154.167.220 | 443 | 7628 | C:\Users\user\Desktop\m0CZ8H4jfl.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 18:57:15 UTC | 294 | OUT | |
| 2025-01-10 18:57:15 UTC | 1090 | OUT | |
| 2025-01-10 18:57:16 UTC | 388 | IN | |
| 2025-01-10 18:57:16 UTC | 534 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 29 | 192.168.2.9 | 50030 | 149.154.167.220 | 443 | 7628 | C:\Users\user\Desktop\m0CZ8H4jfl.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 18:57:17 UTC | 294 | OUT | |
| 2025-01-10 18:57:17 UTC | 1090 | OUT | |
| 2025-01-10 18:57:17 UTC | 388 | IN | |
| 2025-01-10 18:57:17 UTC | 535 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 30 | 192.168.2.9 | 50032 | 149.154.167.220 | 443 | 7628 | C:\Users\user\Desktop\m0CZ8H4jfl.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 18:57:19 UTC | 294 | OUT | |
| 2025-01-10 18:57:19 UTC | 1090 | OUT | |
| 2025-01-10 18:57:19 UTC | 388 | IN | |
| 2025-01-10 18:57:19 UTC | 534 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 31 | 192.168.2.9 | 50034 | 149.154.167.220 | 443 | 7628 | C:\Users\user\Desktop\m0CZ8H4jfl.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 18:57:20 UTC | 270 | OUT | |
| 2025-01-10 18:57:20 UTC | 1090 | OUT | |
| 2025-01-10 18:57:21 UTC | 388 | IN | |
| 2025-01-10 18:57:21 UTC | 534 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 32 | 192.168.2.9 | 50036 | 149.154.167.220 | 443 | 7628 | C:\Users\user\Desktop\m0CZ8H4jfl.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 18:57:23 UTC | 270 | OUT | |
| 2025-01-10 18:57:23 UTC | 1090 | OUT | |
| 2025-01-10 18:57:23 UTC | 388 | IN | |
| 2025-01-10 18:57:23 UTC | 534 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 33 | 192.168.2.9 | 50038 | 149.154.167.220 | 443 | 7628 | C:\Users\user\Desktop\m0CZ8H4jfl.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 18:57:24 UTC | 270 | OUT | |
| 2025-01-10 18:57:24 UTC | 1090 | OUT | |
| 2025-01-10 18:57:25 UTC | 388 | IN | |
| 2025-01-10 18:57:25 UTC | 534 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 34 | 192.168.2.9 | 50040 | 149.154.167.220 | 443 | 7628 | C:\Users\user\Desktop\m0CZ8H4jfl.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 18:57:26 UTC | 270 | OUT | |
| 2025-01-10 18:57:26 UTC | 1090 | OUT | |
| 2025-01-10 18:57:26 UTC | 388 | IN | |
| 2025-01-10 18:57:26 UTC | 534 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 35 | 192.168.2.9 | 50042 | 149.154.167.220 | 443 | 7628 | C:\Users\user\Desktop\m0CZ8H4jfl.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 18:57:29 UTC | 270 | OUT | |
| 2025-01-10 18:57:29 UTC | 1090 | OUT | |
| 2025-01-10 18:57:29 UTC | 388 | IN | |
| 2025-01-10 18:57:29 UTC | 534 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 36 | 192.168.2.9 | 50044 | 149.154.167.220 | 443 | 7628 | C:\Users\user\Desktop\m0CZ8H4jfl.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 18:57:31 UTC | 294 | OUT | |
| 2025-01-10 18:57:31 UTC | 1090 | OUT | |
| 2025-01-10 18:57:31 UTC | 388 | IN | |
| 2025-01-10 18:57:31 UTC | 534 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 37 | 192.168.2.9 | 50046 | 149.154.167.220 | 443 | 7628 | C:\Users\user\Desktop\m0CZ8H4jfl.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 18:57:33 UTC | 270 | OUT | |
| 2025-01-10 18:57:33 UTC | 1090 | OUT | |
| 2025-01-10 18:57:33 UTC | 388 | IN | |
| 2025-01-10 18:57:33 UTC | 534 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port |
|---|---|---|---|---|
| 38 | 192.168.2.9 | 50048 | 149.154.167.220 | 443 |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 18:57:39 UTC | 270 | OUT | |
| 2025-01-10 18:57:39 UTC | 1090 | OUT | |
| 2025-01-10 18:57:39 UTC | 388 | IN | |
| 2025-01-10 18:57:39 UTC | 534 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 13:55:28 |
| Start date: | 10/01/2025 |
| Path: | C:\Users\user\Desktop\m0CZ8H4jfl.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 432'979 bytes |
| MD5 hash: | AD29D6168ABBEC988896C57D4D25E2ED |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
| Has exited: | true |
| Target ID: | 3 |
| Start time: | 13:56:10 |
| Start date: | 10/01/2025 |
| Path: | C:\Users\user\Desktop\m0CZ8H4jfl.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 432'979 bytes |
| MD5 hash: | AD29D6168ABBEC988896C57D4D25E2ED |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
| Has exited: | false |
Execution Graph
| Execution Coverage: | 21.2% |
| Dynamic/Decrypted Code Coverage: | 13.7% |
| Signature Coverage: | 25.2% |
| Total number of Nodes: | 1507 |
| Total number of Limit Nodes: | 46 |
Graph
Function 004032A0 Relevance: 89.7, APIs: 32, Strings: 19, Instructions: 401stringfilecomCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404B30 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406077 Relevance: 19.5, APIs: 8, Strings: 3, Instructions: 207stringCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405846 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 148filestringCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406398 Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004027FB Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040389E Relevance: 47.5, APIs: 14, Strings: 13, Instructions: 215stringregistryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401767 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 145stringtimeCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004025E5 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 151fileCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040237B Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71registrystringCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004063BF Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 34libraryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405128 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401FC3 Relevance: 4.6, APIs: 3, Instructions: 73libraryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 100028A4 Relevance: 3.2, APIs: 2, Instructions: 156COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401DDC Relevance: 3.0, APIs: 2, Instructions: 21COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405C2A Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405700 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402786 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040229D Relevance: 1.5, APIs: 1, Instructions: 25COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405CDC Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405CAD Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 100027C7 Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040159B Relevance: 1.5, APIs: 1, Instructions: 18COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040414E Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00403258 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 1000121B Relevance: 1.3, APIs: 1, Instructions: 6memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004052F3 Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 284windowclipboardmemoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004045B4 Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 275stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040686A Relevance: .3, Instructions: 334COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00407041 Relevance: .3, Instructions: 300COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004042B6 Relevance: 42.2, APIs: 20, Strings: 4, Instructions: 207windowstringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405D84 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 131stringmemoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404180 Relevance: 12.1, APIs: 8, Instructions: 61COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404A7E Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402D04 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 100022D0 Relevance: 9.1, APIs: 6, Instructions: 136memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402537 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 67stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 100018A9 Relevance: 7.7, APIs: 5, Instructions: 189COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 100015FF Relevance: 7.5, APIs: 5, Instructions: 41memorylibraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401CFA Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404970 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401BDF Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405F22 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 45registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405A09 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402D8A Relevance: 6.0, APIs: 4, Instructions: 33COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405B11 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 100015B4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25stringCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405735 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405A55 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 100010E1 Relevance: 5.1, APIs: 4, Instructions: 104memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405B8F Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Execution Graph
| Execution Coverage: | 11.5% |
| Dynamic/Decrypted Code Coverage: | 100% |
| Signature Coverage: | 1.1% |
| Total number of Nodes: | 266 |
| Total number of Limit Nodes: | 22 |
Graph
Function 00154328 Relevance: 3.9, Strings: 3, Instructions: 194COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37AFE7C8 Relevance: 2.0, Strings: 1, Instructions: 764COMMON
Download Yara Rule
Control-flow Graph
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36ABBDF0 Relevance: 2.0, Strings: 1, Instructions: 758COMMON
Download Yara Rule
Control-flow Graph
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 34740C1B Relevance: 1.5, Strings: 1, Instructions: 246COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 34740C28 Relevance: 1.5, Strings: 1, Instructions: 220COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36AB9D10 Relevance: 1.5, Strings: 1, Instructions: 219COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36ABA360 Relevance: 1.5, Strings: 1, Instructions: 219COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36AB96C8 Relevance: 1.5, Strings: 1, Instructions: 218COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36ABA9B0 Relevance: 1.5, Strings: 1, Instructions: 218COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36ABA9A0 Relevance: 1.4, Strings: 1, Instructions: 170COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36AB96B8 Relevance: 1.4, Strings: 1, Instructions: 162COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00158E0C Relevance: 1.1, Instructions: 1095COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00155978 Relevance: .9, Instructions: 918COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36AB8650 Relevance: .7, Instructions: 709COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36ABF136 Relevance: .3, Instructions: 330COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 347403AF Relevance: .3, Instructions: 289COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36AB6368 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 34740F6F Relevance: .2, Instructions: 202COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36ABBA97 Relevance: .2, Instructions: 191COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36AB8640 Relevance: .2, Instructions: 168COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36AB9D00 Relevance: .1, Instructions: 118COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36ABA352 Relevance: .1, Instructions: 107COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36AB6358 Relevance: .1, Instructions: 102COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37AF0970 Relevance: 6.1, APIs: 4, Instructions: 137threadCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37AF0980 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36AB7920 Relevance: 3.9, Strings: 3, Instructions: 147COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36AB7911 Relevance: 2.6, Strings: 2, Instructions: 77COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37AF1DC0 Relevance: 1.6, APIs: 1, Instructions: 93COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37AF0BC8 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37AF0BC5 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37AFE6F7 Relevance: 1.5, APIs: 1, Instructions: 49windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37AFD3E8 Relevance: 1.5, APIs: 1, Instructions: 47comCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37AF2018 Relevance: 1.5, APIs: 1, Instructions: 47timeCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37AFE700 Relevance: 1.5, APIs: 1, Instructions: 46windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37AFC60C Relevance: 1.5, APIs: 1, Instructions: 46windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37AFC560 Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37AF2020 Relevance: 1.5, APIs: 1, Instructions: 44timeCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37AFE712 Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00150B29 Relevance: 1.5, Strings: 1, Instructions: 203COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00150B30 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36ABFAB0 Relevance: 1.4, Strings: 1, Instructions: 189COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36ABD548 Relevance: 1.4, Strings: 1, Instructions: 149COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36ABFA68 Relevance: 1.4, Strings: 1, Instructions: 108COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36ABFAA1 Relevance: 1.3, Strings: 1, Instructions: 92COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36ABCF68 Relevance: 1.3, Strings: 1, Instructions: 88COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36ABCF59 Relevance: 1.3, Strings: 1, Instructions: 75COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36ABF058 Relevance: 1.3, Strings: 1, Instructions: 74COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36ABF090 Relevance: 1.3, Strings: 1, Instructions: 50COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36AB95E8 Relevance: 1.3, Strings: 1, Instructions: 39COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00157458 Relevance: .7, Instructions: 704COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001519C4 Relevance: .7, Instructions: 700COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001568E5 Relevance: .3, Instructions: 335COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36ABC173 Relevance: .3, Instructions: 319COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001554A8 Relevance: .2, Instructions: 209COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00155068 Relevance: .2, Instructions: 206COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00156C98 Relevance: .2, Instructions: 201COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36ABBA88 Relevance: .2, Instructions: 168COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00154F24 Relevance: .2, Instructions: 164COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36ABCC28 Relevance: .1, Instructions: 145COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00153168 Relevance: .1, Instructions: 134COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001592C3 Relevance: .1, Instructions: 126COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00156ED7 Relevance: .1, Instructions: 124COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00158BF0 Relevance: .1, Instructions: 105COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00154620 Relevance: .1, Instructions: 101COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00156EC9 Relevance: .1, Instructions: 92COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00156F40 Relevance: .1, Instructions: 87COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001518C8 Relevance: .1, Instructions: 77COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001552C0 Relevance: .1, Instructions: 76COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000AD030 Relevance: .1, Instructions: 72COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0015324D Relevance: .1, Instructions: 68COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00159FDB Relevance: .1, Instructions: 67COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00150ED0 Relevance: .1, Instructions: 66COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0015461D Relevance: .1, Instructions: 65COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00158729 Relevance: .1, Instructions: 65COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00155F89 Relevance: .1, Instructions: 60COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0015B2C8 Relevance: .1, Instructions: 59COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001552C8 Relevance: .1, Instructions: 59COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36ABB9C8 Relevance: .1, Instructions: 56COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36ABB9C7 Relevance: .1, Instructions: 56COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0015B2E0 Relevance: .1, Instructions: 56COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36ABEC1A Relevance: .1, Instructions: 54COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001517D0 Relevance: .1, Instructions: 54COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00154E5F Relevance: .1, Instructions: 52COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36ABCE50 Relevance: .0, Instructions: 50COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36ABE7F4 Relevance: .0, Instructions: 50COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0015B2F0 Relevance: .0, Instructions: 49COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00158D19 Relevance: .0, Instructions: 44COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36ABCE60 Relevance: .0, Instructions: 39COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36ABD4C8 Relevance: .0, Instructions: 37COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36AB9478 Relevance: .0, Instructions: 37COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00158BE0 Relevance: .0, Instructions: 36COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36AB9608 Relevance: .0, Instructions: 35COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00159EF6 Relevance: .0, Instructions: 34COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0015B158 Relevance: .0, Instructions: 32COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0015B168 Relevance: .0, Instructions: 25COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0015FE20 Relevance: .0, Instructions: 23COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0015187F Relevance: .0, Instructions: 21COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00151888 Relevance: .0, Instructions: 19COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001556FF Relevance: .0, Instructions: 18COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00157EC0 Relevance: .0, Instructions: 18COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36ABCF30 Relevance: .0, Instructions: 17COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36ABD093 Relevance: .0, Instructions: 17COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00159F6D Relevance: .0, Instructions: 16COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36AB95D8 Relevance: .0, Instructions: 15COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0015FF30 Relevance: .0, Instructions: 15COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36ABBD48 Relevance: .0, Instructions: 13COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36AB94B4 Relevance: .0, Instructions: 12COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00155710 Relevance: .0, Instructions: 12COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004032A0 Relevance: 77.4, APIs: 32, Strings: 12, Instructions: 401stringfilecomCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404B30 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405846 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 148filestringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36ABAFF8 Relevance: 13.0, Strings: 10, Instructions: 461COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36AB7B4F Relevance: 3.1, Strings: 2, Instructions: 600COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36AB36C0 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36AB2E10 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36AB5660 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36AB0FA8 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36AB67C0 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36AB5F10 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36AB3F70 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36AB1CB0 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36AB74C8 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36AB1400 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36AB6C18 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36AB4DB0 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36AB2560 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36AB5AB8 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36AB5208 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36AB3268 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36AB43C8 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36AB3B18 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36AB4820 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36AB7070 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36AB1858 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36AB29B8 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36AB2108 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004052F3 Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 284windowclipboardmemoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004042B6 Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 207windowstringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040389E Relevance: 37.0, APIs: 13, Strings: 8, Instructions: 215stringregistryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405D84 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 131stringmemoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004045B4 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 275stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406077 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 207stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404180 Relevance: 12.1, APIs: 8, Instructions: 61COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004025E5 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 151fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404A7E Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402D04 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401CFA Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401D56 Relevance: 7.5, APIs: 5, Instructions: 38COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404970 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401BDF Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004063BF Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 34libraryCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405683 Relevance: 6.0, APIs: 4, Instructions: 39COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402D8A Relevance: 6.0, APIs: 4, Instructions: 33COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405128 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405735 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405B8F Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|