Edit tour
Windows
Analysis Report
v4nrZtP7K2.exe
Overview
General Information
| Sample name: | v4nrZtP7K2.exerenamed because original name is a hash value |
| Original sample name: | fdf9354cf20fb94544d6bafaa777e8a40eba2d603e648b3dbdf35344d639b19d.exe |
| Analysis ID: | 1588131 |
| MD5: | 0f45bbafc276fa80464c8892ba6f5b2a |
| SHA1: | 3f0ec83b231cf0ba0a1fee3696e709bc75d199eb |
| SHA256: | fdf9354cf20fb94544d6bafaa777e8a40eba2d603e648b3dbdf35344d639b19d |
| Tags: | exeGuLoaderuser-adrian__luca |
| Infos: |  |
 | |
Detection
GuLoader, MassLogger RAT
| Score: | 100 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Antivirus / Scanner detection for submitted sample
Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected GuLoader
Yara detected MassLogger RAT
Yara detected Telegram RAT
AI detected suspicious sample
Disable Task Manager(disabletaskmgr)
Disables CMD prompt
Disables the Windows task manager (taskmgr)
Switches to a custom stack to bypass stack traces
Tries to detect the country of the analysis system (by using the IP)
Tries to detect virtualization through RDTSC time measurements
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses the Telegram API (likely for C&C communication)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to dynamically determine API calls
Contains functionality to shutdown / reboot the system
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer
Classification
- System is w10x64
v4nrZtP7K2.exe (PID: 1704 cmdline:
"C:\Users\ user\Deskt op\v4nrZtP 7K2.exe" MD5: 0F45BBAFC276FA80464C8892BA6F5B2A) "C:\Users\ user\Deskt op\v4nrZtP 7K2.exe" MD5: 0F45BBAFC276FA80464C8892BA6F5B2A)
- cleanup
| Name | Description | Attribution | Blogpost URLs | Link |
|---|---|---|---|---|
| CloudEyE, GuLoader | CloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored. | No Attribution |
{"C2 url": "https://api.telegram.org/bot7766574905:AAGkK12NqfgMWNTsNJqrFtr2J3oH0W_DuqA/sendMessage"}{"EXfil Mode": "Telegram", "Telegram Token": "7766574905:AAGkK12NqfgMWNTsNJqrFtr2J3oH0W_DuqA", "Telegram Chatid": "2065242915"}| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_MassLogger | Yara detected MassLogger RAT | Joe Security | ||
| JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
| JoeSecurity_TelegramRAT | Yara detected Telegram RAT | Joe Security | ||
| JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security | ||
| JoeSecurity_MassLogger | Yara detected MassLogger RAT | Joe Security | ||
| Click to see the 2 entries | ||||
⊘No Sigma rule has matched
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-01-10T21:41:18.295718+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.9 | 49740 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:20.550220+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.9 | 49757 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:22.413988+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.9 | 49769 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:24.243171+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.9 | 49782 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:26.308224+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.9 | 49798 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:28.116897+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.9 | 49811 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:29.905652+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.9 | 49827 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:31.772274+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.9 | 49839 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:33.621335+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.9 | 49853 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:35.475737+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.9 | 49865 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:37.261635+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.9 | 49877 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:39.030142+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.9 | 49890 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:40.935980+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.9 | 49905 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:42.794589+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.9 | 49919 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:44.714132+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.9 | 49930 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:47.640280+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.9 | 49946 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:49.647010+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.9 | 49962 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:51.526150+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.9 | 49973 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:53.376503+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.9 | 49988 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:55.153990+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.9 | 50001 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:56.893527+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.9 | 50014 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:58.883067+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.9 | 50022 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:42:00.709410+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.9 | 50024 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:42:03.304992+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.9 | 50026 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:42:05.344060+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.9 | 50028 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:42:07.250403+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.9 | 50030 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:42:09.956106+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.9 | 50032 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:42:11.868333+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.9 | 50034 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:42:13.974062+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.9 | 50036 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:42:15.775576+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.9 | 50038 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:42:17.647059+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.9 | 50040 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:42:20.575719+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.9 | 50042 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:42:25.228901+0100 | 2057744 | 1 | Malware Command and Control Activity Detected | 192.168.2.9 | 50044 | 149.154.167.220 | 443 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-01-10T21:41:10.679332+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.9 | 49711 | 132.226.8.169 | 80 | TCP |
| 2025-01-10T21:41:17.366602+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.9 | 49711 | 132.226.8.169 | 80 | TCP |
| 2025-01-10T21:41:19.616728+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.9 | 49750 | 132.226.8.169 | 80 | TCP |
| 2025-01-10T21:42:13.132415+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.9 | 50035 | 132.226.8.169 | 80 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-01-10T21:41:04.055782+0100 | 2803270 | 2 | Potentially Bad Traffic | 192.168.2.9 | 49709 | 142.250.181.238 | 443 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-01-10T21:41:17.999582+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.9 | 49740 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:20.221607+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.9 | 49757 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:22.080335+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.9 | 49769 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:23.902379+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.9 | 49782 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:25.754752+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.9 | 49798 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:27.821372+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.9 | 49811 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:29.651156+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.9 | 49827 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:31.373410+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.9 | 49839 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:33.258256+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.9 | 49853 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:35.078882+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.9 | 49865 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:37.005576+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.9 | 49877 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:38.759064+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.9 | 49890 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:40.507479+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.9 | 49905 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:42.455994+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.9 | 49919 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:44.380265+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.9 | 49930 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:46.567194+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.9 | 49946 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:49.400542+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.9 | 49962 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:51.084566+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.9 | 49973 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:52.988544+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.9 | 49988 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:54.843402+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.9 | 50001 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:56.646970+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.9 | 50014 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:58.410818+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.9 | 50022 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:42:00.462252+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.9 | 50024 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:42:02.832012+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.9 | 50026 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:42:04.799457+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.9 | 50028 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:42:07.009354+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.9 | 50030 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:42:09.621156+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.9 | 50032 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:42:11.534767+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.9 | 50034 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:42:13.713057+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.9 | 50036 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:42:15.429818+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.9 | 50038 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:42:17.260407+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.9 | 50040 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:42:20.136836+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.9 | 50042 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:42:24.950422+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.9 | 50044 | 149.154.167.220 | 443 | TCP |
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | Avira: | ||
| Source: | Malware Configuration Extractor: | ||
| Source: | Malware Configuration Extractor: | ||
| Source: | ReversingLabs: | |||
| Source: | Virustotal: | Perma Link | ||
| Source: | Integrated Neural Analysis Model: | ||
Location Tracking | |
|---|
| Source: | DNS query: | ||
| Source: | Code function: | 5_2_3694D1EC | |
| Source: | Code function: | 5_2_3694D9D9 | |
| Source: | Static PE information: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 1_2_0040672B | |
| Source: | Code function: | 1_2_00405AFA | |
| Source: | Code function: | 1_2_00402868 | |
| Source: | Code function: | 5_2_00402868 | |
| Source: | Code function: | 5_2_0040672B | |
| Source: | Code function: | 5_2_00405AFA | |
| Source: | Code function: | 5_2_3694C638 | |
| Source: | Code function: | 5_2_36940C28 | |
| Source: | Code function: | 5_2_369403AF | |
| Source: | Code function: | 5_2_3694DEE1 | |
| Source: | Code function: | 5_2_3694E79E | |
| Source: | Code function: | 5_2_36940F6F | |
| Source: | Code function: | 5_2_3694B4EC | |
| Source: | Code function: | 5_2_36940C1A | |
| Source: | Code function: | 5_2_3694BD88 | |
| Source: | Code function: | 5_2_3694DA89 | |
| Source: | Code function: | 5_2_3694EBF6 | |
| Source: | Code function: | 5_2_3694E339 | |
| Source: | Code function: | 5_2_3694F042 | |
| Source: | Code function: | 5_2_3694B07F | |
| Source: | Code function: | 5_2_3694C1F2 | |
| Source: | Code function: | 5_2_3694B944 | |
| Source: | Code function: | 5_2_376067C0 | |
| Source: | Code function: | 5_2_37608650 | |
| Source: | Code function: | 5_2_37608650 | |
| Source: | Code function: | 5_2_3760BDF0 | |
| Source: | Code function: | 5_2_37603F70 | |
| Source: | Code function: | 5_2_37605F10 | |
| Source: | Code function: | 5_2_37600FA8 | |
| Source: | Code function: | 5_2_37605660 | |
| Source: | Code function: | 5_2_37602E10 | |
| Source: | Code function: | 5_2_376036C0 | |
| Source: | Code function: | 5_2_37602560 | |
| Source: | Code function: | 5_2_37604DB0 | |
| Source: | Code function: | 5_2_37601400 | |
| Source: | Code function: | 5_2_37606C18 | |
| Source: | Code function: | 5_2_376074C8 | |
| Source: | Code function: | 5_2_37601CB0 | |
| Source: | Code function: | 5_2_37606368 | |
| Source: | Code function: | 5_2_37608373 | |
| Source: | Code function: | 5_2_37607B4F | |
| Source: | Code function: | 5_2_37603B18 | |
| Source: | Code function: | 5_2_3760CBE7 | |
| Source: | Code function: | 5_2_376043C8 | |
| Source: | Code function: | 5_2_37603268 | |
| Source: | Code function: | 5_2_37605208 | |
| Source: | Code function: | 5_2_37605AB8 | |
| Source: | Code function: | 5_2_3760C92F | |
| Source: | Code function: | 5_2_37602108 | |
| Source: | Code function: | 5_2_376029B8 | |
| Source: | Code function: | 5_2_37608193 | |
| Source: | Code function: | 5_2_37607070 | |
| Source: | Code function: | 5_2_37601858 | |
| Source: | Code function: | 5_2_37604820 | |
| Source: | Code function: | 5_2_37A3E790 | |
Networking | |
|---|
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | JA3 fingerprint: | ||
| Source: | JA3 fingerprint: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Code function: | 1_2_0040558F | |
| Source: | Code function: | 1_2_004034A5 | |
| Source: | Code function: | 5_2_004034A5 | |
| Source: | Code function: | 1_2_00404DCC | |
| Source: | Code function: | 1_2_00406AF2 | |
| Source: | Code function: | 1_2_6FFB1B5F | |
| Source: | Code function: | 5_3_3700F167 | |
| Source: | Code function: | 5_2_00404DCC | |
| Source: | Code function: | 5_2_00406AF2 | |
| Source: | Code function: | 5_2_000D4328 | |
| Source: | Code function: | 5_2_000D66B8 | |
| Source: | Code function: | 5_2_000D8DA0 | |
| Source: | Code function: | 5_2_000D5F90 | |
| Source: | Code function: | 5_2_000D2DD1 | |
| Source: | Code function: | 5_2_36947E9A | |
| Source: | Code function: | 5_2_3694C638 | |
| Source: | Code function: | 5_2_36947628 | |
| Source: | Code function: | 5_2_3694CCA0 | |
| Source: | Code function: | 5_2_369403AF | |
| Source: | Code function: | 5_2_3694331A | |
| Source: | Code function: | 5_2_36942130 | |
| Source: | Code function: | 5_2_36946E91 | |
| Source: | Code function: | 5_2_36946EA0 | |
| Source: | Code function: | 5_2_36947EC6 | |
| Source: | Code function: | 5_2_3694DEE1 | |
| Source: | Code function: | 5_2_3694E79E | |
| Source: | Code function: | 5_2_3694CC8A | |
| Source: | Code function: | 5_2_3694B4EC | |
| Source: | Code function: | 5_2_3694BD88 | |
| Source: | Code function: | 5_2_3694DA89 | |
| Source: | Code function: | 5_2_3694EBF6 | |
| Source: | Code function: | 5_2_3694E339 | |
| Source: | Code function: | 5_2_3694F042 | |
| Source: | Code function: | 5_2_36947848 | |
| Source: | Code function: | 5_2_3694B07F | |
| Source: | Code function: | 5_2_3694C1F2 | |
| Source: | Code function: | 5_2_3694B944 | |
| Source: | Code function: | 5_2_376067C0 | |
| Source: | Code function: | 5_2_37608650 | |
| Source: | Code function: | 5_2_376096C8 | |
| Source: | Code function: | 5_2_37609D10 | |
| Source: | Code function: | 5_2_3760BDF0 | |
| Source: | Code function: | 5_2_3760A360 | |
| Source: | Code function: | 5_2_3760BA97 | |
| Source: | Code function: | 5_2_3760A9B0 | |
| Source: | Code function: | 5_2_37600040 | |
| Source: | Code function: | 5_2_37603F60 | |
| Source: | Code function: | 5_2_37603F70 | |
| Source: | Code function: | 5_2_37605F01 | |
| Source: | Code function: | 5_2_37605F10 | |
| Source: | Code function: | 5_2_3760AFF7 | |
| Source: | Code function: | 5_2_3760AFF8 | |
| Source: | Code function: | 5_2_37600FA8 | |
| Source: | Code function: | 5_2_376067B0 | |
| Source: | Code function: | 5_2_37605660 | |
| Source: | Code function: | 5_2_37608640 | |
| Source: | Code function: | 5_2_37605650 | |
| Source: | Code function: | 5_2_37602E10 | |
| Source: | Code function: | 5_2_376036C0 | |
| Source: | Code function: | 5_2_376036B0 | |
| Source: | Code function: | 5_2_376096B8 | |
| Source: | Code function: | 5_2_37602560 | |
| Source: | Code function: | 5_2_37602550 | |
| Source: | Code function: | 5_2_37609D00 | |
| Source: | Code function: | 5_2_37604DA0 | |
| Source: | Code function: | 5_2_37604DB0 | |
| Source: | Code function: | 5_2_37601400 | |
| Source: | Code function: | 5_2_37606C09 | |
| Source: | Code function: | 5_2_37606C18 | |
| Source: | Code function: | 5_2_376074C8 | |
| Source: | Code function: | 5_2_37601CA0 | |
| Source: | Code function: | 5_2_37601CB0 | |
| Source: | Code function: | 5_2_376074B8 | |
| Source: | Code function: | 5_2_37606368 | |
| Source: | Code function: | 5_2_37607B4F | |
| Source: | Code function: | 5_2_3760A352 | |
| Source: | Code function: | 5_2_37606358 | |
| Source: | Code function: | 5_2_37603B08 | |
| Source: | Code function: | 5_2_37603B18 | |
| Source: | Code function: | 5_2_376043C8 | |
| Source: | Code function: | 5_2_376043B9 | |
| Source: | Code function: | 5_2_37603268 | |
| Source: | Code function: | 5_2_37605206 | |
| Source: | Code function: | 5_2_37605208 | |
| Source: | Code function: | 5_2_37605AA8 | |
| Source: | Code function: | 5_2_37605AB8 | |
| Source: | Code function: | 5_2_3760F130 | |
| Source: | Code function: | 5_2_37602108 | |
| Source: | Code function: | 5_2_3760A9A0 | |
| Source: | Code function: | 5_2_376029A8 | |
| Source: | Code function: | 5_2_376029B8 | |
| Source: | Code function: | 5_2_37607061 | |
| Source: | Code function: | 5_2_37607070 | |
| Source: | Code function: | 5_2_37601858 | |
| Source: | Code function: | 5_2_37604820 | |
| Source: | Code function: | 5_2_37604810 | |
| Source: | Code function: | 5_2_37A3E790 | |
| Source: | Code function: | 5_2_37A3D608 | |
| Source: | Code function: | 5_2_37A38328 | |
| Source: | Code function: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Static PE information: | ||
| Source: | Classification label: | ||
| Source: | Code function: | 1_2_004034A5 | |
| Source: | Code function: | 5_2_004034A5 | |
| Source: | Code function: | 1_2_00404850 | |
| Source: | Code function: | 1_2_00402104 | |
| Source: | File created: | Jump to behavior | ||
| Source: | Mutant created: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | ReversingLabs: | ||
| Source: | Virustotal: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Static PE information: | ||
Data Obfuscation | |
|---|
| Source: | File source: | ||
| Source: | Code function: | 1_2_6FFB1B5F | |
| Source: | File created: | Jump to dropped file | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
Malware Analysis System Evasion | |
|---|
| Source: | API/Special instruction interceptor: | ||
| Source: | API/Special instruction interceptor: | ||
| Source: | RDTSC instruction interceptor: | ||
| Source: | RDTSC instruction interceptor: | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | API coverage: | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Code function: | 1_2_0040672B | |
| Source: | Code function: | 1_2_00405AFA | |
| Source: | Code function: | 1_2_00402868 | |
| Source: | Code function: | 5_2_00402868 | |
| Source: | Code function: | 5_2_0040672B | |
| Source: | Code function: | 5_2_00405AFA | |
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | API call chain: | graph_1-4589 | ||
| Source: | API call chain: | graph_1-4746 | ||
| Source: | Process information queried: | Jump to behavior | ||
| Source: | Process queried: | Jump to behavior | ||
| Source: | Process queried: | Jump to behavior | ||
| Source: | Code function: | 1_2_00402DF3 | |
| Source: | Code function: | 1_2_6FFB1B5F | |
| Source: | Process token adjusted: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Code function: | 1_2_004034A5 | |
| Source: | Key value queried: | Jump to behavior | ||
Lowering of HIPS / PFW / Operating System Security Settings | |
|---|
| Source: | Registry value created: | Jump to behavior | ||
| Source: | Registry value created: | Jump to behavior | ||
| Source: | Registry key created or modified: | Jump to behavior | ||
Stealing of Sensitive Information | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | File source: | ||
| Source: | File source: | ||
Remote Access Functionality | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Native API | 1 DLL Side-Loading | 1 DLL Side-Loading | 31 Disable or Modify Tools | 1 OS Credential Dumping | 2 File and Directory Discovery | Remote Services | 1 Archive Collected Data | 1 Web Service | Exfiltration Over Other Network Medium | 1 System Shutdown/Reboot |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 Access Token Manipulation | 1 Deobfuscate/Decode Files or Information | LSASS Memory | 215 System Information Discovery | Remote Desktop Protocol | 1 Data from Local System | 1 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 11 Process Injection | 2 Obfuscated Files or Information | Security Account Manager | 211 Security Software Discovery | SMB/Windows Admin Shares | 1 Email Collection | 21 Encrypted Channel | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 DLL Side-Loading | NTDS | 1 Process Discovery | Distributed Component Object Model | 1 Clipboard Data | 3 Non-Application Layer Protocol | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Masquerading | LSA Secrets | 41 Virtualization/Sandbox Evasion | SSH | Keylogging | 14 Application Layer Protocol | Scheduled Transfer | Data Encrypted for Impact |
| Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 41 Virtualization/Sandbox Evasion | Cached Domain Credentials | 1 Application Window Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
| DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 1 Access Token Manipulation | DCSync | 1 System Network Configuration Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
| Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 11 Process Injection | Proc Filesystem | System Owner/User Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 63% | ReversingLabs | Win32.Trojan.Guloader | ||
| 78% | Virustotal | Browse | ||
| 100% | Avira | HEUR/AGEN.1337946 |
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | ReversingLabs |
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe |
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| drive.google.com | 142.250.181.238 | true | false | high | |
| drive.usercontent.google.com | 142.250.181.225 | true | false | high | |
| reallyfreegeoip.org | 104.21.48.1 | true | false | high | |
| api.telegram.org | 149.154.167.220 | true | false | high | |
| checkip.dyndns.com | 132.226.8.169 | true | false | high | |
| checkip.dyndns.org | unknown | unknown | false | high |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| false | high | ||
| false | high | ||
| false | high |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| true |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 132.226.8.169 | checkip.dyndns.com | United States | 16989 | UTMEMUS | false | |
| 104.21.48.1 | reallyfreegeoip.org | United States | 13335 | CLOUDFLARENETUS | false | |
| 142.250.181.238 | drive.google.com | United States | 15169 | GOOGLEUS | false | |
| 149.154.167.220 | api.telegram.org | United Kingdom | 62041 | TELEGRAMRU | false | |
| 142.250.181.225 | drive.usercontent.google.com | United States | 15169 | GOOGLEUS | false |
| Joe Sandbox version: | 42.0.0 Malachite |
| Analysis ID: | 1588131 |
| Start date and time: | 2025-01-10 21:38:51 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 8m 4s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 8 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | v4nrZtP7K2.exerenamed because original name is a hash value |
| Original Sample Name: | fdf9354cf20fb94544d6bafaa777e8a40eba2d603e648b3dbdf35344d639b19d.exe |
| Detection: | MAL |
| Classification: | mal100.troj.spyw.evad.winEXE@3/8@5/5 |
| EGA Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
- Excluded IPs from analysis (whitelisted): 4.245.163.56, 13.107.246.45
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
- Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
| Time | Type | Description |
|---|---|---|
| 15:41:16 | API Interceptor |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 132.226.8.169 | Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| |
| Get hash | malicious | MassLogger RAT, PureLog Stealer | Browse |
| ||
| Get hash | malicious | MassLogger RAT, PureLog Stealer | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | PureLog Stealer, Snake Keylogger | Browse |
| ||
| Get hash | malicious | PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse |
| ||
| 104.21.48.1 | Get hash | malicious | FormBook | Browse |
| |
| Get hash | malicious | CMSBrute | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| reallyfreegeoip.org | Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| |
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | MassLogger RAT, PureLog Stealer | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| api.telegram.org | Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| |
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | AsyncRAT, StormKitty, WorldWind Stealer | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| checkip.dyndns.com | Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| |
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | MassLogger RAT, PureLog Stealer | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| CLOUDFLARENETUS | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | AsyncRAT, StormKitty, WorldWind Stealer | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Strela Downloader | Browse |
| ||
| TELEGRAMRU | Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| |
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | AsyncRAT, StormKitty, WorldWind Stealer | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| UTMEMUS | Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| |
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | MassLogger RAT, PureLog Stealer | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT, PureLog Stealer | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 54328bd36c14bd82ddaa0c04b25ed9ad | Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| |
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | MassLogger RAT, PureLog Stealer | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| 3b5074b1b5d032e5620f69f9f700ff0e | Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| |
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | AsyncRAT, StormKitty, WorldWind Stealer | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | LummaC, CAPTCHA Scam ClickFix, LummaC Stealer | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| C:\Users\user\AppData\Local\Temp\nsrBE9D.tmp\System.dll | Get hash | malicious | GuLoader, MassLogger RAT | Browse | ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse | |||
| Get hash | malicious | Remcos | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Remcos, GuLoader | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | LummaC Stealer | Browse |
| Process: | C:\Users\user\Desktop\v4nrZtP7K2.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 484658 |
| Entropy (8bit): | 7.809711763657168 |
| Encrypted: | false |
| SSDEEP: | 12288:W1S3xo63wl4biprI2S4WwWEcwxg9dvVAxZOCLF0DB:Wo3xX3y4bz2lWwWo6rSTZyd |
| MD5: | 5C727AE28F0DECF497FBB092BAE01B4E |
| SHA1: | AADE364AE8C2C91C6F59F85711B53078FB0763B7 |
| SHA-256: | 77CCACF58330509839E17A6CFD6B17FE3DE31577D8E2C37DC413839BA2FEEC80 |
| SHA-512: | 5246C0FBA41DF66AF89D986A3CEABC99B61DB9E9C217B28B2EC18AF31E3ED17C865387223CEB3A38A804243CF3307E07E557549026F49F52829BEBC4D4546C40 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\v4nrZtP7K2.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 112291 |
| Entropy (8bit): | 1.249420131631438 |
| Encrypted: | false |
| SSDEEP: | 768:5R+BCpkJWjYWL2MxTVLvUjpGqik9JiAfWA2DBQwD1PzUH+HYZmIo7x31sT:WCZY21w0I2NZYD |
| MD5: | 4D1D72CFC5940B09DFBD7B65916F532E |
| SHA1: | 30A45798B534842002B103A36A3B907063F8A96C |
| SHA-256: | 479F1904096978F1011DF05D52021FAEEE028D4CF331024C965CED8AF1C8D496 |
| SHA-512: | 048844A09E291903450188715BCDDF14F0F1F10BEAFBD005882EBF5D5E31A71D8F93EEBE788BD54B4AED2266C454F4DCA18AF4567977B7E773BBE29A38DEA45B |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\v4nrZtP7K2.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 288347 |
| Entropy (8bit): | 7.76879646626203 |
| Encrypted: | false |
| SSDEEP: | 6144:se/jlTMA4GQ1xLfOixTJLBvTCB+AfpRcqNn3IkVQUruWHUe8Y:vQ1UipJLxGZjdIWQUhP |
| MD5: | F0BB0FFA27E86DC65AA5AFA8E89AD9F0 |
| SHA1: | 28C29105C0C07086487A2689F13A31D8EB9B5E45 |
| SHA-256: | A0BB4CB8559E4C5339C3AA5DE17B4B9FE7C37C290BDB4F65B20486AB870BD8CD |
| SHA-512: | 381816EF635EC3B312DA64CB794E7D4AC3A70E0F1D8068526F00B7FB1FA12C7C7A1E3EB0E706D56A4B19075278DB5256519C0161EA2074A577BFCD19CC95149B |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\v4nrZtP7K2.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 362089 |
| Entropy (8bit): | 1.23992084267325 |
| Encrypted: | false |
| SSDEEP: | 768:xOeaameETrlE0+1mGOWb3h5WAV0hW+JSLSwzj2HlSdL0f6mhKZRaqOzWz6szt3cA:x+ds5dYOVxIW3hhdeRt6MeZ1W4vB |
| MD5: | A4340182CDDD2EC1F1480360218343F9 |
| SHA1: | 50EF929FEA713AA6FCC05E8B75F497B7946B285B |
| SHA-256: | B91E5B1FF5756F0B93DCF11CBC8B467CDA0C5792DE24D27EC86E7C74388B44B3 |
| SHA-512: | 021F198AFF7CCED92912C74FC97D1919A9E059F22E99AB1236FBAA36C16B520C07B78F47FC01FCFAC1B53A87CDAE3E440D0589FA2844612617FAB2EDB64A3573 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\v4nrZtP7K2.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 127783 |
| Entropy (8bit): | 4.601249713365416 |
| Encrypted: | false |
| SSDEEP: | 1536:fKZgV2DYZpY+dZLJJmrC5viSvGLMXJNA2qyH8r9BUfmSY6y9P8A9u:fIgV2DYZpY+JJmGQS2MXHrYwY6yF8AA |
| MD5: | 5F27AEBFF7F1A9D5116E3B4E082FCBE4 |
| SHA1: | 6339A4C8FCA14E3A2D9AC07A998DB7B05CC45833 |
| SHA-256: | C8869F228120EAB585C727028AC4C614B204A4944264EF7845706705DC50B8AD |
| SHA-512: | DB9C283923753A702B3625239967E28D50F8FFEDFE16CFEE848E895BA5E5F36F22379285AF683D79DDE4B59593D4A202B839FA3C49A2A76AA2E8934C1B1F672D |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\v4nrZtP7K2.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 139354 |
| Entropy (8bit): | 1.2473328695625903 |
| Encrypted: | false |
| SSDEEP: | 768:9OsMSh8lSnJGyUzWZsO2ipzPFmDZC9kpzroto48tf2+5lVp:9delFlqNawgJp |
| MD5: | B0FB6B583D6902DE58E1202D12BA4832 |
| SHA1: | 7F585B5C3A4581CE76E373C78A6513F157B20480 |
| SHA-256: | E6EA5F6D0C7F5FA407269C7F4FF6D97149B7611071BF5BF6C454B810501AE661 |
| SHA-512: | E0894FFBD76C3476DC083DAFD24F88964BF6E09E4CA955766B43FE73A764A00247C930E9996652A22B57B27826CD94F88B8178514060CA398DE568675F9E4571 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\v4nrZtP7K2.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 12288 |
| Entropy (8bit): | 5.719859767584478 |
| Encrypted: | false |
| SSDEEP: | 192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6 |
| MD5: | 0D7AD4F45DC6F5AA87F606D0331C6901 |
| SHA1: | 48DF0911F0484CBE2A8CDD5362140B63C41EE457 |
| SHA-256: | 3EB38AE99653A7DBC724132EE240F6E5C4AF4BFE7C01D31D23FAF373F9F2EACA |
| SHA-512: | C07DE7308CB54205E8BD703001A7FE4FD7796C9AC1B4BB330C77C872BF712B093645F40B80CE7127531FE6746A5B66E18EA073AB6A644934ABED9BB64126FEA9 |
| Malicious: | false |
| Antivirus: |
|
| Joe Sandbox View: |
|
| Preview: |
| Process: | C:\Users\user\Desktop\v4nrZtP7K2.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1540705 |
| Entropy (8bit): | 5.47073589870663 |
| Encrypted: | false |
| SSDEEP: | 24576:YMLxGkW74o3xX3y4bz2lWwWo6rSTZyJ2u:RLI9UoBXbz2luo6rS1yIu |
| MD5: | CF14F7C69F6F691FC3B24EB229DB418A |
| SHA1: | 68C2055DBEC0F8D9401F9E1C1FC91B3A582A56A9 |
| SHA-256: | 4CCCC12A887F8F8EB14C807B10171984710FF4DB5F68343C3E78F692B55F8EC1 |
| SHA-512: | 9CC6B0DA679CD0BE9CFB0331EAB3330CDA597E2F70752831EB0283B9B27A8B457FEC9DA161398A57C3E695FF29EA3B421BF225A8409F69379C30EB982C154F86 |
| Malicious: | false |
| Preview: |
| File type: | |
| Entropy (8bit): | 7.961647755569379 |
| TrID: |
|
| File name: | v4nrZtP7K2.exe |
| File size: | 1'048'063 bytes |
| MD5: | 0f45bbafc276fa80464c8892ba6f5b2a |
| SHA1: | 3f0ec83b231cf0ba0a1fee3696e709bc75d199eb |
| SHA256: | fdf9354cf20fb94544d6bafaa777e8a40eba2d603e648b3dbdf35344d639b19d |
| SHA512: | ba9d22d58bda06d7a543300b2e24f80013c29c601435599b7a71f6eab251ad41c42eb6b86fa372dacf5ff13608318540c1958f96fb2e6b60341b2b4e7105ce42 |
| SSDEEP: | 24576:9jwKCNgy7VhN29a3rg63IzXcl7FGPxuXZ+QCynWi/FP9N9:V1Cr5u9wU0l0xuJZCcb |
| TLSH: | C5253305B212FAEBC6D2C630791515BF6C769D60AC54DD1313E83B1A7F703B18AAC369 |
| File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf..sV..Pf..V`..Pf.Rich.Pf.........................PE..L...$..\.................f...*..... |
 | |
| Icon Hash: | 46224e4c19391d03 |
| Entrypoint: | 0x4034a5 |
| Entrypoint Section: | .text |
| Digitally signed: | false |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
| DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
| Time Stamp: | 0x5C157F24 [Sat Dec 15 22:24:36 2018 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 4 |
| OS Version Minor: | 0 |
| File Version Major: | 4 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 4 |
| Subsystem Version Minor: | 0 |
| Import Hash: | 1f23f452093b5c1ff091a2f9fb4fa3e9 |
| Instruction |
|---|
| sub esp, 000002D4h |
| push ebx |
| push esi |
| push edi |
| push 00000020h |
| pop edi |
| xor ebx, ebx |
| push 00008001h |
| mov dword ptr [esp+14h], ebx |
| mov dword ptr [esp+10h], 0040A230h |
| mov dword ptr [esp+1Ch], ebx |
| call dword ptr [004080ACh] |
| call dword ptr [004080A8h] |
| and eax, BFFFFFFFh |
| cmp ax, 00000006h |
| mov dword ptr [0042A24Ch], eax |
| je 00007FDDF8E65EA3h |
| push ebx |
| call 00007FDDF8E6916Dh |
| cmp eax, ebx |
| je 00007FDDF8E65E99h |
| push 00000C00h |
| call eax |
| mov esi, 004082B0h |
| push esi |
| call 00007FDDF8E690E7h |
| push esi |
| call dword ptr [00408150h] |
| lea esi, dword ptr [esi+eax+01h] |
| cmp byte ptr [esi], 00000000h |
| jne 00007FDDF8E65E7Ch |
| push 0000000Ah |
| call 00007FDDF8E69140h |
| push 00000008h |
| call 00007FDDF8E69139h |
| push 00000006h |
| mov dword ptr [0042A244h], eax |
| call 00007FDDF8E6912Dh |
| cmp eax, ebx |
| je 00007FDDF8E65EA1h |
| push 0000001Eh |
| call eax |
| test eax, eax |
| je 00007FDDF8E65E99h |
| or byte ptr [0042A24Fh], 00000040h |
| push ebp |
| call dword ptr [00408044h] |
| push ebx |
| call dword ptr [004082A0h] |
| mov dword ptr [0042A318h], eax |
| push ebx |
| lea eax, dword ptr [esp+34h] |
| push 000002B4h |
| push eax |
| push ebx |
| push 004216E8h |
| call dword ptr [00408188h] |
| push 0040A384h |
| Programming Language: |
|
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0x8504 | 0xa0 | .rdata |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x55000 | 0x21068 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x8000 | 0x2b0 | .rdata |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0x6409 | 0x6600 | bfe2b726d49cbd922b87bad5eea65e61 | False | 0.6540287990196079 | data | 6.416186322230332 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .rdata | 0x8000 | 0x1396 | 0x1400 | d45dcba8ca646543f7e339e20089687e | False | 0.45234375 | data | 5.154907432640367 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .data | 0xa000 | 0x20358 | 0x600 | 8575fc5e872ca789611c386779287649 | False | 0.5026041666666666 | data | 4.004402321344153 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .ndata | 0x2b000 | 0x2a000 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .rsrc | 0x55000 | 0x21068 | 0x21200 | 03ed2ed76ba15352dac9e48819696134 | False | 0.8714696344339623 | data | 7.556190648348207 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
|---|---|---|---|---|---|---|
| RT_BITMAP | 0x554c0 | 0x368 | Device independent bitmap graphic, 96 x 16 x 4, image size 768 | English | United States | 0.23623853211009174 |
| RT_ICON | 0x55828 | 0xc2a3 | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States | 0.9966684729162903 |
| RT_ICON | 0x61ad0 | 0x86e0 | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States | 0.990210843373494 |
| RT_ICON | 0x6a1b0 | 0x5085 | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States | 0.9867559307233299 |
| RT_ICON | 0x6f238 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | English | United States | 0.4358921161825726 |
| RT_ICON | 0x717e0 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | English | United States | 0.4896810506566604 |
| RT_ICON | 0x72888 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors | English | United States | 0.5367803837953091 |
| RT_ICON | 0x73730 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors | English | United States | 0.6913357400722022 |
| RT_ICON | 0x73fd8 | 0x668 | Device independent bitmap graphic, 48 x 96 x 4, image size 1152 | English | United States | 0.38597560975609757 |
| RT_ICON | 0x74640 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors | English | United States | 0.4934971098265896 |
| RT_ICON | 0x74ba8 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | English | United States | 0.651595744680851 |
| RT_ICON | 0x75010 | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 512 | English | United States | 0.46908602150537637 |
| RT_ICON | 0x752f8 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 128 | English | United States | 0.5472972972972973 |
| RT_DIALOG | 0x75420 | 0x120 | data | English | United States | 0.53125 |
| RT_DIALOG | 0x75540 | 0x118 | data | English | United States | 0.5678571428571428 |
| RT_DIALOG | 0x75658 | 0x120 | data | English | United States | 0.5104166666666666 |
| RT_DIALOG | 0x75778 | 0xf8 | data | English | United States | 0.6330645161290323 |
| RT_DIALOG | 0x75870 | 0xa0 | data | English | United States | 0.6125 |
| RT_DIALOG | 0x75910 | 0x60 | data | English | United States | 0.7291666666666666 |
| RT_GROUP_ICON | 0x75970 | 0xae | data | English | United States | 0.6091954022988506 |
| RT_VERSION | 0x75a20 | 0x308 | data | English | United States | 0.47036082474226804 |
| RT_MANIFEST | 0x75d28 | 0x33e | XML 1.0 document, ASCII text, with very long lines (830), with no line terminators | English | United States | 0.5542168674698795 |
| DLL | Import |
|---|---|
| KERNEL32.dll | ExitProcess, SetFileAttributesW, Sleep, GetTickCount, CreateFileW, GetFileSize, GetModuleFileNameW, GetCurrentProcess, SetCurrentDirectoryW, GetFileAttributesW, SetEnvironmentVariableW, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, GetVersion, SetErrorMode, lstrlenW, lstrcpynW, CopyFileW, GetShortPathNameW, GlobalLock, CreateThread, GetLastError, CreateDirectoryW, CreateProcessW, RemoveDirectoryW, lstrcmpiA, GetTempFileNameW, WriteFile, lstrcpyA, MoveFileExW, lstrcatW, GetSystemDirectoryW, GetProcAddress, GetModuleHandleA, GetExitCodeProcess, WaitForSingleObject, lstrcmpiW, MoveFileW, GetFullPathNameW, SetFileTime, SearchPathW, CompareFileTime, lstrcmpW, CloseHandle, ExpandEnvironmentStringsW, GlobalFree, GlobalUnlock, GetDiskFreeSpaceW, GlobalAlloc, FindFirstFileW, FindNextFileW, DeleteFileW, SetFilePointer, ReadFile, FindClose, lstrlenA, MulDiv, MultiByteToWideChar, WideCharToMultiByte, GetPrivateProfileStringW, WritePrivateProfileStringW, FreeLibrary, LoadLibraryExW, GetModuleHandleW |
| USER32.dll | GetSystemMenu, SetClassLongW, EnableMenuItem, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongW, SetCursor, LoadCursorW, CheckDlgButton, GetMessagePos, LoadBitmapW, CallWindowProcW, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, ScreenToClient, GetWindowRect, GetDlgItem, GetSystemMetrics, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharPrevW, CharNextA, wsprintfA, DispatchMessageW, PeekMessageW, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, GetDC, SetTimer, SetWindowTextW, LoadImageW, SetForegroundWindow, ShowWindow, IsWindow, SetWindowLongW, FindWindowExW, TrackPopupMenu, AppendMenuW, CreatePopupMenu, EndPaint, CreateDialogParamW, SendMessageTimeoutW, wsprintfW, PostQuitMessage |
| GDI32.dll | SelectObject, SetBkMode, CreateFontIndirectW, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor |
| SHELL32.dll | SHGetSpecialFolderLocation, ShellExecuteExW, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, SHFileOperationW |
| ADVAPI32.dll | AdjustTokenPrivileges, RegCreateKeyExW, RegOpenKeyExW, SetFileSecurityW, OpenProcessToken, LookupPrivilegeValueW, RegEnumValueW, RegDeleteKeyW, RegDeleteValueW, RegCloseKey, RegSetValueExW, RegQueryValueExW, RegEnumKeyW |
| COMCTL32.dll | ImageList_Create, ImageList_AddMasked, ImageList_Destroy |
| ole32.dll | OleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance |
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| English | United States |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-01-10T21:41:04.055782+0100 | 2803270 | ETPRO MALWARE Common Downloader Header Pattern UHCa | 2 | 192.168.2.9 | 49709 | 142.250.181.238 | 443 | TCP |
| 2025-01-10T21:41:10.679332+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.9 | 49711 | 132.226.8.169 | 80 | TCP |
| 2025-01-10T21:41:17.366602+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.9 | 49711 | 132.226.8.169 | 80 | TCP |
| 2025-01-10T21:41:17.999582+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.9 | 49740 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:18.295718+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.9 | 49740 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:19.616728+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.9 | 49750 | 132.226.8.169 | 80 | TCP |
| 2025-01-10T21:41:20.221607+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.9 | 49757 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:20.550220+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.9 | 49757 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:22.080335+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.9 | 49769 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:22.413988+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.9 | 49769 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:23.902379+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.9 | 49782 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:24.243171+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.9 | 49782 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:25.754752+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.9 | 49798 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:26.308224+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.9 | 49798 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:27.821372+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.9 | 49811 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:28.116897+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.9 | 49811 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:29.651156+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.9 | 49827 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:29.905652+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.9 | 49827 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:31.373410+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.9 | 49839 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:31.772274+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.9 | 49839 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:33.258256+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.9 | 49853 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:33.621335+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.9 | 49853 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:35.078882+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.9 | 49865 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:35.475737+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.9 | 49865 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:37.005576+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.9 | 49877 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:37.261635+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.9 | 49877 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:38.759064+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.9 | 49890 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:39.030142+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.9 | 49890 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:40.507479+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.9 | 49905 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:40.935980+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.9 | 49905 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:42.455994+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.9 | 49919 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:42.794589+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.9 | 49919 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:44.380265+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.9 | 49930 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:44.714132+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.9 | 49930 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:46.567194+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.9 | 49946 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:47.640280+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.9 | 49946 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:49.400542+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.9 | 49962 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:49.647010+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.9 | 49962 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:51.084566+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.9 | 49973 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:51.526150+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.9 | 49973 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:52.988544+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.9 | 49988 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:53.376503+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.9 | 49988 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:54.843402+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.9 | 50001 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:55.153990+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.9 | 50001 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:56.646970+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.9 | 50014 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:56.893527+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.9 | 50014 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:58.410818+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.9 | 50022 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:41:58.883067+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.9 | 50022 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:42:00.462252+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.9 | 50024 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:42:00.709410+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.9 | 50024 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:42:02.832012+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.9 | 50026 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:42:03.304992+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.9 | 50026 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:42:04.799457+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.9 | 50028 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:42:05.344060+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.9 | 50028 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:42:07.009354+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.9 | 50030 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:42:07.250403+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.9 | 50030 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:42:09.621156+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.9 | 50032 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:42:09.956106+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.9 | 50032 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:42:11.534767+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.9 | 50034 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:42:11.868333+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.9 | 50034 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:42:13.132415+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.9 | 50035 | 132.226.8.169 | 80 | TCP |
| 2025-01-10T21:42:13.713057+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.9 | 50036 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:42:13.974062+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.9 | 50036 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:42:15.429818+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.9 | 50038 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:42:15.775576+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.9 | 50038 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:42:17.260407+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.9 | 50040 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:42:17.647059+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.9 | 50040 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:42:20.136836+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.9 | 50042 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:42:20.575719+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.9 | 50042 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:42:24.950422+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.9 | 50044 | 149.154.167.220 | 443 | TCP |
| 2025-01-10T21:42:25.228901+0100 | 2057744 | ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram | 1 | 192.168.2.9 | 50044 | 149.154.167.220 | 443 | TCP |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Jan 10, 2025 21:41:01.937985897 CET | 49709 | 443 | 192.168.2.9 | 142.250.181.238 |
| Jan 10, 2025 21:41:01.938039064 CET | 443 | 49709 | 142.250.181.238 | 192.168.2.9 |
| Jan 10, 2025 21:41:01.938168049 CET | 49709 | 443 | 192.168.2.9 | 142.250.181.238 |
| Jan 10, 2025 21:41:01.953969002 CET | 49709 | 443 | 192.168.2.9 | 142.250.181.238 |
| Jan 10, 2025 21:41:01.953993082 CET | 443 | 49709 | 142.250.181.238 | 192.168.2.9 |
| Jan 10, 2025 21:41:02.617229939 CET | 443 | 49709 | 142.250.181.238 | 192.168.2.9 |
| Jan 10, 2025 21:41:02.617465973 CET | 49709 | 443 | 192.168.2.9 | 142.250.181.238 |
| Jan 10, 2025 21:41:02.618026018 CET | 443 | 49709 | 142.250.181.238 | 192.168.2.9 |
| Jan 10, 2025 21:41:02.618311882 CET | 49709 | 443 | 192.168.2.9 | 142.250.181.238 |
| Jan 10, 2025 21:41:02.812295914 CET | 49709 | 443 | 192.168.2.9 | 142.250.181.238 |
| Jan 10, 2025 21:41:02.812346935 CET | 443 | 49709 | 142.250.181.238 | 192.168.2.9 |
| Jan 10, 2025 21:41:02.812716961 CET | 443 | 49709 | 142.250.181.238 | 192.168.2.9 |
| Jan 10, 2025 21:41:02.813059092 CET | 49709 | 443 | 192.168.2.9 | 142.250.181.238 |
| Jan 10, 2025 21:41:02.828888893 CET | 49709 | 443 | 192.168.2.9 | 142.250.181.238 |
| Jan 10, 2025 21:41:02.871325970 CET | 443 | 49709 | 142.250.181.238 | 192.168.2.9 |
| Jan 10, 2025 21:41:04.055772066 CET | 443 | 49709 | 142.250.181.238 | 192.168.2.9 |
| Jan 10, 2025 21:41:04.055896044 CET | 49709 | 443 | 192.168.2.9 | 142.250.181.238 |
| Jan 10, 2025 21:41:04.055911064 CET | 443 | 49709 | 142.250.181.238 | 192.168.2.9 |
| Jan 10, 2025 21:41:04.055968046 CET | 49709 | 443 | 192.168.2.9 | 142.250.181.238 |
| Jan 10, 2025 21:41:04.057316065 CET | 443 | 49709 | 142.250.181.238 | 192.168.2.9 |
| Jan 10, 2025 21:41:04.057358980 CET | 443 | 49709 | 142.250.181.238 | 192.168.2.9 |
| Jan 10, 2025 21:41:04.057463884 CET | 49709 | 443 | 192.168.2.9 | 142.250.181.238 |
| Jan 10, 2025 21:41:04.080507994 CET | 49709 | 443 | 192.168.2.9 | 142.250.181.238 |
| Jan 10, 2025 21:41:04.080528021 CET | 443 | 49709 | 142.250.181.238 | 192.168.2.9 |
| Jan 10, 2025 21:41:04.119744062 CET | 49710 | 443 | 192.168.2.9 | 142.250.181.225 |
| Jan 10, 2025 21:41:04.119796991 CET | 443 | 49710 | 142.250.181.225 | 192.168.2.9 |
| Jan 10, 2025 21:41:04.120126009 CET | 49710 | 443 | 192.168.2.9 | 142.250.181.225 |
| Jan 10, 2025 21:41:04.120274067 CET | 49710 | 443 | 192.168.2.9 | 142.250.181.225 |
| Jan 10, 2025 21:41:04.120285988 CET | 443 | 49710 | 142.250.181.225 | 192.168.2.9 |
| Jan 10, 2025 21:41:04.765955925 CET | 443 | 49710 | 142.250.181.225 | 192.168.2.9 |
| Jan 10, 2025 21:41:04.766060114 CET | 49710 | 443 | 192.168.2.9 | 142.250.181.225 |
| Jan 10, 2025 21:41:04.770020962 CET | 49710 | 443 | 192.168.2.9 | 142.250.181.225 |
| Jan 10, 2025 21:41:04.770035982 CET | 443 | 49710 | 142.250.181.225 | 192.168.2.9 |
| Jan 10, 2025 21:41:04.770297050 CET | 443 | 49710 | 142.250.181.225 | 192.168.2.9 |
| Jan 10, 2025 21:41:04.770354986 CET | 49710 | 443 | 192.168.2.9 | 142.250.181.225 |
| Jan 10, 2025 21:41:04.770710945 CET | 49710 | 443 | 192.168.2.9 | 142.250.181.225 |
| Jan 10, 2025 21:41:04.811327934 CET | 443 | 49710 | 142.250.181.225 | 192.168.2.9 |
| Jan 10, 2025 21:41:07.186510086 CET | 443 | 49710 | 142.250.181.225 | 192.168.2.9 |
| Jan 10, 2025 21:41:07.186661005 CET | 49710 | 443 | 192.168.2.9 | 142.250.181.225 |
| Jan 10, 2025 21:41:07.192502975 CET | 443 | 49710 | 142.250.181.225 | 192.168.2.9 |
| Jan 10, 2025 21:41:07.192679882 CET | 49710 | 443 | 192.168.2.9 | 142.250.181.225 |
| Jan 10, 2025 21:41:07.204996109 CET | 443 | 49710 | 142.250.181.225 | 192.168.2.9 |
| Jan 10, 2025 21:41:07.205060959 CET | 49710 | 443 | 192.168.2.9 | 142.250.181.225 |
| Jan 10, 2025 21:41:07.205081940 CET | 443 | 49710 | 142.250.181.225 | 192.168.2.9 |
| Jan 10, 2025 21:41:07.205548048 CET | 49710 | 443 | 192.168.2.9 | 142.250.181.225 |
| Jan 10, 2025 21:41:07.211057901 CET | 443 | 49710 | 142.250.181.225 | 192.168.2.9 |
| Jan 10, 2025 21:41:07.211098909 CET | 49710 | 443 | 192.168.2.9 | 142.250.181.225 |
| Jan 10, 2025 21:41:07.286135912 CET | 443 | 49710 | 142.250.181.225 | 192.168.2.9 |
| Jan 10, 2025 21:41:07.286201000 CET | 443 | 49710 | 142.250.181.225 | 192.168.2.9 |
| Jan 10, 2025 21:41:07.286228895 CET | 443 | 49710 | 142.250.181.225 | 192.168.2.9 |
| Jan 10, 2025 21:41:07.286267042 CET | 49710 | 443 | 192.168.2.9 | 142.250.181.225 |
| Jan 10, 2025 21:41:07.286303043 CET | 443 | 49710 | 142.250.181.225 | 192.168.2.9 |
| Jan 10, 2025 21:41:07.286350012 CET | 49710 | 443 | 192.168.2.9 | 142.250.181.225 |
| Jan 10, 2025 21:41:07.286350012 CET | 49710 | 443 | 192.168.2.9 | 142.250.181.225 |
| Jan 10, 2025 21:41:07.286564112 CET | 443 | 49710 | 142.250.181.225 | 192.168.2.9 |
| Jan 10, 2025 21:41:07.286637068 CET | 443 | 49710 | 142.250.181.225 | 192.168.2.9 |
| Jan 10, 2025 21:41:07.286670923 CET | 49710 | 443 | 192.168.2.9 | 142.250.181.225 |
| Jan 10, 2025 21:41:07.286670923 CET | 49710 | 443 | 192.168.2.9 | 142.250.181.225 |
| Jan 10, 2025 21:41:07.286678076 CET | 443 | 49710 | 142.250.181.225 | 192.168.2.9 |
| Jan 10, 2025 21:41:07.287350893 CET | 49710 | 443 | 192.168.2.9 | 142.250.181.225 |
| Jan 10, 2025 21:41:07.288539886 CET | 443 | 49710 | 142.250.181.225 | 192.168.2.9 |
| Jan 10, 2025 21:41:07.288757086 CET | 49710 | 443 | 192.168.2.9 | 142.250.181.225 |
| Jan 10, 2025 21:41:07.288774967 CET | 443 | 49710 | 142.250.181.225 | 192.168.2.9 |
| Jan 10, 2025 21:41:07.288858891 CET | 49710 | 443 | 192.168.2.9 | 142.250.181.225 |
| Jan 10, 2025 21:41:07.296926022 CET | 443 | 49710 | 142.250.181.225 | 192.168.2.9 |
| Jan 10, 2025 21:41:07.299335003 CET | 49710 | 443 | 192.168.2.9 | 142.250.181.225 |
| Jan 10, 2025 21:41:07.299344063 CET | 443 | 49710 | 142.250.181.225 | 192.168.2.9 |
| Jan 10, 2025 21:41:07.301632881 CET | 49710 | 443 | 192.168.2.9 | 142.250.181.225 |
| Jan 10, 2025 21:41:07.314791918 CET | 443 | 49710 | 142.250.181.225 | 192.168.2.9 |
| Jan 10, 2025 21:41:07.315342903 CET | 49710 | 443 | 192.168.2.9 | 142.250.181.225 |
| Jan 10, 2025 21:41:07.315354109 CET | 443 | 49710 | 142.250.181.225 | 192.168.2.9 |
| Jan 10, 2025 21:41:07.316736937 CET | 49710 | 443 | 192.168.2.9 | 142.250.181.225 |
| Jan 10, 2025 21:41:07.321120024 CET | 443 | 49710 | 142.250.181.225 | 192.168.2.9 |
| Jan 10, 2025 21:41:07.321166992 CET | 49710 | 443 | 192.168.2.9 | 142.250.181.225 |
| Jan 10, 2025 21:41:07.321181059 CET | 443 | 49710 | 142.250.181.225 | 192.168.2.9 |
| Jan 10, 2025 21:41:07.321218014 CET | 49710 | 443 | 192.168.2.9 | 142.250.181.225 |
| Jan 10, 2025 21:41:07.322712898 CET | 443 | 49710 | 142.250.181.225 | 192.168.2.9 |
| Jan 10, 2025 21:41:07.322752953 CET | 49710 | 443 | 192.168.2.9 | 142.250.181.225 |
| Jan 10, 2025 21:41:07.322799921 CET | 443 | 49710 | 142.250.181.225 | 192.168.2.9 |
| Jan 10, 2025 21:41:07.322848082 CET | 49710 | 443 | 192.168.2.9 | 142.250.181.225 |
| Jan 10, 2025 21:41:07.324325085 CET | 443 | 49710 | 142.250.181.225 | 192.168.2.9 |
| Jan 10, 2025 21:41:07.324382067 CET | 49710 | 443 | 192.168.2.9 | 142.250.181.225 |
| Jan 10, 2025 21:41:07.324402094 CET | 443 | 49710 | 142.250.181.225 | 192.168.2.9 |
| Jan 10, 2025 21:41:07.324465990 CET | 49710 | 443 | 192.168.2.9 | 142.250.181.225 |
| Jan 10, 2025 21:41:07.325314045 CET | 443 | 49710 | 142.250.181.225 | 192.168.2.9 |
| Jan 10, 2025 21:41:07.325361967 CET | 49710 | 443 | 192.168.2.9 | 142.250.181.225 |
| Jan 10, 2025 21:41:07.325366974 CET | 443 | 49710 | 142.250.181.225 | 192.168.2.9 |
| Jan 10, 2025 21:41:07.325397968 CET | 49710 | 443 | 192.168.2.9 | 142.250.181.225 |
| Jan 10, 2025 21:41:07.331069946 CET | 443 | 49710 | 142.250.181.225 | 192.168.2.9 |
| Jan 10, 2025 21:41:07.331137896 CET | 49710 | 443 | 192.168.2.9 | 142.250.181.225 |
| Jan 10, 2025 21:41:07.331152916 CET | 443 | 49710 | 142.250.181.225 | 192.168.2.9 |
| Jan 10, 2025 21:41:07.331188917 CET | 49710 | 443 | 192.168.2.9 | 142.250.181.225 |
| Jan 10, 2025 21:41:07.336972952 CET | 443 | 49710 | 142.250.181.225 | 192.168.2.9 |
| Jan 10, 2025 21:41:07.337030888 CET | 49710 | 443 | 192.168.2.9 | 142.250.181.225 |
| Jan 10, 2025 21:41:07.339725971 CET | 443 | 49710 | 142.250.181.225 | 192.168.2.9 |
| Jan 10, 2025 21:41:07.339796066 CET | 49710 | 443 | 192.168.2.9 | 142.250.181.225 |
| Jan 10, 2025 21:41:07.342830896 CET | 443 | 49710 | 142.250.181.225 | 192.168.2.9 |
| Jan 10, 2025 21:41:07.342884064 CET | 49710 | 443 | 192.168.2.9 | 142.250.181.225 |
| Jan 10, 2025 21:41:07.363629103 CET | 443 | 49710 | 142.250.181.225 | 192.168.2.9 |
| Jan 10, 2025 21:41:07.363734961 CET | 49710 | 443 | 192.168.2.9 | 142.250.181.225 |
| Jan 10, 2025 21:41:07.363746881 CET | 443 | 49710 | 142.250.181.225 | 192.168.2.9 |
| Jan 10, 2025 21:41:07.363779068 CET | 49710 | 443 | 192.168.2.9 | 142.250.181.225 |
| Jan 10, 2025 21:41:07.363792896 CET | 443 | 49710 | 142.250.181.225 | 192.168.2.9 |
| Jan 10, 2025 21:41:07.363832951 CET | 49710 | 443 | 192.168.2.9 | 142.250.181.225 |
| Jan 10, 2025 21:41:07.363898993 CET | 443 | 49710 | 142.250.181.225 | 192.168.2.9 |
| Jan 10, 2025 21:41:07.363939047 CET | 49710 | 443 | 192.168.2.9 | 142.250.181.225 |
| Jan 10, 2025 21:41:07.364245892 CET | 443 | 49710 | 142.250.181.225 | 192.168.2.9 |
| Jan 10, 2025 21:41:07.364288092 CET | 49710 | 443 | 192.168.2.9 | 142.250.181.225 |
| Jan 10, 2025 21:41:07.364326000 CET | 443 | 49710 | 142.250.181.225 | 192.168.2.9 |
| Jan 10, 2025 21:41:07.364367008 CET | 49710 | 443 | 192.168.2.9 | 142.250.181.225 |
| Jan 10, 2025 21:41:07.364602089 CET | 443 | 49710 | 142.250.181.225 | 192.168.2.9 |
| Jan 10, 2025 21:41:07.364645958 CET | 49710 | 443 | 192.168.2.9 | 142.250.181.225 |
| Jan 10, 2025 21:41:07.368122101 CET | 443 | 49710 | 142.250.181.225 | 192.168.2.9 |
| Jan 10, 2025 21:41:07.368180037 CET | 49710 | 443 | 192.168.2.9 | 142.250.181.225 |
| Jan 10, 2025 21:41:07.368196011 CET | 443 | 49710 | 142.250.181.225 | 192.168.2.9 |
| Jan 10, 2025 21:41:07.368236065 CET | 49710 | 443 | 192.168.2.9 | 142.250.181.225 |
| Jan 10, 2025 21:41:07.368266106 CET | 443 | 49710 | 142.250.181.225 | 192.168.2.9 |
| Jan 10, 2025 21:41:07.368307114 CET | 49710 | 443 | 192.168.2.9 | 142.250.181.225 |
| Jan 10, 2025 21:41:07.373720884 CET | 443 | 49710 | 142.250.181.225 | 192.168.2.9 |
| Jan 10, 2025 21:41:07.373791933 CET | 49710 | 443 | 192.168.2.9 | 142.250.181.225 |
| Jan 10, 2025 21:41:07.373812914 CET | 443 | 49710 | 142.250.181.225 | 192.168.2.9 |
| Jan 10, 2025 21:41:07.373867989 CET | 49710 | 443 | 192.168.2.9 | 142.250.181.225 |
| Jan 10, 2025 21:41:07.379102945 CET | 443 | 49710 | 142.250.181.225 | 192.168.2.9 |
| Jan 10, 2025 21:41:07.379158020 CET | 49710 | 443 | 192.168.2.9 | 142.250.181.225 |
| Jan 10, 2025 21:41:07.379179955 CET | 443 | 49710 | 142.250.181.225 | 192.168.2.9 |
| Jan 10, 2025 21:41:07.379225016 CET | 49710 | 443 | 192.168.2.9 | 142.250.181.225 |
| Jan 10, 2025 21:41:07.384011984 CET | 443 | 49710 | 142.250.181.225 | 192.168.2.9 |
| Jan 10, 2025 21:41:07.384073019 CET | 49710 | 443 | 192.168.2.9 | 142.250.181.225 |
| Jan 10, 2025 21:41:07.384088039 CET | 443 | 49710 | 142.250.181.225 | 192.168.2.9 |
| Jan 10, 2025 21:41:07.384135008 CET | 49710 | 443 | 192.168.2.9 | 142.250.181.225 |
| Jan 10, 2025 21:41:07.389013052 CET | 443 | 49710 | 142.250.181.225 | 192.168.2.9 |
| Jan 10, 2025 21:41:07.389091015 CET | 49710 | 443 | 192.168.2.9 | 142.250.181.225 |
| Jan 10, 2025 21:41:07.389103889 CET | 443 | 49710 | 142.250.181.225 | 192.168.2.9 |
| Jan 10, 2025 21:41:07.389156103 CET | 49710 | 443 | 192.168.2.9 | 142.250.181.225 |
| Jan 10, 2025 21:41:07.393640041 CET | 443 | 49710 | 142.250.181.225 | 192.168.2.9 |
| Jan 10, 2025 21:41:07.393692017 CET | 49710 | 443 | 192.168.2.9 | 142.250.181.225 |
| Jan 10, 2025 21:41:07.393744946 CET | 443 | 49710 | 142.250.181.225 | 192.168.2.9 |
| Jan 10, 2025 21:41:07.393791914 CET | 49710 | 443 | 192.168.2.9 | 142.250.181.225 |
| Jan 10, 2025 21:41:07.398317099 CET | 443 | 49710 | 142.250.181.225 | 192.168.2.9 |
| Jan 10, 2025 21:41:07.398374081 CET | 49710 | 443 | 192.168.2.9 | 142.250.181.225 |
| Jan 10, 2025 21:41:07.398391962 CET | 443 | 49710 | 142.250.181.225 | 192.168.2.9 |
| Jan 10, 2025 21:41:07.398433924 CET | 49710 | 443 | 192.168.2.9 | 142.250.181.225 |
| Jan 10, 2025 21:41:07.403152943 CET | 443 | 49710 | 142.250.181.225 | 192.168.2.9 |
| Jan 10, 2025 21:41:07.403245926 CET | 49710 | 443 | 192.168.2.9 | 142.250.181.225 |
| Jan 10, 2025 21:41:07.403357983 CET | 443 | 49710 | 142.250.181.225 | 192.168.2.9 |
| Jan 10, 2025 21:41:07.403409958 CET | 49710 | 443 | 192.168.2.9 | 142.250.181.225 |
| Jan 10, 2025 21:41:07.407676935 CET | 443 | 49710 | 142.250.181.225 | 192.168.2.9 |
| Jan 10, 2025 21:41:07.407731056 CET | 49710 | 443 | 192.168.2.9 | 142.250.181.225 |
| Jan 10, 2025 21:41:07.407754898 CET | 443 | 49710 | 142.250.181.225 | 192.168.2.9 |
| Jan 10, 2025 21:41:07.407792091 CET | 49710 | 443 | 192.168.2.9 | 142.250.181.225 |
| Jan 10, 2025 21:41:07.412354946 CET | 443 | 49710 | 142.250.181.225 | 192.168.2.9 |
| Jan 10, 2025 21:41:07.412425041 CET | 49710 | 443 | 192.168.2.9 | 142.250.181.225 |
| Jan 10, 2025 21:41:07.412444115 CET | 443 | 49710 | 142.250.181.225 | 192.168.2.9 |
| Jan 10, 2025 21:41:07.412486076 CET | 49710 | 443 | 192.168.2.9 | 142.250.181.225 |
| Jan 10, 2025 21:41:07.416907072 CET | 443 | 49710 | 142.250.181.225 | 192.168.2.9 |
| Jan 10, 2025 21:41:07.416969061 CET | 49710 | 443 | 192.168.2.9 | 142.250.181.225 |
| Jan 10, 2025 21:41:07.416975975 CET | 443 | 49710 | 142.250.181.225 | 192.168.2.9 |
| Jan 10, 2025 21:41:07.417016029 CET | 49710 | 443 | 192.168.2.9 | 142.250.181.225 |
| Jan 10, 2025 21:41:07.421677113 CET | 443 | 49710 | 142.250.181.225 | 192.168.2.9 |
| Jan 10, 2025 21:41:07.421756029 CET | 49710 | 443 | 192.168.2.9 | 142.250.181.225 |
| Jan 10, 2025 21:41:07.421773911 CET | 443 | 49710 | 142.250.181.225 | 192.168.2.9 |
| Jan 10, 2025 21:41:07.421813965 CET | 49710 | 443 | 192.168.2.9 | 142.250.181.225 |
| Jan 10, 2025 21:41:07.425834894 CET | 443 | 49710 | 142.250.181.225 | 192.168.2.9 |
| Jan 10, 2025 21:41:07.425894022 CET | 49710 | 443 | 192.168.2.9 | 142.250.181.225 |
| Jan 10, 2025 21:41:07.425914049 CET | 443 | 49710 | 142.250.181.225 | 192.168.2.9 |
| Jan 10, 2025 21:41:07.425956011 CET | 49710 | 443 | 192.168.2.9 | 142.250.181.225 |
| Jan 10, 2025 21:41:07.425995111 CET | 443 | 49710 | 142.250.181.225 | 192.168.2.9 |
| Jan 10, 2025 21:41:07.426034927 CET | 49710 | 443 | 192.168.2.9 | 142.250.181.225 |
| Jan 10, 2025 21:41:07.426134109 CET | 443 | 49710 | 142.250.181.225 | 192.168.2.9 |
| Jan 10, 2025 21:41:07.426177025 CET | 49710 | 443 | 192.168.2.9 | 142.250.181.225 |
| Jan 10, 2025 21:41:07.426218033 CET | 443 | 49710 | 142.250.181.225 | 192.168.2.9 |
| Jan 10, 2025 21:41:07.426233053 CET | 49710 | 443 | 192.168.2.9 | 142.250.181.225 |
| Jan 10, 2025 21:41:07.426270008 CET | 49710 | 443 | 192.168.2.9 | 142.250.181.225 |
| Jan 10, 2025 21:41:07.426315069 CET | 49710 | 443 | 192.168.2.9 | 142.250.181.225 |
| Jan 10, 2025 21:41:08.044780970 CET | 49711 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:08.049757957 CET | 80 | 49711 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:41:08.049891949 CET | 49711 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:08.050080061 CET | 49711 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:08.054884911 CET | 80 | 49711 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:41:10.179828882 CET | 80 | 49711 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:41:10.190351009 CET | 49711 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:10.195159912 CET | 80 | 49711 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:41:10.627417088 CET | 80 | 49711 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:41:10.679332018 CET | 49711 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:10.906347036 CET | 49713 | 443 | 192.168.2.9 | 104.21.48.1 |
| Jan 10, 2025 21:41:10.906404018 CET | 443 | 49713 | 104.21.48.1 | 192.168.2.9 |
| Jan 10, 2025 21:41:10.906478882 CET | 49713 | 443 | 192.168.2.9 | 104.21.48.1 |
| Jan 10, 2025 21:41:10.908660889 CET | 49713 | 443 | 192.168.2.9 | 104.21.48.1 |
| Jan 10, 2025 21:41:10.908683062 CET | 443 | 49713 | 104.21.48.1 | 192.168.2.9 |
| Jan 10, 2025 21:41:11.399089098 CET | 443 | 49713 | 104.21.48.1 | 192.168.2.9 |
| Jan 10, 2025 21:41:11.399239063 CET | 49713 | 443 | 192.168.2.9 | 104.21.48.1 |
| Jan 10, 2025 21:41:11.402688026 CET | 49713 | 443 | 192.168.2.9 | 104.21.48.1 |
| Jan 10, 2025 21:41:11.402704000 CET | 443 | 49713 | 104.21.48.1 | 192.168.2.9 |
| Jan 10, 2025 21:41:11.403482914 CET | 443 | 49713 | 104.21.48.1 | 192.168.2.9 |
| Jan 10, 2025 21:41:11.407344103 CET | 49713 | 443 | 192.168.2.9 | 104.21.48.1 |
| Jan 10, 2025 21:41:11.451335907 CET | 443 | 49713 | 104.21.48.1 | 192.168.2.9 |
| Jan 10, 2025 21:41:11.538594961 CET | 443 | 49713 | 104.21.48.1 | 192.168.2.9 |
| Jan 10, 2025 21:41:11.538665056 CET | 443 | 49713 | 104.21.48.1 | 192.168.2.9 |
| Jan 10, 2025 21:41:11.538783073 CET | 49713 | 443 | 192.168.2.9 | 104.21.48.1 |
| Jan 10, 2025 21:41:11.544281960 CET | 49713 | 443 | 192.168.2.9 | 104.21.48.1 |
| Jan 10, 2025 21:41:17.038228035 CET | 49711 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:17.042984962 CET | 80 | 49711 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:41:17.319858074 CET | 80 | 49711 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:41:17.331320047 CET | 49740 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:17.331356049 CET | 443 | 49740 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:17.331612110 CET | 49740 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:17.332081079 CET | 49740 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:17.332097054 CET | 443 | 49740 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:17.366601944 CET | 49711 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:17.951756954 CET | 443 | 49740 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:17.951870918 CET | 49740 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:17.953694105 CET | 49740 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:17.953710079 CET | 443 | 49740 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:17.953993082 CET | 443 | 49740 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:17.955419064 CET | 49740 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:17.999335051 CET | 443 | 49740 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:17.999440908 CET | 49740 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:17.999454021 CET | 443 | 49740 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:18.295738935 CET | 443 | 49740 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:18.295828104 CET | 443 | 49740 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:18.295908928 CET | 49740 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:18.299653053 CET | 49740 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:18.713794947 CET | 49711 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:18.715055943 CET | 49750 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:18.718931913 CET | 80 | 49711 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:41:18.720299006 CET | 49711 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:18.720726967 CET | 80 | 49750 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:41:18.720794916 CET | 49750 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:18.720920086 CET | 49750 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:18.726452112 CET | 80 | 49750 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:41:19.564111948 CET | 80 | 49750 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:41:19.565737963 CET | 49757 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:19.565789938 CET | 443 | 49757 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:19.565887928 CET | 49757 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:19.566651106 CET | 49757 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:19.566668987 CET | 443 | 49757 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:19.616728067 CET | 49750 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:20.219285965 CET | 443 | 49757 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:20.221435070 CET | 49757 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:20.221447945 CET | 443 | 49757 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:20.221560001 CET | 49757 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:20.221565008 CET | 443 | 49757 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:20.550263882 CET | 443 | 49757 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:20.550337076 CET | 443 | 49757 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:20.550425053 CET | 49757 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:20.550838947 CET | 49757 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:20.555567026 CET | 49763 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:20.560374022 CET | 80 | 49763 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:41:20.560465097 CET | 49763 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:20.560574055 CET | 49763 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:20.565305948 CET | 80 | 49763 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:41:21.444427967 CET | 80 | 49763 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:41:21.445830107 CET | 49769 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:21.445873022 CET | 443 | 49769 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:21.446079016 CET | 49769 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:21.446273088 CET | 49769 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:21.446289062 CET | 443 | 49769 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:21.491581917 CET | 49763 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:22.078156948 CET | 443 | 49769 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:22.080153942 CET | 49769 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:22.080173016 CET | 443 | 49769 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:22.080234051 CET | 49769 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:22.080245018 CET | 443 | 49769 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:22.414050102 CET | 443 | 49769 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:22.414130926 CET | 443 | 49769 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:22.414247036 CET | 49769 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:22.414664984 CET | 49769 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:22.417933941 CET | 49763 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:22.418999910 CET | 49775 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:22.422847033 CET | 80 | 49763 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:41:22.422914028 CET | 49763 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:22.423794985 CET | 80 | 49775 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:41:22.423856020 CET | 49775 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:22.423968077 CET | 49775 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:22.428770065 CET | 80 | 49775 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:41:23.232569933 CET | 80 | 49775 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:41:23.233839989 CET | 49782 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:23.233870983 CET | 443 | 49782 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:23.233943939 CET | 49782 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:23.234240055 CET | 49782 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:23.234255075 CET | 443 | 49782 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:23.272840977 CET | 49775 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:23.899389029 CET | 443 | 49782 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:23.901273966 CET | 49782 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:23.901288986 CET | 443 | 49782 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:23.902337074 CET | 49782 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:23.902343988 CET | 443 | 49782 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:24.243213892 CET | 443 | 49782 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:24.243298054 CET | 443 | 49782 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:24.243403912 CET | 49782 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:24.244899988 CET | 49782 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:24.246926069 CET | 49775 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:24.247972965 CET | 49792 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:24.251889944 CET | 80 | 49775 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:41:24.251981020 CET | 49775 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:24.252816916 CET | 80 | 49792 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:41:24.252924919 CET | 49792 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:24.253156900 CET | 49792 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:24.257958889 CET | 80 | 49792 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:41:25.113312006 CET | 80 | 49792 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:41:25.115000963 CET | 49798 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:25.115061045 CET | 443 | 49798 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:25.115154982 CET | 49798 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:25.115459919 CET | 49798 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:25.115478039 CET | 443 | 49798 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:25.163752079 CET | 49792 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:25.752176046 CET | 443 | 49798 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:25.754344940 CET | 49798 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:25.754371881 CET | 443 | 49798 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:25.754441023 CET | 49798 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:25.754450083 CET | 443 | 49798 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:26.308253050 CET | 443 | 49798 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:26.308345079 CET | 443 | 49798 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:26.308418989 CET | 49798 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:26.308866024 CET | 49798 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:26.312591076 CET | 49792 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:26.313631058 CET | 49804 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:26.317842960 CET | 80 | 49792 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:41:26.318032026 CET | 49792 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:26.318542957 CET | 80 | 49804 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:41:26.318614006 CET | 49804 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:26.318744898 CET | 49804 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:26.323688030 CET | 80 | 49804 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:41:27.155415058 CET | 80 | 49804 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:41:27.157305956 CET | 49811 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:27.157366991 CET | 443 | 49811 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:27.157450914 CET | 49811 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:27.157799006 CET | 49811 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:27.157814980 CET | 443 | 49811 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:27.210422039 CET | 49804 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:27.818892956 CET | 443 | 49811 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:27.821190119 CET | 49811 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:27.821213007 CET | 443 | 49811 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:27.821291924 CET | 49811 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:27.821302891 CET | 443 | 49811 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:28.116904974 CET | 443 | 49811 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:28.117125034 CET | 443 | 49811 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:28.117189884 CET | 49811 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:28.117484093 CET | 49811 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:28.120760918 CET | 49804 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:28.121686935 CET | 49820 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:28.125720978 CET | 80 | 49804 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:41:28.125812054 CET | 49804 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:28.126466036 CET | 80 | 49820 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:41:28.126554012 CET | 49820 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:28.126822948 CET | 49820 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:28.131551027 CET | 80 | 49820 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:41:28.982959032 CET | 80 | 49820 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:41:28.984250069 CET | 49827 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:28.984306097 CET | 443 | 49827 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:28.984386921 CET | 49827 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:28.984782934 CET | 49827 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:28.984798908 CET | 443 | 49827 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:29.038481951 CET | 49820 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:29.649374962 CET | 443 | 49827 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:29.650975943 CET | 49827 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:29.651010990 CET | 443 | 49827 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:29.651066065 CET | 49827 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:29.651076078 CET | 443 | 49827 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:29.905714035 CET | 443 | 49827 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:29.905798912 CET | 443 | 49827 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:29.905927896 CET | 49827 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:29.906438112 CET | 49827 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:29.910214901 CET | 49820 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:29.911444902 CET | 49833 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:29.915169954 CET | 80 | 49820 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:41:29.915322065 CET | 49820 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:29.916274071 CET | 80 | 49833 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:41:29.916517019 CET | 49833 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:29.916517019 CET | 49833 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:29.921374083 CET | 80 | 49833 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:41:30.747426033 CET | 80 | 49833 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:41:30.748826981 CET | 49839 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:30.748869896 CET | 443 | 49839 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:30.748939037 CET | 49839 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:30.749304056 CET | 49839 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:30.749316931 CET | 443 | 49839 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:30.788479090 CET | 49833 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:31.370058060 CET | 443 | 49839 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:31.373018026 CET | 49839 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:31.373040915 CET | 443 | 49839 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:31.373352051 CET | 49839 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:31.373358011 CET | 443 | 49839 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:31.772351027 CET | 443 | 49839 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:31.772434950 CET | 443 | 49839 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:31.772715092 CET | 49839 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:31.773044109 CET | 49839 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:31.776349068 CET | 49833 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:31.777510881 CET | 49846 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:31.781281948 CET | 80 | 49833 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:41:31.781389952 CET | 49833 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:31.782308102 CET | 80 | 49846 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:41:31.782437086 CET | 49846 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:31.782521009 CET | 49846 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:31.787285089 CET | 80 | 49846 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:41:32.627525091 CET | 80 | 49846 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:41:32.629067898 CET | 49853 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:32.629105091 CET | 443 | 49853 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:32.629268885 CET | 49853 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:32.629477024 CET | 49853 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:32.629487038 CET | 443 | 49853 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:32.679169893 CET | 49846 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:33.255597115 CET | 443 | 49853 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:33.258011103 CET | 49853 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:33.258030891 CET | 443 | 49853 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:33.258217096 CET | 49853 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:33.258223057 CET | 443 | 49853 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:33.621393919 CET | 443 | 49853 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:33.621476889 CET | 443 | 49853 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:33.621555090 CET | 49853 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:33.622726917 CET | 49853 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:33.624743938 CET | 49846 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:33.626013994 CET | 49860 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:33.629688025 CET | 80 | 49846 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:41:33.629759073 CET | 49846 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:33.630888939 CET | 80 | 49860 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:41:33.630953074 CET | 49860 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:33.631115913 CET | 49860 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:33.635850906 CET | 80 | 49860 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:41:34.435841084 CET | 80 | 49860 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:41:34.437100887 CET | 49865 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:34.437139988 CET | 443 | 49865 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:34.437217951 CET | 49865 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:34.437480927 CET | 49865 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:34.437494993 CET | 443 | 49865 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:34.491622925 CET | 49860 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:35.077043056 CET | 443 | 49865 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:35.078672886 CET | 49865 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:35.078707933 CET | 443 | 49865 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:35.078768015 CET | 49865 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:35.078778982 CET | 443 | 49865 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:35.475795031 CET | 443 | 49865 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:35.475883007 CET | 443 | 49865 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:35.475936890 CET | 49865 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:35.476366997 CET | 49865 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:35.479499102 CET | 49860 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:35.481152058 CET | 49871 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:35.484694958 CET | 80 | 49860 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:41:35.484766006 CET | 49860 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:35.486030102 CET | 80 | 49871 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:41:35.486218929 CET | 49871 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:35.486218929 CET | 49871 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:35.491036892 CET | 80 | 49871 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:41:36.386353970 CET | 80 | 49871 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:41:36.387816906 CET | 49877 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:36.387873888 CET | 443 | 49877 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:36.387953997 CET | 49877 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:36.388259888 CET | 49877 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:36.388276100 CET | 443 | 49877 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:36.429163933 CET | 49871 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:37.003693104 CET | 443 | 49877 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:37.005363941 CET | 49877 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:37.005393028 CET | 443 | 49877 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:37.005523920 CET | 49877 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:37.005530119 CET | 443 | 49877 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:37.262103081 CET | 443 | 49877 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:37.262406111 CET | 443 | 49877 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:37.262475014 CET | 49877 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:37.262741089 CET | 49877 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:37.266856909 CET | 49871 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:37.268197060 CET | 49884 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:37.273026943 CET | 80 | 49884 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:41:37.273091078 CET | 49884 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:37.273180008 CET | 49884 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:37.277957916 CET | 80 | 49884 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:41:37.286305904 CET | 80 | 49871 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:41:37.286386013 CET | 49871 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:38.117928982 CET | 80 | 49884 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:41:38.119961023 CET | 49890 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:38.120017052 CET | 443 | 49890 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:38.120115995 CET | 49890 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:38.120388985 CET | 49890 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:38.120407104 CET | 443 | 49890 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:38.163501978 CET | 49884 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:38.756692886 CET | 443 | 49890 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:38.758919001 CET | 49890 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:38.758939028 CET | 443 | 49890 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:38.759030104 CET | 49890 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:38.759035110 CET | 443 | 49890 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:39.030203104 CET | 443 | 49890 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:39.030287981 CET | 443 | 49890 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:39.030338049 CET | 49890 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:39.030689955 CET | 49890 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:39.034212112 CET | 49884 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:39.039202929 CET | 80 | 49884 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:41:39.039246082 CET | 49898 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:39.039269924 CET | 49884 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:39.044080973 CET | 80 | 49898 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:41:39.044161081 CET | 49898 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:39.048686981 CET | 49898 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:39.053472996 CET | 80 | 49898 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:41:39.889874935 CET | 80 | 49898 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:41:39.891071081 CET | 49905 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:39.891115904 CET | 443 | 49905 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:39.891232967 CET | 49905 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:39.891587973 CET | 49905 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:39.891604900 CET | 443 | 49905 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:39.944811106 CET | 49898 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:40.505352020 CET | 443 | 49905 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:40.507098913 CET | 49905 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:40.507110119 CET | 443 | 49905 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:40.507335901 CET | 49905 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:40.507349014 CET | 443 | 49905 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:40.936034918 CET | 443 | 49905 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:40.936125040 CET | 443 | 49905 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:40.936424971 CET | 49905 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:40.936659098 CET | 49905 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:40.939572096 CET | 49898 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:40.940754890 CET | 49912 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:40.945647955 CET | 80 | 49898 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:41:40.945769072 CET | 49898 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:40.946731091 CET | 80 | 49912 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:41:40.946892023 CET | 49912 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:40.946892023 CET | 49912 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:40.952836990 CET | 80 | 49912 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:41:41.827558994 CET | 80 | 49912 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:41:41.828829050 CET | 49919 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:41.828862906 CET | 443 | 49919 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:41.828931093 CET | 49919 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:41.829257011 CET | 49919 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:41.829267025 CET | 443 | 49919 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:41.882349968 CET | 49912 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:42.453913927 CET | 443 | 49919 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:42.455708981 CET | 49919 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:42.455782890 CET | 443 | 49919 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:42.455846071 CET | 49919 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:42.455871105 CET | 443 | 49919 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:42.794537067 CET | 443 | 49919 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:42.794621944 CET | 443 | 49919 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:42.794717073 CET | 49919 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:42.795136929 CET | 49919 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:42.798664093 CET | 49912 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:42.799791098 CET | 49925 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:42.803870916 CET | 80 | 49912 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:41:42.804043055 CET | 49912 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:42.804692984 CET | 80 | 49925 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:41:42.804750919 CET | 49925 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:42.804886103 CET | 49925 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:42.809643030 CET | 80 | 49925 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:41:43.640191078 CET | 80 | 49925 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:41:43.647059917 CET | 49930 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:43.647106886 CET | 443 | 49930 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:43.647192001 CET | 49930 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:43.655545950 CET | 49930 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:43.655585051 CET | 443 | 49930 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:43.694798946 CET | 49925 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:44.378536940 CET | 443 | 49930 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:44.380114079 CET | 49930 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:44.380131006 CET | 443 | 49930 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:44.380177975 CET | 49930 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:44.380188942 CET | 443 | 49930 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:44.714180946 CET | 443 | 49930 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:44.714247942 CET | 443 | 49930 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:44.714498997 CET | 49930 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:44.714806080 CET | 49930 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:44.717835903 CET | 49925 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:44.719067097 CET | 49937 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:44.722821951 CET | 80 | 49925 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:41:44.722887993 CET | 49925 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:44.723844051 CET | 80 | 49937 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:41:44.724029064 CET | 49937 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:44.724029064 CET | 49937 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:44.728869915 CET | 80 | 49937 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:41:45.908823967 CET | 80 | 49937 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:41:45.910046101 CET | 49946 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:45.910103083 CET | 443 | 49946 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:45.910226107 CET | 49946 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:45.910645008 CET | 49946 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:45.910666943 CET | 443 | 49946 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:45.960429907 CET | 49937 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:46.550931931 CET | 443 | 49946 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:46.566801071 CET | 49946 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:46.566828966 CET | 443 | 49946 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:46.566905975 CET | 49946 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:46.566914082 CET | 443 | 49946 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:47.640085936 CET | 443 | 49946 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:47.640137911 CET | 443 | 49946 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:47.640376091 CET | 49946 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:47.640870094 CET | 49946 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:47.644108057 CET | 49937 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:47.644706964 CET | 49952 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:47.650289059 CET | 80 | 49952 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:41:47.652956963 CET | 49952 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:47.656416893 CET | 49952 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:47.657730103 CET | 80 | 49937 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:41:47.657825947 CET | 49937 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:47.661185980 CET | 80 | 49952 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:41:48.755964994 CET | 80 | 49952 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:41:48.757460117 CET | 49962 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:48.757491112 CET | 443 | 49962 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:48.757554054 CET | 49962 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:48.757894039 CET | 49962 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:48.757905006 CET | 443 | 49962 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:48.804207087 CET | 49952 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:49.397973061 CET | 443 | 49962 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:49.400182009 CET | 49962 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:49.400207996 CET | 443 | 49962 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:49.400490046 CET | 49962 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:49.400500059 CET | 443 | 49962 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:49.647073984 CET | 443 | 49962 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:49.647188902 CET | 443 | 49962 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:49.647258043 CET | 49962 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:49.647737026 CET | 49962 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:49.650878906 CET | 49952 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:49.652040005 CET | 49968 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:49.655827999 CET | 80 | 49952 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:41:49.655886889 CET | 49952 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:49.656866074 CET | 80 | 49968 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:41:49.656933069 CET | 49968 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:49.657025099 CET | 49968 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:49.661792040 CET | 80 | 49968 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:41:50.470134974 CET | 80 | 49968 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:41:50.471539021 CET | 49973 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:50.471585989 CET | 443 | 49973 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:50.471652031 CET | 49973 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:50.472048044 CET | 49973 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:50.472065926 CET | 443 | 49973 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:50.522934914 CET | 49968 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:51.082701921 CET | 443 | 49973 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:51.084408045 CET | 49973 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:51.084428072 CET | 443 | 49973 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:51.084518909 CET | 49973 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:51.084523916 CET | 443 | 49973 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:51.526190042 CET | 443 | 49973 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:51.526289940 CET | 443 | 49973 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:51.526335955 CET | 49973 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:51.526846886 CET | 49973 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:51.532082081 CET | 49968 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:51.533849955 CET | 49981 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:51.537055016 CET | 80 | 49968 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:41:51.537111044 CET | 49968 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:51.538633108 CET | 80 | 49981 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:41:51.538743019 CET | 49981 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:51.540098906 CET | 49981 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:51.544915915 CET | 80 | 49981 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:41:52.380743027 CET | 80 | 49981 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:41:52.382080078 CET | 49988 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:52.382138014 CET | 443 | 49988 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:52.382205009 CET | 49988 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:52.382522106 CET | 49988 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:52.382538080 CET | 443 | 49988 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:52.429270983 CET | 49981 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:52.986608028 CET | 443 | 49988 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:52.988408089 CET | 49988 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:52.988418102 CET | 443 | 49988 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:52.988476992 CET | 49988 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:52.988485098 CET | 443 | 49988 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:53.376559973 CET | 443 | 49988 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:53.376641989 CET | 443 | 49988 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:53.376811028 CET | 49988 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:53.377234936 CET | 49988 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:53.380752087 CET | 49981 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:53.381429911 CET | 49995 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:53.385791063 CET | 80 | 49981 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:41:53.386213064 CET | 80 | 49995 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:41:53.386287928 CET | 49981 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:53.386315107 CET | 49995 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:53.386478901 CET | 49995 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:53.391222954 CET | 80 | 49995 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:41:54.219739914 CET | 80 | 49995 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:41:54.221095085 CET | 50001 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:54.221143961 CET | 443 | 50001 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:54.221216917 CET | 50001 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:54.221498966 CET | 50001 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:54.221519947 CET | 443 | 50001 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:54.272968054 CET | 49995 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:54.833764076 CET | 443 | 50001 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:54.843195915 CET | 50001 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:54.843226910 CET | 443 | 50001 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:54.843285084 CET | 50001 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:54.843296051 CET | 443 | 50001 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:55.154045105 CET | 443 | 50001 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:55.154125929 CET | 443 | 50001 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:55.154180050 CET | 50001 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:55.154541969 CET | 50001 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:55.157998085 CET | 49995 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:55.159280062 CET | 50008 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:55.162967920 CET | 80 | 49995 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:41:55.163023949 CET | 49995 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:55.164060116 CET | 80 | 50008 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:41:55.164122105 CET | 50008 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:55.164277077 CET | 50008 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:55.168989897 CET | 80 | 50008 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:41:56.004151106 CET | 80 | 50008 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:41:56.008688927 CET | 50014 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:56.008729935 CET | 443 | 50014 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:56.010838985 CET | 50014 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:56.011135101 CET | 50014 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:56.011149883 CET | 443 | 50014 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:56.054194927 CET | 50008 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:56.645057917 CET | 443 | 50014 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:56.646806002 CET | 50014 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:56.646816015 CET | 443 | 50014 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:56.646891117 CET | 50014 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:56.646900892 CET | 443 | 50014 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:56.893575907 CET | 443 | 50014 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:56.893644094 CET | 443 | 50014 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:56.893691063 CET | 50014 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:56.894061089 CET | 50014 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:56.897334099 CET | 50008 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:56.897972107 CET | 50021 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:56.902220011 CET | 80 | 50008 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:41:56.902291059 CET | 50008 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:56.902759075 CET | 80 | 50021 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:41:56.902822018 CET | 50021 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:56.902923107 CET | 50021 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:56.907676935 CET | 80 | 50021 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:41:57.748101950 CET | 80 | 50021 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:41:57.749735117 CET | 50022 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:57.749777079 CET | 443 | 50022 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:57.749924898 CET | 50022 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:57.750593901 CET | 50022 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:57.750611067 CET | 443 | 50022 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:57.788552046 CET | 50021 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:58.408885002 CET | 443 | 50022 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:58.410641909 CET | 50022 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:58.410657883 CET | 443 | 50022 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:58.410757065 CET | 50022 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:58.410762072 CET | 443 | 50022 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:58.883096933 CET | 443 | 50022 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:58.883193970 CET | 443 | 50022 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:58.883574009 CET | 50022 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:58.883795977 CET | 50022 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:58.886930943 CET | 50021 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:58.888102055 CET | 50023 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:58.891927958 CET | 80 | 50021 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:41:58.892025948 CET | 50021 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:58.892865896 CET | 80 | 50023 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:41:58.892946959 CET | 50023 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:58.893111944 CET | 50023 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:41:58.898372889 CET | 80 | 50023 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:41:59.822940111 CET | 80 | 50023 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:41:59.824271917 CET | 50024 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:59.824326992 CET | 443 | 50024 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:59.824413061 CET | 50024 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:59.824755907 CET | 50024 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:41:59.824773073 CET | 443 | 50024 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:41:59.866717100 CET | 50023 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:42:00.460416079 CET | 443 | 50024 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:42:00.462094069 CET | 50024 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:42:00.462133884 CET | 443 | 50024 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:42:00.462182999 CET | 50024 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:42:00.462191105 CET | 443 | 50024 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:42:00.709445000 CET | 443 | 50024 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:42:00.709536076 CET | 443 | 50024 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:42:00.709618092 CET | 50024 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:42:00.710133076 CET | 50024 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:42:00.713121891 CET | 50023 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:42:00.714291096 CET | 50025 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:42:00.718683004 CET | 80 | 50023 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:42:00.718775034 CET | 50023 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:42:00.719762087 CET | 80 | 50025 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:42:00.719877958 CET | 50025 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:42:00.720055103 CET | 50025 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:42:00.725796938 CET | 80 | 50025 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:42:02.217138052 CET | 80 | 50025 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:42:02.222345114 CET | 50026 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:42:02.222398043 CET | 443 | 50026 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:42:02.222457886 CET | 50026 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:42:02.222812891 CET | 50026 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:42:02.222822905 CET | 443 | 50026 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:42:02.272969007 CET | 50025 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:42:02.829886913 CET | 443 | 50026 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:42:02.831707954 CET | 50026 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:42:02.831774950 CET | 443 | 50026 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:42:02.831837893 CET | 50026 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:42:02.831859112 CET | 443 | 50026 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:42:03.304996014 CET | 443 | 50026 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:42:03.307559967 CET | 443 | 50026 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:42:03.307629108 CET | 50026 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:42:03.308073997 CET | 50026 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:42:03.311326981 CET | 50025 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:42:03.312346935 CET | 50027 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:42:03.316345930 CET | 80 | 50025 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:42:03.316412926 CET | 50025 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:42:03.317166090 CET | 80 | 50027 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:42:03.317225933 CET | 50027 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:42:03.317325115 CET | 50027 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:42:03.322103977 CET | 80 | 50027 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:42:04.154455900 CET | 80 | 50027 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:42:04.156013966 CET | 50028 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:42:04.156064987 CET | 443 | 50028 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:42:04.156156063 CET | 50028 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:42:04.156579971 CET | 50028 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:42:04.156594992 CET | 443 | 50028 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:42:04.194948912 CET | 50027 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:42:04.797461987 CET | 443 | 50028 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:42:04.799295902 CET | 50028 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:42:04.799324989 CET | 443 | 50028 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:42:04.799376011 CET | 50028 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:42:04.799384117 CET | 443 | 50028 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:42:05.344127893 CET | 443 | 50028 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:42:05.344224930 CET | 443 | 50028 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:42:05.344345093 CET | 50028 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:42:05.344777107 CET | 50028 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:42:05.348279953 CET | 50027 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:42:05.349452972 CET | 50029 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:42:05.353859901 CET | 80 | 50027 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:42:05.354000092 CET | 50027 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:42:05.354293108 CET | 80 | 50029 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:42:05.354388952 CET | 50029 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:42:05.354499102 CET | 50029 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:42:05.359323025 CET | 80 | 50029 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:42:06.380877018 CET | 80 | 50029 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:42:06.382162094 CET | 50030 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:42:06.382215023 CET | 443 | 50030 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:42:06.382334948 CET | 50030 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:42:06.382767916 CET | 50030 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:42:06.382781029 CET | 443 | 50030 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:42:06.429229021 CET | 50029 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:42:07.006601095 CET | 443 | 50030 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:42:07.009162903 CET | 50030 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:42:07.009186983 CET | 443 | 50030 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:42:07.009253025 CET | 50030 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:42:07.009260893 CET | 443 | 50030 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:42:07.250453949 CET | 443 | 50030 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:42:07.250547886 CET | 443 | 50030 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:42:07.250626087 CET | 50030 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:42:07.253832102 CET | 50030 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:42:07.289598942 CET | 50029 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:42:07.294516087 CET | 80 | 50029 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:42:07.294622898 CET | 50029 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:42:07.300981998 CET | 50031 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:42:07.305792093 CET | 80 | 50031 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:42:07.305896997 CET | 50031 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:42:07.306477070 CET | 50031 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:42:07.311177969 CET | 80 | 50031 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:42:08.975754976 CET | 80 | 50031 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:42:08.976102114 CET | 80 | 50031 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:42:08.976309061 CET | 50031 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:42:08.976408005 CET | 80 | 50031 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:42:08.977075100 CET | 50031 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:42:08.977076054 CET | 50031 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:42:08.978781939 CET | 50032 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:42:08.978822947 CET | 443 | 50032 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:42:08.979244947 CET | 50032 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:42:08.979244947 CET | 50032 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:42:08.979273081 CET | 443 | 50032 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:42:08.982351065 CET | 80 | 50031 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:42:08.982820034 CET | 50031 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:42:09.618999958 CET | 443 | 50032 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:42:09.620995998 CET | 50032 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:42:09.621014118 CET | 443 | 50032 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:42:09.621061087 CET | 50032 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:42:09.621068001 CET | 443 | 50032 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:42:09.956157923 CET | 443 | 50032 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:42:09.956252098 CET | 443 | 50032 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:42:09.956314087 CET | 50032 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:42:10.003516912 CET | 50032 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:42:10.008671045 CET | 50033 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:42:10.013756037 CET | 80 | 50033 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:42:10.013864040 CET | 50033 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:42:10.014390945 CET | 50033 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:42:10.019233942 CET | 80 | 50033 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:42:10.871510983 CET | 80 | 50033 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:42:10.872766018 CET | 50034 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:42:10.872819901 CET | 443 | 50034 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:42:10.872880936 CET | 50034 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:42:10.873150110 CET | 50034 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:42:10.873166084 CET | 443 | 50034 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:42:10.913558960 CET | 50033 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:42:11.532707930 CET | 443 | 50034 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:42:11.534563065 CET | 50034 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:42:11.534590960 CET | 443 | 50034 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:42:11.534688950 CET | 50034 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:42:11.534696102 CET | 443 | 50034 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:42:11.868375063 CET | 443 | 50034 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:42:11.868465900 CET | 443 | 50034 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:42:11.868567944 CET | 50034 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:42:11.869158983 CET | 50034 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:42:11.871681929 CET | 50033 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:42:11.872935057 CET | 50035 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:42:11.876705885 CET | 80 | 50033 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:42:11.877060890 CET | 50033 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:42:11.877705097 CET | 80 | 50035 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:42:11.877785921 CET | 50035 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:42:11.878213882 CET | 50035 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:42:11.883060932 CET | 80 | 50035 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:42:13.090872049 CET | 80 | 50035 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:42:13.092283964 CET | 50036 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:42:13.092340946 CET | 443 | 50036 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:42:13.092420101 CET | 50036 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:42:13.092713118 CET | 50036 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:42:13.092729092 CET | 443 | 50036 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:42:13.132415056 CET | 50035 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:42:13.711035013 CET | 443 | 50036 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:42:13.712809086 CET | 50036 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:42:13.712843895 CET | 443 | 50036 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:42:13.712992907 CET | 50036 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:42:13.713000059 CET | 443 | 50036 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:42:13.974138021 CET | 443 | 50036 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:42:13.974261999 CET | 443 | 50036 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:42:13.974349976 CET | 50036 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:42:13.974786997 CET | 50036 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:42:13.979644060 CET | 50037 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:42:13.984472036 CET | 80 | 50037 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:42:13.984575033 CET | 50037 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:42:13.984704018 CET | 50037 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:42:13.989439011 CET | 80 | 50037 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:42:14.813391924 CET | 80 | 50037 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:42:14.814799070 CET | 50038 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:42:14.814825058 CET | 443 | 50038 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:42:14.814980030 CET | 50038 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:42:14.815201998 CET | 50038 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:42:14.815212011 CET | 443 | 50038 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:42:14.866772890 CET | 50037 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:42:15.427823067 CET | 443 | 50038 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:42:15.429642916 CET | 50038 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:42:15.429672003 CET | 443 | 50038 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:42:15.429729939 CET | 50038 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:42:15.429738998 CET | 443 | 50038 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:42:15.775634050 CET | 443 | 50038 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:42:15.775718927 CET | 443 | 50038 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:42:15.775849104 CET | 50038 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:42:15.776391983 CET | 50038 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:42:15.779865980 CET | 50037 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:42:15.780585051 CET | 50039 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:42:15.784857988 CET | 80 | 50037 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:42:15.784957886 CET | 50037 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:42:15.785347939 CET | 80 | 50039 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:42:15.785418034 CET | 50039 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:42:15.785559893 CET | 50039 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:42:15.790322065 CET | 80 | 50039 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:42:16.615860939 CET | 80 | 50039 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:42:16.623238087 CET | 50040 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:42:16.623281002 CET | 443 | 50040 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:42:16.623306036 CET | 50035 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:42:16.623358011 CET | 50040 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:42:16.623743057 CET | 49750 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:42:16.623826027 CET | 50040 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:42:16.623842955 CET | 443 | 50040 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:42:16.663578987 CET | 50039 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:42:17.257731915 CET | 443 | 50040 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:42:17.260262966 CET | 50040 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:42:17.260276079 CET | 443 | 50040 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:42:17.260325909 CET | 50040 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:42:17.260332108 CET | 443 | 50040 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:42:17.647079945 CET | 443 | 50040 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:42:17.647161961 CET | 443 | 50040 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:42:17.647325039 CET | 50040 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:42:17.648277998 CET | 50040 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:42:17.651798964 CET | 50039 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:42:17.653079987 CET | 50041 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:42:17.656824112 CET | 80 | 50039 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:42:17.656905890 CET | 50039 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:42:17.657857895 CET | 80 | 50041 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:42:17.657943010 CET | 50041 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:42:17.658076048 CET | 50041 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:42:17.662832975 CET | 80 | 50041 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:42:19.500050068 CET | 80 | 50041 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:42:19.507417917 CET | 50042 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:42:19.507462978 CET | 443 | 50042 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:42:19.507819891 CET | 50042 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:42:19.507819891 CET | 50042 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:42:19.507858992 CET | 443 | 50042 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:42:19.554203987 CET | 50041 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:42:20.134785891 CET | 443 | 50042 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:42:20.136687040 CET | 50042 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:42:20.136714935 CET | 443 | 50042 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:42:20.136779070 CET | 50042 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:42:20.136785030 CET | 443 | 50042 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:42:20.575767040 CET | 443 | 50042 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:42:20.575870037 CET | 443 | 50042 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:42:20.575948954 CET | 50042 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:42:20.576462030 CET | 50042 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:42:20.579492092 CET | 50041 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:42:20.580657959 CET | 50043 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:42:20.584461927 CET | 80 | 50041 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:42:20.584539890 CET | 50041 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:42:20.585452080 CET | 80 | 50043 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:42:20.585520983 CET | 50043 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:42:20.585624933 CET | 50043 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:42:20.590475082 CET | 80 | 50043 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:42:21.412628889 CET | 80 | 50043 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:42:21.460448980 CET | 50043 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:42:24.342787027 CET | 50044 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:42:24.342837095 CET | 443 | 50044 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:42:24.343193054 CET | 50044 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:42:24.343194008 CET | 50044 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:42:24.343229055 CET | 443 | 50044 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:42:24.948487043 CET | 443 | 50044 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:42:24.950273991 CET | 50044 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:42:24.950299025 CET | 443 | 50044 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:42:24.950340033 CET | 50044 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:42:24.950351000 CET | 443 | 50044 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:42:25.228914976 CET | 443 | 50044 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:42:25.228996992 CET | 443 | 50044 | 149.154.167.220 | 192.168.2.9 |
| Jan 10, 2025 21:42:25.229037046 CET | 50044 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:42:25.229499102 CET | 50044 | 443 | 192.168.2.9 | 149.154.167.220 |
| Jan 10, 2025 21:42:25.234638929 CET | 50045 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:42:25.239454985 CET | 80 | 50045 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:42:25.239520073 CET | 50045 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:42:25.239631891 CET | 50045 | 80 | 192.168.2.9 | 132.226.8.169 |
| Jan 10, 2025 21:42:25.244362116 CET | 80 | 50045 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:42:26.085143089 CET | 80 | 50045 | 132.226.8.169 | 192.168.2.9 |
| Jan 10, 2025 21:42:26.132373095 CET | 50045 | 80 | 192.168.2.9 | 132.226.8.169 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Jan 10, 2025 21:41:01.925976992 CET | 60584 | 53 | 192.168.2.9 | 1.1.1.1 |
| Jan 10, 2025 21:41:01.932800055 CET | 53 | 60584 | 1.1.1.1 | 192.168.2.9 |
| Jan 10, 2025 21:41:04.111629009 CET | 51515 | 53 | 192.168.2.9 | 1.1.1.1 |
| Jan 10, 2025 21:41:04.118814945 CET | 53 | 51515 | 1.1.1.1 | 192.168.2.9 |
| Jan 10, 2025 21:41:08.032238960 CET | 58040 | 53 | 192.168.2.9 | 1.1.1.1 |
| Jan 10, 2025 21:41:08.040484905 CET | 53 | 58040 | 1.1.1.1 | 192.168.2.9 |
| Jan 10, 2025 21:41:10.894087076 CET | 63535 | 53 | 192.168.2.9 | 1.1.1.1 |
| Jan 10, 2025 21:41:10.905711889 CET | 53 | 63535 | 1.1.1.1 | 192.168.2.9 |
| Jan 10, 2025 21:41:17.323833942 CET | 61597 | 53 | 192.168.2.9 | 1.1.1.1 |
| Jan 10, 2025 21:41:17.330606937 CET | 53 | 61597 | 1.1.1.1 | 192.168.2.9 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Jan 10, 2025 21:41:01.925976992 CET | 192.168.2.9 | 1.1.1.1 | 0x9fd5 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Jan 10, 2025 21:41:04.111629009 CET | 192.168.2.9 | 1.1.1.1 | 0xe5f2 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Jan 10, 2025 21:41:08.032238960 CET | 192.168.2.9 | 1.1.1.1 | 0x7606 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Jan 10, 2025 21:41:10.894087076 CET | 192.168.2.9 | 1.1.1.1 | 0xf35e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Jan 10, 2025 21:41:17.323833942 CET | 192.168.2.9 | 1.1.1.1 | 0xaa89 | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Jan 10, 2025 21:41:01.932800055 CET | 1.1.1.1 | 192.168.2.9 | 0x9fd5 | No error (0) | 142.250.181.238 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 21:41:04.118814945 CET | 1.1.1.1 | 192.168.2.9 | 0xe5f2 | No error (0) | 142.250.181.225 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 21:41:08.040484905 CET | 1.1.1.1 | 192.168.2.9 | 0x7606 | No error (0) | checkip.dyndns.com | CNAME (Canonical name) | IN (0x0001) | false | ||
| Jan 10, 2025 21:41:08.040484905 CET | 1.1.1.1 | 192.168.2.9 | 0x7606 | No error (0) | 132.226.8.169 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 21:41:08.040484905 CET | 1.1.1.1 | 192.168.2.9 | 0x7606 | No error (0) | 158.101.44.242 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 21:41:08.040484905 CET | 1.1.1.1 | 192.168.2.9 | 0x7606 | No error (0) | 193.122.6.168 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 21:41:08.040484905 CET | 1.1.1.1 | 192.168.2.9 | 0x7606 | No error (0) | 132.226.247.73 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 21:41:08.040484905 CET | 1.1.1.1 | 192.168.2.9 | 0x7606 | No error (0) | 193.122.130.0 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 21:41:10.905711889 CET | 1.1.1.1 | 192.168.2.9 | 0xf35e | No error (0) | 104.21.48.1 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 21:41:10.905711889 CET | 1.1.1.1 | 192.168.2.9 | 0xf35e | No error (0) | 104.21.112.1 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 21:41:10.905711889 CET | 1.1.1.1 | 192.168.2.9 | 0xf35e | No error (0) | 104.21.64.1 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 21:41:10.905711889 CET | 1.1.1.1 | 192.168.2.9 | 0xf35e | No error (0) | 104.21.32.1 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 21:41:10.905711889 CET | 1.1.1.1 | 192.168.2.9 | 0xf35e | No error (0) | 104.21.80.1 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 21:41:10.905711889 CET | 1.1.1.1 | 192.168.2.9 | 0xf35e | No error (0) | 104.21.96.1 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 21:41:10.905711889 CET | 1.1.1.1 | 192.168.2.9 | 0xf35e | No error (0) | 104.21.16.1 | A (IP address) | IN (0x0001) | false | ||
| Jan 10, 2025 21:41:17.330606937 CET | 1.1.1.1 | 192.168.2.9 | 0xaa89 | No error (0) | 149.154.167.220 | A (IP address) | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.9 | 49711 | 132.226.8.169 | 80 | 4256 | C:\Users\user\Desktop\v4nrZtP7K2.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 21:41:08.050080061 CET | 151 | OUT | |
| Jan 10, 2025 21:41:10.179828882 CET | 273 | IN | |
| Jan 10, 2025 21:41:10.190351009 CET | 127 | OUT | |
| Jan 10, 2025 21:41:10.627417088 CET | 273 | IN | |
| Jan 10, 2025 21:41:17.038228035 CET | 127 | OUT | |
| Jan 10, 2025 21:41:17.319858074 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.9 | 49750 | 132.226.8.169 | 80 | 4256 | C:\Users\user\Desktop\v4nrZtP7K2.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 21:41:18.720920086 CET | 127 | OUT | |
| Jan 10, 2025 21:41:19.564111948 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 2 | 192.168.2.9 | 49763 | 132.226.8.169 | 80 | 4256 | C:\Users\user\Desktop\v4nrZtP7K2.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 21:41:20.560574055 CET | 151 | OUT | |
| Jan 10, 2025 21:41:21.444427967 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 3 | 192.168.2.9 | 49775 | 132.226.8.169 | 80 | 4256 | C:\Users\user\Desktop\v4nrZtP7K2.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 21:41:22.423968077 CET | 151 | OUT | |
| Jan 10, 2025 21:41:23.232569933 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 4 | 192.168.2.9 | 49792 | 132.226.8.169 | 80 | 4256 | C:\Users\user\Desktop\v4nrZtP7K2.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 21:41:24.253156900 CET | 151 | OUT | |
| Jan 10, 2025 21:41:25.113312006 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 5 | 192.168.2.9 | 49804 | 132.226.8.169 | 80 | 4256 | C:\Users\user\Desktop\v4nrZtP7K2.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 21:41:26.318744898 CET | 151 | OUT | |
| Jan 10, 2025 21:41:27.155415058 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 6 | 192.168.2.9 | 49820 | 132.226.8.169 | 80 | 4256 | C:\Users\user\Desktop\v4nrZtP7K2.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 21:41:28.126822948 CET | 151 | OUT | |
| Jan 10, 2025 21:41:28.982959032 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 7 | 192.168.2.9 | 49833 | 132.226.8.169 | 80 | 4256 | C:\Users\user\Desktop\v4nrZtP7K2.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 21:41:29.916517019 CET | 151 | OUT | |
| Jan 10, 2025 21:41:30.747426033 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 8 | 192.168.2.9 | 49846 | 132.226.8.169 | 80 | 4256 | C:\Users\user\Desktop\v4nrZtP7K2.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 21:41:31.782521009 CET | 151 | OUT | |
| Jan 10, 2025 21:41:32.627525091 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 9 | 192.168.2.9 | 49860 | 132.226.8.169 | 80 | 4256 | C:\Users\user\Desktop\v4nrZtP7K2.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 21:41:33.631115913 CET | 151 | OUT | |
| Jan 10, 2025 21:41:34.435841084 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 10 | 192.168.2.9 | 49871 | 132.226.8.169 | 80 | 4256 | C:\Users\user\Desktop\v4nrZtP7K2.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 21:41:35.486218929 CET | 151 | OUT | |
| Jan 10, 2025 21:41:36.386353970 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 11 | 192.168.2.9 | 49884 | 132.226.8.169 | 80 | 4256 | C:\Users\user\Desktop\v4nrZtP7K2.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 21:41:37.273180008 CET | 151 | OUT | |
| Jan 10, 2025 21:41:38.117928982 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 12 | 192.168.2.9 | 49898 | 132.226.8.169 | 80 | 4256 | C:\Users\user\Desktop\v4nrZtP7K2.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 21:41:39.048686981 CET | 151 | OUT | |
| Jan 10, 2025 21:41:39.889874935 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 13 | 192.168.2.9 | 49912 | 132.226.8.169 | 80 | 4256 | C:\Users\user\Desktop\v4nrZtP7K2.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 21:41:40.946892023 CET | 151 | OUT | |
| Jan 10, 2025 21:41:41.827558994 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 14 | 192.168.2.9 | 49925 | 132.226.8.169 | 80 | 4256 | C:\Users\user\Desktop\v4nrZtP7K2.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 21:41:42.804886103 CET | 151 | OUT | |
| Jan 10, 2025 21:41:43.640191078 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 15 | 192.168.2.9 | 49937 | 132.226.8.169 | 80 | 4256 | C:\Users\user\Desktop\v4nrZtP7K2.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 21:41:44.724029064 CET | 151 | OUT | |
| Jan 10, 2025 21:41:45.908823967 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 16 | 192.168.2.9 | 49952 | 132.226.8.169 | 80 | 4256 | C:\Users\user\Desktop\v4nrZtP7K2.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 21:41:47.656416893 CET | 151 | OUT | |
| Jan 10, 2025 21:41:48.755964994 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 17 | 192.168.2.9 | 49968 | 132.226.8.169 | 80 | 4256 | C:\Users\user\Desktop\v4nrZtP7K2.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 21:41:49.657025099 CET | 151 | OUT | |
| Jan 10, 2025 21:41:50.470134974 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 18 | 192.168.2.9 | 49981 | 132.226.8.169 | 80 | 4256 | C:\Users\user\Desktop\v4nrZtP7K2.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 21:41:51.540098906 CET | 151 | OUT | |
| Jan 10, 2025 21:41:52.380743027 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 19 | 192.168.2.9 | 49995 | 132.226.8.169 | 80 | 4256 | C:\Users\user\Desktop\v4nrZtP7K2.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 21:41:53.386478901 CET | 151 | OUT | |
| Jan 10, 2025 21:41:54.219739914 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 20 | 192.168.2.9 | 50008 | 132.226.8.169 | 80 | 4256 | C:\Users\user\Desktop\v4nrZtP7K2.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 21:41:55.164277077 CET | 151 | OUT | |
| Jan 10, 2025 21:41:56.004151106 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 21 | 192.168.2.9 | 50021 | 132.226.8.169 | 80 | 4256 | C:\Users\user\Desktop\v4nrZtP7K2.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 21:41:56.902923107 CET | 151 | OUT | |
| Jan 10, 2025 21:41:57.748101950 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 22 | 192.168.2.9 | 50023 | 132.226.8.169 | 80 | 4256 | C:\Users\user\Desktop\v4nrZtP7K2.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 21:41:58.893111944 CET | 151 | OUT | |
| Jan 10, 2025 21:41:59.822940111 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 23 | 192.168.2.9 | 50025 | 132.226.8.169 | 80 | 4256 | C:\Users\user\Desktop\v4nrZtP7K2.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 21:42:00.720055103 CET | 151 | OUT | |
| Jan 10, 2025 21:42:02.217138052 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 24 | 192.168.2.9 | 50027 | 132.226.8.169 | 80 | 4256 | C:\Users\user\Desktop\v4nrZtP7K2.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 21:42:03.317325115 CET | 151 | OUT | |
| Jan 10, 2025 21:42:04.154455900 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 25 | 192.168.2.9 | 50029 | 132.226.8.169 | 80 | 4256 | C:\Users\user\Desktop\v4nrZtP7K2.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 21:42:05.354499102 CET | 151 | OUT | |
| Jan 10, 2025 21:42:06.380877018 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 26 | 192.168.2.9 | 50031 | 132.226.8.169 | 80 | 4256 | C:\Users\user\Desktop\v4nrZtP7K2.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 21:42:07.306477070 CET | 151 | OUT | |
| Jan 10, 2025 21:42:08.975754976 CET | 273 | IN | |
| Jan 10, 2025 21:42:08.976102114 CET | 273 | IN | |
| Jan 10, 2025 21:42:08.976408005 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 27 | 192.168.2.9 | 50033 | 132.226.8.169 | 80 | 4256 | C:\Users\user\Desktop\v4nrZtP7K2.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 21:42:10.014390945 CET | 151 | OUT | |
| Jan 10, 2025 21:42:10.871510983 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 28 | 192.168.2.9 | 50035 | 132.226.8.169 | 80 | 4256 | C:\Users\user\Desktop\v4nrZtP7K2.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 21:42:11.878213882 CET | 127 | OUT | |
| Jan 10, 2025 21:42:13.090872049 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 29 | 192.168.2.9 | 50037 | 132.226.8.169 | 80 | 4256 | C:\Users\user\Desktop\v4nrZtP7K2.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 21:42:13.984704018 CET | 151 | OUT | |
| Jan 10, 2025 21:42:14.813391924 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 30 | 192.168.2.9 | 50039 | 132.226.8.169 | 80 | 4256 | C:\Users\user\Desktop\v4nrZtP7K2.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 21:42:15.785559893 CET | 151 | OUT | |
| Jan 10, 2025 21:42:16.615860939 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 31 | 192.168.2.9 | 50041 | 132.226.8.169 | 80 | 4256 | C:\Users\user\Desktop\v4nrZtP7K2.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 21:42:17.658076048 CET | 151 | OUT | |
| Jan 10, 2025 21:42:19.500050068 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 32 | 192.168.2.9 | 50043 | 132.226.8.169 | 80 | 4256 | C:\Users\user\Desktop\v4nrZtP7K2.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 21:42:20.585624933 CET | 151 | OUT | |
| Jan 10, 2025 21:42:21.412628889 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port |
|---|---|---|---|---|
| 33 | 192.168.2.9 | 50045 | 132.226.8.169 | 80 |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 10, 2025 21:42:25.239631891 CET | 151 | OUT | |
| Jan 10, 2025 21:42:26.085143089 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.9 | 49709 | 142.250.181.238 | 443 | 4256 | C:\Users\user\Desktop\v4nrZtP7K2.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 20:41:02 UTC | 216 | OUT | |
| 2025-01-10 20:41:04 UTC | 1920 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.9 | 49710 | 142.250.181.225 | 443 | 4256 | C:\Users\user\Desktop\v4nrZtP7K2.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 20:41:04 UTC | 258 | OUT | |
| 2025-01-10 20:41:07 UTC | 4930 | IN | |
| 2025-01-10 20:41:07 UTC | 4930 | IN | |
| 2025-01-10 20:41:07 UTC | 4839 | IN | |
| 2025-01-10 20:41:07 UTC | 1322 | IN | |
| 2025-01-10 20:41:07 UTC | 1390 | IN | |
| 2025-01-10 20:41:07 UTC | 1390 | IN | |
| 2025-01-10 20:41:07 UTC | 1390 | IN | |
| 2025-01-10 20:41:07 UTC | 1390 | IN | |
| 2025-01-10 20:41:07 UTC | 1390 | IN | |
| 2025-01-10 20:41:07 UTC | 1390 | IN | |
| 2025-01-10 20:41:07 UTC | 1390 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 2 | 192.168.2.9 | 49713 | 104.21.48.1 | 443 | 4256 | C:\Users\user\Desktop\v4nrZtP7K2.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 20:41:11 UTC | 85 | OUT | |
| 2025-01-10 20:41:11 UTC | 857 | IN | |
| 2025-01-10 20:41:11 UTC | 362 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 3 | 192.168.2.9 | 49740 | 149.154.167.220 | 443 | 4256 | C:\Users\user\Desktop\v4nrZtP7K2.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 20:41:17 UTC | 294 | OUT | |
| 2025-01-10 20:41:17 UTC | 1090 | OUT | |
| 2025-01-10 20:41:18 UTC | 388 | IN | |
| 2025-01-10 20:41:18 UTC | 534 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 4 | 192.168.2.9 | 49757 | 149.154.167.220 | 443 | 4256 | C:\Users\user\Desktop\v4nrZtP7K2.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 20:41:20 UTC | 294 | OUT | |
| 2025-01-10 20:41:20 UTC | 1090 | OUT | |
| 2025-01-10 20:41:20 UTC | 388 | IN | |
| 2025-01-10 20:41:20 UTC | 534 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 5 | 192.168.2.9 | 49769 | 149.154.167.220 | 443 | 4256 | C:\Users\user\Desktop\v4nrZtP7K2.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 20:41:22 UTC | 270 | OUT | |
| 2025-01-10 20:41:22 UTC | 1090 | OUT | |
| 2025-01-10 20:41:22 UTC | 388 | IN | |
| 2025-01-10 20:41:22 UTC | 534 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 6 | 192.168.2.9 | 49782 | 149.154.167.220 | 443 | 4256 | C:\Users\user\Desktop\v4nrZtP7K2.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 20:41:23 UTC | 270 | OUT | |
| 2025-01-10 20:41:23 UTC | 1090 | OUT | |
| 2025-01-10 20:41:24 UTC | 388 | IN | |
| 2025-01-10 20:41:24 UTC | 534 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 7 | 192.168.2.9 | 49798 | 149.154.167.220 | 443 | 4256 | C:\Users\user\Desktop\v4nrZtP7K2.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 20:41:25 UTC | 270 | OUT | |
| 2025-01-10 20:41:25 UTC | 1090 | OUT | |
| 2025-01-10 20:41:26 UTC | 388 | IN | |
| 2025-01-10 20:41:26 UTC | 535 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 8 | 192.168.2.9 | 49811 | 149.154.167.220 | 443 | 4256 | C:\Users\user\Desktop\v4nrZtP7K2.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 20:41:27 UTC | 270 | OUT | |
| 2025-01-10 20:41:27 UTC | 1090 | OUT | |
| 2025-01-10 20:41:28 UTC | 388 | IN | |
| 2025-01-10 20:41:28 UTC | 534 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 9 | 192.168.2.9 | 49827 | 149.154.167.220 | 443 | 4256 | C:\Users\user\Desktop\v4nrZtP7K2.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 20:41:29 UTC | 270 | OUT | |
| 2025-01-10 20:41:29 UTC | 1090 | OUT | |
| 2025-01-10 20:41:29 UTC | 388 | IN | |
| 2025-01-10 20:41:29 UTC | 534 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 10 | 192.168.2.9 | 49839 | 149.154.167.220 | 443 | 4256 | C:\Users\user\Desktop\v4nrZtP7K2.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 20:41:31 UTC | 270 | OUT | |
| 2025-01-10 20:41:31 UTC | 1090 | OUT | |
| 2025-01-10 20:41:31 UTC | 388 | IN | |
| 2025-01-10 20:41:31 UTC | 534 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 11 | 192.168.2.9 | 49853 | 149.154.167.220 | 443 | 4256 | C:\Users\user\Desktop\v4nrZtP7K2.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 20:41:33 UTC | 270 | OUT | |
| 2025-01-10 20:41:33 UTC | 1090 | OUT | |
| 2025-01-10 20:41:33 UTC | 388 | IN | |
| 2025-01-10 20:41:33 UTC | 534 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 12 | 192.168.2.9 | 49865 | 149.154.167.220 | 443 | 4256 | C:\Users\user\Desktop\v4nrZtP7K2.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 20:41:35 UTC | 270 | OUT | |
| 2025-01-10 20:41:35 UTC | 1090 | OUT | |
| 2025-01-10 20:41:35 UTC | 388 | IN | |
| 2025-01-10 20:41:35 UTC | 534 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 13 | 192.168.2.9 | 49877 | 149.154.167.220 | 443 | 4256 | C:\Users\user\Desktop\v4nrZtP7K2.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 20:41:37 UTC | 270 | OUT | |
| 2025-01-10 20:41:37 UTC | 1090 | OUT | |
| 2025-01-10 20:41:37 UTC | 388 | IN | |
| 2025-01-10 20:41:37 UTC | 534 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 14 | 192.168.2.9 | 49890 | 149.154.167.220 | 443 | 4256 | C:\Users\user\Desktop\v4nrZtP7K2.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 20:41:38 UTC | 270 | OUT | |
| 2025-01-10 20:41:38 UTC | 1090 | OUT | |
| 2025-01-10 20:41:39 UTC | 388 | IN | |
| 2025-01-10 20:41:39 UTC | 534 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 15 | 192.168.2.9 | 49905 | 149.154.167.220 | 443 | 4256 | C:\Users\user\Desktop\v4nrZtP7K2.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 20:41:40 UTC | 270 | OUT | |
| 2025-01-10 20:41:40 UTC | 1090 | OUT | |
| 2025-01-10 20:41:40 UTC | 388 | IN | |
| 2025-01-10 20:41:40 UTC | 534 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 16 | 192.168.2.9 | 49919 | 149.154.167.220 | 443 | 4256 | C:\Users\user\Desktop\v4nrZtP7K2.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 20:41:42 UTC | 270 | OUT | |
| 2025-01-10 20:41:42 UTC | 1090 | OUT | |
| 2025-01-10 20:41:42 UTC | 388 | IN | |
| 2025-01-10 20:41:42 UTC | 534 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 17 | 192.168.2.9 | 49930 | 149.154.167.220 | 443 | 4256 | C:\Users\user\Desktop\v4nrZtP7K2.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 20:41:44 UTC | 294 | OUT | |
| 2025-01-10 20:41:44 UTC | 1090 | OUT | |
| 2025-01-10 20:41:44 UTC | 388 | IN | |
| 2025-01-10 20:41:44 UTC | 534 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 18 | 192.168.2.9 | 49946 | 149.154.167.220 | 443 | 4256 | C:\Users\user\Desktop\v4nrZtP7K2.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 20:41:46 UTC | 294 | OUT | |
| 2025-01-10 20:41:46 UTC | 1090 | OUT | |
| 2025-01-10 20:41:47 UTC | 388 | IN | |
| 2025-01-10 20:41:47 UTC | 534 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 19 | 192.168.2.9 | 49962 | 149.154.167.220 | 443 | 4256 | C:\Users\user\Desktop\v4nrZtP7K2.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 20:41:49 UTC | 294 | OUT | |
| 2025-01-10 20:41:49 UTC | 1090 | OUT | |
| 2025-01-10 20:41:49 UTC | 388 | IN | |
| 2025-01-10 20:41:49 UTC | 534 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 20 | 192.168.2.9 | 49973 | 149.154.167.220 | 443 | 4256 | C:\Users\user\Desktop\v4nrZtP7K2.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 20:41:51 UTC | 294 | OUT | |
| 2025-01-10 20:41:51 UTC | 1090 | OUT | |
| 2025-01-10 20:41:51 UTC | 388 | IN | |
| 2025-01-10 20:41:51 UTC | 534 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 21 | 192.168.2.9 | 49988 | 149.154.167.220 | 443 | 4256 | C:\Users\user\Desktop\v4nrZtP7K2.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 20:41:52 UTC | 270 | OUT | |
| 2025-01-10 20:41:52 UTC | 1090 | OUT | |
| 2025-01-10 20:41:53 UTC | 388 | IN | |
| 2025-01-10 20:41:53 UTC | 535 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 22 | 192.168.2.9 | 50001 | 149.154.167.220 | 443 | 4256 | C:\Users\user\Desktop\v4nrZtP7K2.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 20:41:54 UTC | 270 | OUT | |
| 2025-01-10 20:41:54 UTC | 1090 | OUT | |
| 2025-01-10 20:41:55 UTC | 388 | IN | |
| 2025-01-10 20:41:55 UTC | 534 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 23 | 192.168.2.9 | 50014 | 149.154.167.220 | 443 | 4256 | C:\Users\user\Desktop\v4nrZtP7K2.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 20:41:56 UTC | 270 | OUT | |
| 2025-01-10 20:41:56 UTC | 1090 | OUT | |
| 2025-01-10 20:41:56 UTC | 388 | IN | |
| 2025-01-10 20:41:56 UTC | 535 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 24 | 192.168.2.9 | 50022 | 149.154.167.220 | 443 | 4256 | C:\Users\user\Desktop\v4nrZtP7K2.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 20:41:58 UTC | 270 | OUT | |
| 2025-01-10 20:41:58 UTC | 1090 | OUT | |
| 2025-01-10 20:41:58 UTC | 388 | IN | |
| 2025-01-10 20:41:58 UTC | 534 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 25 | 192.168.2.9 | 50024 | 149.154.167.220 | 443 | 4256 | C:\Users\user\Desktop\v4nrZtP7K2.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 20:42:00 UTC | 270 | OUT | |
| 2025-01-10 20:42:00 UTC | 1090 | OUT | |
| 2025-01-10 20:42:00 UTC | 388 | IN | |
| 2025-01-10 20:42:00 UTC | 534 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 26 | 192.168.2.9 | 50026 | 149.154.167.220 | 443 | 4256 | C:\Users\user\Desktop\v4nrZtP7K2.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 20:42:02 UTC | 270 | OUT | |
| 2025-01-10 20:42:02 UTC | 1090 | OUT | |
| 2025-01-10 20:42:03 UTC | 388 | IN | |
| 2025-01-10 20:42:03 UTC | 534 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 27 | 192.168.2.9 | 50028 | 149.154.167.220 | 443 | 4256 | C:\Users\user\Desktop\v4nrZtP7K2.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 20:42:04 UTC | 270 | OUT | |
| 2025-01-10 20:42:04 UTC | 1090 | OUT | |
| 2025-01-10 20:42:05 UTC | 388 | IN | |
| 2025-01-10 20:42:05 UTC | 534 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 28 | 192.168.2.9 | 50030 | 149.154.167.220 | 443 | 4256 | C:\Users\user\Desktop\v4nrZtP7K2.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 20:42:07 UTC | 270 | OUT | |
| 2025-01-10 20:42:07 UTC | 1090 | OUT | |
| 2025-01-10 20:42:07 UTC | 388 | IN | |
| 2025-01-10 20:42:07 UTC | 534 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 29 | 192.168.2.9 | 50032 | 149.154.167.220 | 443 | 4256 | C:\Users\user\Desktop\v4nrZtP7K2.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 20:42:09 UTC | 294 | OUT | |
| 2025-01-10 20:42:09 UTC | 1090 | OUT | |
| 2025-01-10 20:42:09 UTC | 388 | IN | |
| 2025-01-10 20:42:09 UTC | 534 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 30 | 192.168.2.9 | 50034 | 149.154.167.220 | 443 | 4256 | C:\Users\user\Desktop\v4nrZtP7K2.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 20:42:11 UTC | 294 | OUT | |
| 2025-01-10 20:42:11 UTC | 1090 | OUT | |
| 2025-01-10 20:42:11 UTC | 388 | IN | |
| 2025-01-10 20:42:11 UTC | 534 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 31 | 192.168.2.9 | 50036 | 149.154.167.220 | 443 | 4256 | C:\Users\user\Desktop\v4nrZtP7K2.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 20:42:13 UTC | 270 | OUT | |
| 2025-01-10 20:42:13 UTC | 1090 | OUT | |
| 2025-01-10 20:42:13 UTC | 388 | IN | |
| 2025-01-10 20:42:13 UTC | 534 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 32 | 192.168.2.9 | 50038 | 149.154.167.220 | 443 | 4256 | C:\Users\user\Desktop\v4nrZtP7K2.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 20:42:15 UTC | 294 | OUT | |
| 2025-01-10 20:42:15 UTC | 1090 | OUT | |
| 2025-01-10 20:42:15 UTC | 388 | IN | |
| 2025-01-10 20:42:15 UTC | 534 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 33 | 192.168.2.9 | 50040 | 149.154.167.220 | 443 | 4256 | C:\Users\user\Desktop\v4nrZtP7K2.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 20:42:17 UTC | 270 | OUT | |
| 2025-01-10 20:42:17 UTC | 1090 | OUT | |
| 2025-01-10 20:42:17 UTC | 388 | IN | |
| 2025-01-10 20:42:17 UTC | 534 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 34 | 192.168.2.9 | 50042 | 149.154.167.220 | 443 | 4256 | C:\Users\user\Desktop\v4nrZtP7K2.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 20:42:20 UTC | 270 | OUT | |
| 2025-01-10 20:42:20 UTC | 1090 | OUT | |
| 2025-01-10 20:42:20 UTC | 388 | IN | |
| 2025-01-10 20:42:20 UTC | 534 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port |
|---|---|---|---|---|
| 35 | 192.168.2.9 | 50044 | 149.154.167.220 | 443 |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 20:42:24 UTC | 270 | OUT | |
| 2025-01-10 20:42:24 UTC | 1090 | OUT | |
| 2025-01-10 20:42:25 UTC | 388 | IN | |
| 2025-01-10 20:42:25 UTC | 534 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 1 |
| Start time: | 15:40:15 |
| Start date: | 10/01/2025 |
| Path: | C:\Users\user\Desktop\v4nrZtP7K2.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 1'048'063 bytes |
| MD5 hash: | 0F45BBAFC276FA80464C8892BA6F5B2A |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
| Has exited: | true |
| Target ID: | 5 |
| Start time: | 15:40:51 |
| Start date: | 10/01/2025 |
| Path: | C:\Users\user\Desktop\v4nrZtP7K2.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 1'048'063 bytes |
| MD5 hash: | 0F45BBAFC276FA80464C8892BA6F5B2A |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
| Has exited: | false |
Execution Graph
| Execution Coverage: | 19.9% |
| Dynamic/Decrypted Code Coverage: | 0% |
| Signature Coverage: | 19.9% |
| Total number of Nodes: | 1599 |
| Total number of Limit Nodes: | 39 |
Graph
Function 004034A5 Relevance: 80.9, APIs: 32, Strings: 14, Instructions: 410stringfilecomCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404DCC Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405AFA Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 148filestringCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406AF2 Relevance: 5.4, APIs: 4, Instructions: 382COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00403E86 Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 346windowstringCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00403AD8 Relevance: 44.0, APIs: 13, Strings: 12, Instructions: 215stringregistryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402F30 Relevance: 23.0, APIs: 5, Strings: 8, Instructions: 203memoryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040640A Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 209stringCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040176F Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 145stringtimeCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040264A Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406752 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402032 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73libraryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004023E4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64registrystringCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401B77 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 72memoryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040591F Relevance: 6.0, APIs: 4, Instructions: 39COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004053C4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004062B6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406F27 Relevance: 5.2, APIs: 4, Instructions: 236COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00407128 Relevance: 5.2, APIs: 4, Instructions: 208COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406E3E Relevance: 5.2, APIs: 4, Instructions: 205COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406943 Relevance: 5.2, APIs: 4, Instructions: 198COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406D91 Relevance: 5.2, APIs: 4, Instructions: 180COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406EAF Relevance: 5.2, APIs: 4, Instructions: 170COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406DFB Relevance: 5.2, APIs: 4, Instructions: 168COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004032DE Relevance: 4.6, APIs: 3, Instructions: 101COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004031D6 Relevance: 3.1, APIs: 2, Instructions: 88COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004015C1 Relevance: 3.1, APIs: 2, Instructions: 65COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401E49 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405EDE Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040599C Relevance: 3.0, APIs: 2, Instructions: 9COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 6FFB2AAC Relevance: 1.6, APIs: 1, Instructions: 143COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040167B Relevance: 1.5, APIs: 1, Instructions: 38fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004027EF Relevance: 1.5, APIs: 1, Instructions: 28COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405F61 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405F90 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 6FFB2993 Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040345D Relevance: 1.5, APIs: 1, Instructions: 6COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404394 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 6FFB121B Relevance: 1.3, APIs: 1, Instructions: 6memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040558F Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 284windowclipboardmemoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404850 Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 275stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 6FFB1B5F Relevance: 20.1, APIs: 13, Instructions: 576stringlibrarymemoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402DF3 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402104 Relevance: 1.6, APIs: 1, Instructions: 129comCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402868 Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040451E Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 204windowstringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406034 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 130memorystringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004043C6 Relevance: 12.1, APIs: 8, Instructions: 68COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404D1A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 6FFB2569 Relevance: 9.1, APIs: 6, Instructions: 109COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404C0C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84stringCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402598 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 69stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 6FFB18D9 Relevance: 7.7, APIs: 5, Instructions: 194COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 6FFB2394 Relevance: 7.6, APIs: 5, Instructions: 135memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401DB9 Relevance: 7.5, APIs: 5, Instructions: 43COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 6FFB161D Relevance: 7.5, APIs: 5, Instructions: 41memorylibraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401D5D Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401C1F Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405CBD Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405DC5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004059D1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 6FFB10E1 Relevance: 5.1, APIs: 4, Instructions: 104memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405E43 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Execution Graph
| Execution Coverage: | 10.7% |
| Dynamic/Decrypted Code Coverage: | 100% |
| Signature Coverage: | 4.7% |
| Total number of Nodes: | 276 |
| Total number of Limit Nodes: | 22 |
Graph
Function 36947628 Relevance: 2.0, APIs: 1, Instructions: 533COMMON
Download Yara Rule
Control-flow Graph
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37609D10 Relevance: 1.5, Strings: 1, Instructions: 219COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3760A360 Relevance: 1.5, Strings: 1, Instructions: 219COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 376096C8 Relevance: 1.5, Strings: 1, Instructions: 218COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3760A9B0 Relevance: 1.5, Strings: 1, Instructions: 218COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3760A9A0 Relevance: 1.4, Strings: 1, Instructions: 174COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 376096B8 Relevance: 1.4, Strings: 1, Instructions: 168COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D8DA0 Relevance: 1.1, Instructions: 1144COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A3E790 Relevance: .8, Instructions: 764COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3760BDF0 Relevance: .8, Instructions: 758COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37600040 Relevance: .7, Instructions: 745COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37608650 Relevance: .7, Instructions: 709COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D5F90 Relevance: .5, Instructions: 465COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D66B8 Relevance: .5, Instructions: 455COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3694C638 Relevance: .3, Instructions: 324COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 369403AF Relevance: .3, Instructions: 283COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 376067C0 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36940C1A Relevance: .2, Instructions: 237COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36940C28 Relevance: .2, Instructions: 220COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36940F6F Relevance: .2, Instructions: 202COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D4328 Relevance: .2, Instructions: 196COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3760BA97 Relevance: .2, Instructions: 191COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37608640 Relevance: .2, Instructions: 172COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3760C92F Relevance: .2, Instructions: 153COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37609D00 Relevance: .1, Instructions: 121COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3760A352 Relevance: .1, Instructions: 113COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 376067B0 Relevance: .1, Instructions: 104COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A30980 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37607920 Relevance: 3.9, Strings: 3, Instructions: 147COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3760D548 Relevance: 2.7, Strings: 2, Instructions: 151COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37607922 Relevance: 2.6, Strings: 2, Instructions: 72COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A30104 Relevance: 1.6, APIs: 1, Instructions: 120COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A30110 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A31DC0 Relevance: 1.6, APIs: 1, Instructions: 93COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A3D488 Relevance: 1.6, APIs: 1, Instructions: 75comCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A30BC0 Relevance: 1.6, APIs: 1, Instructions: 68COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36947C2C Relevance: 1.6, APIs: 1, Instructions: 62libraryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A30BC8 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A3D3E8 Relevance: 1.5, APIs: 1, Instructions: 48comCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A32018 Relevance: 1.5, APIs: 1, Instructions: 48timeCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A3E6C9 Relevance: 1.5, APIs: 1, Instructions: 46windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A3C60C Relevance: 1.5, APIs: 1, Instructions: 46windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A3C560 Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37A32020 Relevance: 1.5, APIs: 1, Instructions: 44timeCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3760FAB0 Relevance: 1.4, Strings: 1, Instructions: 189COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3760FAA1 Relevance: 1.3, Strings: 1, Instructions: 89COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3760CF68 Relevance: 1.3, Strings: 1, Instructions: 88COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3760CF59 Relevance: 1.3, Strings: 1, Instructions: 76COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 376095E8 Relevance: 1.3, Strings: 1, Instructions: 39COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D19B8 Relevance: .7, Instructions: 685COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D4F00 Relevance: .3, Instructions: 331COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3760C175 Relevance: .3, Instructions: 322COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3760C173 Relevance: .3, Instructions: 319COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D5460 Relevance: .2, Instructions: 228COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D0B20 Relevance: .2, Instructions: 213COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D6C98 Relevance: .2, Instructions: 201COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D0B30 Relevance: .2, Instructions: 200COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3760DD21 Relevance: .2, Instructions: 183COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3760003A Relevance: .2, Instructions: 170COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000DAF90 Relevance: .2, Instructions: 163COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3760C4CF Relevance: .2, Instructions: 155COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3760CC28 Relevance: .1, Instructions: 147COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D3168 Relevance: .1, Instructions: 134COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37608721 Relevance: .1, Instructions: 130COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D92C3 Relevance: .1, Instructions: 125COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D9EB0 Relevance: .1, Instructions: 121COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000DB2C2 Relevance: .1, Instructions: 109COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D8BF0 Relevance: .1, Instructions: 108COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D4620 Relevance: .1, Instructions: 101COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D6F40 Relevance: .1, Instructions: 87COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D18C8 Relevance: .1, Instructions: 77COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D52C8 Relevance: .1, Instructions: 74COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000AD030 Relevance: .1, Instructions: 72COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000DB107 Relevance: .1, Instructions: 71COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D0EC8 Relevance: .1, Instructions: 70COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D8729 Relevance: .1, Instructions: 65COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000DFE60 Relevance: .1, Instructions: 63COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D17B8 Relevance: .1, Instructions: 61COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3760B9C6 Relevance: .1, Instructions: 57COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3760B9C8 Relevance: .1, Instructions: 56COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000AD02B Relevance: .1, Instructions: 53COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3760CE50 Relevance: .1, Instructions: 53COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D4E5F Relevance: .1, Instructions: 52COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3760E7F4 Relevance: .0, Instructions: 50COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000DB2F0 Relevance: .0, Instructions: 49COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D4664 Relevance: .0, Instructions: 45COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D8D19 Relevance: .0, Instructions: 44COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000DFC3E Relevance: .0, Instructions: 42COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3760CE60 Relevance: .0, Instructions: 39COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37609608 Relevance: .0, Instructions: 35COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000DFE12 Relevance: .0, Instructions: 28COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37609438 Relevance: .0, Instructions: 26COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D1877 Relevance: .0, Instructions: 25COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000DFE20 Relevance: .0, Instructions: 23COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D1888 Relevance: .0, Instructions: 19COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3760CF30 Relevance: .0, Instructions: 19COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000DFF22 Relevance: .0, Instructions: 18COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D56FF Relevance: .0, Instructions: 17COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000DFFB0 Relevance: .0, Instructions: 17COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3760D095 Relevance: .0, Instructions: 17COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D9F6D Relevance: .0, Instructions: 16COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000DFF30 Relevance: .0, Instructions: 15COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 376095D8 Relevance: .0, Instructions: 15COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3760BD48 Relevance: .0, Instructions: 13COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D5710 Relevance: .0, Instructions: 12COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 376094B4 Relevance: .0, Instructions: 12COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004034A5 Relevance: 75.7, APIs: 32, Strings: 11, Instructions: 410stringfilecomCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404DCC Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405AFA Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 148filestringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406AF2 Relevance: 5.4, APIs: 4, Instructions: 382COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37607B4F Relevance: 3.1, Strings: 2, Instructions: 611COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3694DEE1 Relevance: 1.5, Strings: 1, Instructions: 275COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37608193 Relevance: 1.4, Strings: 1, Instructions: 193COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37608373 Relevance: 1.4, Strings: 1, Instructions: 116COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3694F042 Relevance: .3, Instructions: 279COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3694BD88 Relevance: .3, Instructions: 278COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3694B07F Relevance: .3, Instructions: 278COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3694DA89 Relevance: .3, Instructions: 274COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3694E339 Relevance: .3, Instructions: 274COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3694E79E Relevance: .3, Instructions: 270COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3694EBF6 Relevance: .3, Instructions: 270COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37603F70 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37605F10 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37600FA8 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37605660 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37602E10 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 376036C0 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37602560 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37604DB0 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37601400 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37606C18 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 376074C8 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37601CB0 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37606368 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37603B18 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 376043C8 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37603268 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37605208 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37605AB8 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37602108 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 376029B8 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37607070 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37601858 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 37604820 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3694C1F2 Relevance: .3, Instructions: 267COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3694B4EC Relevance: .3, Instructions: 265COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3694B944 Relevance: .3, Instructions: 265COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3760CBE7 Relevance: .0, Instructions: 17COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040558F Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 284windowclipboardmemoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00403E86 Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 346windowstringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00403AD8 Relevance: 38.7, APIs: 13, Strings: 9, Instructions: 215stringregistryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040451E Relevance: 35.2, APIs: 19, Strings: 1, Instructions: 204windowstringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404850 Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 275stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406034 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 130memorystringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402F30 Relevance: 19.5, APIs: 5, Strings: 6, Instructions: 203memoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040640A Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 209stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004043C6 Relevance: 12.1, APIs: 8, Instructions: 68COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040264A Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404D1A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406752 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402DF3 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404C0C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84stringCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401DB9 Relevance: 7.5, APIs: 5, Instructions: 43COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401D5D Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401C1F Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040591F Relevance: 6.0, APIs: 4, Instructions: 39COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405DC5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004053C4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004059D1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406F27 Relevance: 5.2, APIs: 4, Instructions: 236COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00407128 Relevance: 5.2, APIs: 4, Instructions: 208COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406E3E Relevance: 5.2, APIs: 4, Instructions: 205COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406943 Relevance: 5.2, APIs: 4, Instructions: 198COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406D91 Relevance: 5.2, APIs: 4, Instructions: 180COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406EAF Relevance: 5.2, APIs: 4, Instructions: 170COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406DFB Relevance: 5.2, APIs: 4, Instructions: 168COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405E43 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|