Windows
Analysis Report
1f13Cs1ogc.exe
Overview
General Information
Sample name: | 1f13Cs1ogc.exerenamed because original name is a hash value |
Original sample name: | be961e1299e54c9a50c773db0dc3696c.exe |
Analysis ID: | 1528301 |
MD5: | be961e1299e54c9a50c773db0dc3696c |
SHA1: | 203177ce2753140fc2553365e292005d383e2936 |
SHA256: | 5501120627d6aa86b043d6ca51b3bb2dffeb44a8c0cf6f153d6fdf550d76690f |
Tags: | 32exetrojan |
Infos: | |
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- 1f13Cs1ogc.exe (PID: 6352 cmdline:
"C:\Users\ user\Deskt op\1f13Cs1 ogc.exe" MD5: BE961E1299E54C9A50C773DB0DC3696C) - MSBuild.exe (PID: 5952 cmdline:
"C:\Window s\Microsof t.NET\Fram ework\v4.0 .30319\MSB uild.exe" MD5: 8FDF47E0FF70C40ED3A17014AEEA4232) - MSBuild.exe (PID: 4524 cmdline:
"C:\Window s\Microsof t.NET\Fram ework\v4.0 .30319\MSB uild.exe" MD5: 8FDF47E0FF70C40ED3A17014AEEA4232) - MSBuild.exe (PID: 4616 cmdline:
"C:\Window s\Microsof t.NET\Fram ework\v4.0 .30319\MSB uild.exe" MD5: 8FDF47E0FF70C40ED3A17014AEEA4232) - WerFault.exe (PID: 6412 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 6 352 -s 288 MD5: C31336C1EFC2CCB44B4326EA793040F2)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Stealc | Stealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests. | No Attribution |
{"C2 url": "http://62.204.41.150/edd20096ecef326d.php", "Botnet": "default6_doz"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Stealc_1 | Yara detected Stealc | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Stealc | Yara detected Stealc | Joe Security | ||
JoeSecurity_Stealc | Yara detected Stealc | Joe Security | ||
JoeSecurity_Stealc | Yara detected Stealc | Joe Security | ||
JoeSecurity_PowershellDownloadAndExecute | Yara detected Powershell download and execute | Joe Security | ||
JoeSecurity_PowershellDownloadAndExecute | Yara detected Powershell download and execute | Joe Security | ||
Click to see the 1 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Stealc | Yara detected Stealc | Joe Security | ||
JoeSecurity_Stealc | Yara detected Stealc | Joe Security | ||
JoeSecurity_Stealc | Yara detected Stealc | Joe Security | ||
JoeSecurity_Stealc | Yara detected Stealc | Joe Security | ||
JoeSecurity_Stealc | Yara detected Stealc | Joe Security |
System Summary |
---|
Source: | Author: Kiran kumar s, oscd.community: |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-07T18:46:07.015168+0200 | 2044243 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49704 | 62.204.41.150 | 80 | TCP |
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | Malware Configuration Extractor: |
Source: | ReversingLabs: |
Source: | Integrated Neural Analysis Model: |
Source: | Joe Sandbox ML: |
Source: | Static PE information: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | HTTPS traffic detected: |
Source: | Static PE information: |
Source: | Code function: | 0_2_00FF9ABF |
Networking |
---|
Source: | Suricata IDS: |
Source: | URLs: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | ASN Name: |
Source: | JA3 fingerprint: | ||
Source: | JA3 fingerprint: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | Code function: | 3_2_00406280 |
Source: | HTTP traffic detected: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: |
Source: | Code function: | 0_2_00FE2021 | |
Source: | Code function: | 0_2_00FE729C | |
Source: | Code function: | 0_2_00FFD39B | |
Source: | Code function: | 0_2_00FF572C | |
Source: | Code function: | 0_2_0103094F | |
Source: | Code function: | 0_2_00FECAF2 | |
Source: | Code function: | 0_2_00FFBB36 | |
Source: | Code function: | 0_2_00FF3C92 | |
Source: | Code function: | 0_2_00FE1D79 | |
Source: | Code function: | 0_2_00FEFEF0 |
Source: | Process created: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | ReversingLabs: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | 3_2_0041C03D |
Source: | Code function: | 0_2_00FE71C0 | |
Source: | Code function: | 0_2_01027F20 | |
Source: | Code function: | 3_2_0041B048 |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | API coverage: |
Source: | Code function: | 0_2_00FF9ABF |
Source: | Code function: | 3_2_00401160 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Source: | Code function: | 0_2_00FE7922 |
Source: | Code function: | 3_2_004045C0 |
Source: | Code function: | 3_2_0041C03D |
Source: | Code function: | 0_2_00FE2003 | |
Source: | Code function: | 0_2_00FFA64C | |
Source: | Code function: | 0_2_01026628 | |
Source: | Code function: | 0_2_00FF0F2E | |
Source: | Code function: | 3_2_00419750 |
Source: | Code function: | 0_2_00FFCC4B |
Source: | Code function: | 0_2_00FE7610 | |
Source: | Code function: | 0_2_00FE7922 | |
Source: | Code function: | 0_2_00FE7AAF | |
Source: | Code function: | 0_2_00FEDA73 | |
Source: | Code function: | 3_2_0041AD48 | |
Source: | Code function: | 3_2_0041CEEA | |
Source: | Code function: | 3_2_0041B33A |
Source: | Memory protected: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | File source: | ||
Source: | File source: |
Source: | Memory allocated: | Jump to behavior |
Source: | Memory written: | Jump to behavior |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Code function: | 0_2_00FFC085 | |
Source: | Code function: | 0_2_00FF622B | |
Source: | Code function: | 0_2_00FFC372 | |
Source: | Code function: | 0_2_00FFC327 | |
Source: | Code function: | 0_2_00FFC498 | |
Source: | Code function: | 0_2_00FFC40D | |
Source: | Code function: | 0_2_00FFC6EB | |
Source: | Code function: | 0_2_00FFC814 | |
Source: | Code function: | 0_2_00FFC9E9 | |
Source: | Code function: | 0_2_00FFC91A | |
Source: | Code function: | 0_2_00FF5D7F |
Source: | Queries volume information: | Jump to behavior |
Source: | Code function: | 0_2_00FE7815 |
Source: | Code function: | 3_2_00417850 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Native API | 1 DLL Side-Loading | 311 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Time Discovery | Remote Services | 1 Archive Collected Data | 12 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 1 Virtualization/Sandbox Evasion | LSASS Memory | 41 Security Software Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 11 Disable or Modify Tools | Security Account Manager | 1 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | Data from Network Shared Drive | 2 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 311 Process Injection | NTDS | 1 Account Discovery | Distributed Component Object Model | Input Capture | 13 Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Deobfuscate/Decode Files or Information | LSA Secrets | 1 System Owner/User Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 2 Obfuscated Files or Information | Cached Domain Credentials | 1 File and Directory Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 1 Software Packing | DCSync | 23 System Information Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 1 DLL Side-Loading | Proc Filesystem | System Owner/User Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
32% | ReversingLabs | Win32.Trojan.Generic | ||
100% | Avira | HEUR/AGEN.1310458 | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
bg.microsoft.map.fastly.net | 199.232.214.172 | true | false | unknown | |
s-part-0036.t-0009.t-msedge.net | 13.107.246.64 | true | false | unknown | |
fp2e7a.wpc.phicdn.net | 192.229.221.95 | true | false | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true | unknown | ||
true | unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false | unknown | |||
true | unknown | |||
false | unknown | |||
false | unknown | |||
false | unknown | |||
false | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
62.204.41.150 | unknown | United Kingdom | 30798 | TNNET-ASTNNetOyMainnetworkFI | true |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1528301 |
Start date and time: | 2024-10-07 18:45:10 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 55s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 11 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | 1f13Cs1ogc.exerenamed because original name is a hash value |
Original Sample Name: | be961e1299e54c9a50c773db0dc3696c.exe |
Detection: | MAL |
Classification: | mal100.troj.evad.winEXE@8/5@0/1 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 20.190.160.22, 40.126.32.68, 40.126.32.76, 40.126.32.136, 20.190.160.14, 40.126.32.138, 40.126.32.72, 20.190.160.17, 199.232.214.172, 192.229.221.95, 20.109.210.53, 20.3.187.198, 20.189.173.21, 52.165.164.15, 93.184.221.240
- Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, otelrules.afd.azureedge.net, wu.azureedge.net, ocsp.digicert.com, login.live.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, sls.update.microsoft.com, onedsblobprdwus16.westus.cloudapp.azure.com, hlb.apr-52dd2-0.edgecastdns.net, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net, prdv4a.aadg.msidentity.com, ctldl.windowsupdate.com.delivery.microsoft.com, otelrules.azureedge.net, www.tm.v4.a.prd.aadg.akadns.net, wu.ec.azureedge.net, ctldl.windowsupdate.com, login.msa.msidentity.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, blobcollector.events.data.trafficmanager.net, azureedge-t-prod.trafficmanager.net, umwatson.events.data.microsoft.com, www.tm.lg.prod.aadmsa.trafficmanager.net
- VT rate limit hit for: 1f13Cs1ogc.exe
Time | Type | Description |
---|---|---|
12:46:28 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
62.204.41.150 | Get hash | malicious | Stealc | Browse |
| |
Get hash | malicious | Stealc | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
s-part-0036.t-0009.t-msedge.net | Get hash | malicious | LummaC, Vidar | Browse |
| |
Get hash | malicious | Stealc | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Vidar | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HtmlDropper | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
fp2e7a.wpc.phicdn.net | Get hash | malicious | LummaC, Stealc, Vidar | Browse |
| |
Get hash | malicious | LummaC, Vidar | Browse |
| ||
Get hash | malicious | Stealc | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Vidar | Browse |
| ||
Get hash | malicious | Stealc, Vidar | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
bg.microsoft.map.fastly.net | Get hash | malicious | LummaC, Stealc, Vidar | Browse |
| |
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | Vidar | Browse |
| ||
Get hash | malicious | Stealc, Vidar | Browse |
| ||
Get hash | malicious | Stealc | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | FormBook | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
TNNET-ASTNNetOyMainnetworkFI | Get hash | malicious | Stealc | Browse |
| |
Get hash | malicious | Stealc | Browse |
| ||
Get hash | malicious | Stealc | Browse |
| ||
Get hash | malicious | Stealc | Browse |
| ||
Get hash | malicious | Stealc | Browse |
| ||
Get hash | malicious | Stealc, Vidar | Browse |
| ||
Get hash | malicious | Stealc | Browse |
| ||
Get hash | malicious | Stealc | Browse |
| ||
Get hash | malicious | Stealc | Browse |
| ||
Get hash | malicious | Stealc, Vidar | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
1138de370e523e824bbca92d049a3777 | Get hash | malicious | Credential Flusher | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Tycoon2FA | Browse |
| ||
Get hash | malicious | LummaC, Amadey, Credential Flusher, Stealc | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
28a2c9bd18a11de089ef85a160da29e4 | Get hash | malicious | Credential Flusher | Browse |
| |
Get hash | malicious | LummaC, Vidar | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | Stealc | Browse |
| ||
Get hash | malicious | HtmlDropper | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Vidar | Browse |
| ||
Get hash | malicious | Stealc, Vidar | Browse |
| ||
Get hash | malicious | Stealc | Browse |
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_1f13Cs1ogc.exe_d6c2601472a1e2329a283caeddd13e21ba0c439_01cc4f56_d1e131fd-d66e-4158-87c7-730795a95caa\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.6526090891527181 |
Encrypted: | false |
SSDEEP: | 96:G1FCx8Bjr057v1Zs1wy61aAPf5QXIDcQvc6QcEVcw3cE/Wvm+HbHg/5hZAX/d5Ft:6Tjr01Zg0BU/AjhzuiFkZ24IO8Z |
MD5: | A10B84F5D092B8D44F85BF546D255526 |
SHA1: | AA9FFBEA66E7D517F4C6065AA6363007EB663680 |
SHA-256: | 069B8AEC3A24AC7BCC8AF41201411B9DA4AC39831FEE80DE1ED2AFAA2E7EC901 |
SHA-512: | 94244869C2C5C2E8124EF9112CD3A069BAC5C1D7F3589C17B5BE5507E785F35C19ECC59EAD950088339BB5F9DB1FEEC3A27E72FBB172D07C92061A764D7C7672 |
Malicious: | true |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 34372 |
Entropy (8bit): | 1.7302828387451836 |
Encrypted: | false |
SSDEEP: | 192:SNP0sOntGAd0xI3dcmMWbvcJXWNRsgWmX8g:NjtGAKxI3jMWbcX6Rr |
MD5: | 7C25AA9CFE26B9650B1F5E6656542BD6 |
SHA1: | DAA038ACFC2E93309EF593FDD1566D2885F16512 |
SHA-256: | 535AE63AED98301152B13B4ED0DA1777AAAF0B5D8448F8A72D51AF8B4FAF1D96 |
SHA-512: | 6DAA33C693486F901460DE4A88DE1006820EEF0AA97C79121D6238D03340B381509B7C52B3BBAE97E6008D63EC46C5561C5DF7B7248047A37ED7E695D4530BAD |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8330 |
Entropy (8bit): | 3.6967309422530445 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJ0jW6G6YEInSU2nvgmfeWgIprq89b4Usfhom:R6lXJOW6G6YE4SU2nvgmfeWg+4Hfb |
MD5: | 1134EF2A7CABF3CB883E3F7774C858E7 |
SHA1: | 6EF63CF401B76E21494F78AF2D77BAAC0B150215 |
SHA-256: | 1FBD41036E1E2FE949F407E96FD6CB6740B1BCD81292811CC42D23FA3BD0BFE6 |
SHA-512: | 16887643157519D1F53DE5E09E58040435F54782FAEBFEB3FEF71CD20B8920EBCED8B22D6EBD6F8DFB1A03F33555DDDF6647E0ADFFBB420A583C5098675858EA |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4678 |
Entropy (8bit): | 4.469992287553681 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zsEuJg77aI9qVWpW8VYLYm8M4J02F5xW8+q82BawL2dMd:uIjfEkI7Qk7VDJnxW8RawL2dMd |
MD5: | 3E3EB9824E0436B88E3E484C9008E9F0 |
SHA1: | 7D0603FF3EB0CA88A964205BBC301C74F0E8C996 |
SHA-256: | A62FC40CD5902DA614F184B209ACDA2D700477E661443D9FDFF6FC6238C42D45 |
SHA-512: | 0F60F8F18E0E3BCC2CBCF63B363DD1534CEA1CA0CB0AE18B2F6906CA2685FB41042CA1A68D42D33709C51C8EB4B8B717FAD7B86EE0DF6C572FDDE845652E4220 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1835008 |
Entropy (8bit): | 4.422062079740462 |
Encrypted: | false |
SSDEEP: | 6144:XSvfpi6ceLP/9skLmb0OTiWSPHaJG8nAgeMZMMhA2fX4WABlEnND0uhiTw:CvloTiW+EZMM6DFyB03w |
MD5: | BBFF0F22B1CF9C62DC54880EA592C4B6 |
SHA1: | 8211F41CA2C96B4A2530DCF5218F91FB6CAE3294 |
SHA-256: | 083A0912577317C11276657088F5EDEF66CE2915622C3F14425632C4837D227F |
SHA-512: | 908D473ECF471CE12853353CE4DF28F06F3646F904A5071BC6AC7D2DF4AB14E305A0C7FC03EAE9A3F382FC2D0F4C3A1C084D5904031838B7E56AC985A3E8812C |
Malicious: | false |
Reputation: | low |
Preview: |
File type: | |
Entropy (8bit): | 7.6826865703655915 |
TrID: |
|
File name: | 1f13Cs1ogc.exe |
File size: | 505'344 bytes |
MD5: | be961e1299e54c9a50c773db0dc3696c |
SHA1: | 203177ce2753140fc2553365e292005d383e2936 |
SHA256: | 5501120627d6aa86b043d6ca51b3bb2dffeb44a8c0cf6f153d6fdf550d76690f |
SHA512: | bc0bbea65fb54c4a059d3c71c807b2fa5d77ae9bf0902664014d75eb432f4fa752fcb59cd993f54498bc1a28ab044c5d5144b5f250676f9725cce917540e0d43 |
SSDEEP: | 12288:VpJlka1IlaV/mfE6NNlu5wchlzbuTKWGoaz9ec14S:VOa1OVw3NiTDaz9ecO |
TLSH: | FBB4F04175C1C432D873293246F0DA755E7DB9B00A66AEDF63840FBE0F30681DB25AAB |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......=.9.y.WUy.WUy.WU..TTu.WU..RT..WU..STl.WU..VTz.WUy.VU!.WUilTTm.WUilSTk.WUilRT4.WU1m^Tx.WU1m.Ux.WU1mUTx.WURichy.WU............... |
Icon Hash: | 00928e8e8686b000 |
Entrypoint: | 0x406f52 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x67040A64 [Mon Oct 7 16:20:52 2024 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 6 |
OS Version Minor: | 0 |
File Version Major: | 6 |
File Version Minor: | 0 |
Subsystem Version Major: | 6 |
Subsystem Version Minor: | 0 |
Import Hash: | d10af643340e1121562abe3e6bd5b0e1 |
Instruction |
---|
call 00007F92ECB4CD20h |
jmp 00007F92ECB4C28Fh |
push ebp |
mov ebp, esp |
mov eax, dword ptr [ebp+08h] |
push esi |
mov ecx, dword ptr [eax+3Ch] |
add ecx, eax |
movzx eax, word ptr [ecx+14h] |
lea edx, dword ptr [ecx+18h] |
add edx, eax |
movzx eax, word ptr [ecx+06h] |
imul esi, eax, 28h |
add esi, edx |
cmp edx, esi |
je 00007F92ECB4C42Bh |
mov ecx, dword ptr [ebp+0Ch] |
cmp ecx, dword ptr [edx+0Ch] |
jc 00007F92ECB4C41Ch |
mov eax, dword ptr [edx+08h] |
add eax, dword ptr [edx+0Ch] |
cmp ecx, eax |
jc 00007F92ECB4C41Eh |
add edx, 28h |
cmp edx, esi |
jne 00007F92ECB4C3FCh |
xor eax, eax |
pop esi |
pop ebp |
ret |
mov eax, edx |
jmp 00007F92ECB4C40Bh |
push esi |
call 00007F92ECB4D034h |
test eax, eax |
je 00007F92ECB4C432h |
mov eax, dword ptr fs:[00000018h] |
mov esi, 0047B34Ch |
mov edx, dword ptr [eax+04h] |
jmp 00007F92ECB4C416h |
cmp edx, eax |
je 00007F92ECB4C422h |
xor eax, eax |
mov ecx, edx |
lock cmpxchg dword ptr [esi], ecx |
test eax, eax |
jne 00007F92ECB4C402h |
xor al, al |
pop esi |
ret |
mov al, 01h |
pop esi |
ret |
push ebp |
mov ebp, esp |
cmp dword ptr [ebp+08h], 00000000h |
jne 00007F92ECB4C419h |
mov byte ptr [0047B350h], 00000001h |
call 00007F92ECB4C6CAh |
call 00007F92ECB4F5E7h |
test al, al |
jne 00007F92ECB4C416h |
xor al, al |
pop ebp |
ret |
call 00007F92ECB58049h |
test al, al |
jne 00007F92ECB4C41Ch |
push 00000000h |
call 00007F92ECB4F5EEh |
pop ecx |
jmp 00007F92ECB4C3FBh |
mov al, 01h |
pop ebp |
ret |
push ebp |
mov ebp, esp |
cmp byte ptr [0047B351h], 00000000h |
je 00007F92ECB4C416h |
mov al, 01h |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x2c6c0 | 0x28 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x7c000 | 0x3d8 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x7d000 | 0x1ad4 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x2abc0 | 0x1c | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x2ab00 | 0x40 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x23000 | 0x12c | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x210f0 | 0x21200 | 957bcb00763b6762ded448431edb3bb1 | False | 0.5865713443396227 | data | 6.670169912190407 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x23000 | 0x9d78 | 0x9e00 | 16f1acc49cfaa93114ad2651fe1bc782 | False | 0.43517602848101267 | data | 4.959108885925861 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x2d000 | 0x4ef78 | 0x4e200 | f2d78f38e2bcb0a2c204cdbdca063f1f | False | 0.9899375 | DOS executable (block device driver \377\377\377\377,32-bit sector-support) | 7.99065530703881 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0x7c000 | 0x3d8 | 0x400 | 5584c2fd2a321b3ff4d89d84727643be | False | 0.4404296875 | data | 3.290569201128903 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x7d000 | 0x1ad4 | 0x1c00 | 16092792d232aa39e24b762c0f4a37ab | False | 0.7273995535714286 | data | 6.393192590005456 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_VERSION | 0x7c058 | 0x380 | data | English | United States | 0.46205357142857145 |
DLL | Import |
---|---|
KERNEL32.dll | AttachConsole, MultiByteToWideChar, GetStringTypeW, WideCharToMultiByte, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionEx, DeleteCriticalSection, EncodePointer, DecodePointer, LCMapStringEx, GetCPInfo, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, GetStartupInfoW, GetModuleHandleW, CreateFileW, RaiseException, RtlUnwind, GetLastError, SetLastError, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, GetProcAddress, LoadLibraryExW, GetStdHandle, WriteFile, GetModuleFileNameW, ExitProcess, GetModuleHandleExW, HeapAlloc, HeapFree, GetFileType, LCMapStringW, GetLocaleInfoW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, GetFileSizeEx, SetFilePointerEx, CloseHandle, FlushFileBuffers, GetConsoleOutputCP, GetConsoleMode, ReadFile, HeapReAlloc, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetACP, GetOEMCP, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetStdHandle, GetProcessHeap, ReadConsoleW, HeapSize, WriteConsoleW |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-07T18:46:07.015168+0200 | 2044243 | ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in | 1 | 192.168.2.5 | 49704 | 62.204.41.150 | 80 | TCP |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 7, 2024 18:46:02.671298981 CEST | 49674 | 443 | 192.168.2.5 | 23.1.237.91 |
Oct 7, 2024 18:46:02.671964884 CEST | 49675 | 443 | 192.168.2.5 | 23.1.237.91 |
Oct 7, 2024 18:46:02.765072107 CEST | 49673 | 443 | 192.168.2.5 | 23.1.237.91 |
Oct 7, 2024 18:46:05.663204908 CEST | 49704 | 80 | 192.168.2.5 | 62.204.41.150 |
Oct 7, 2024 18:46:05.668157101 CEST | 80 | 49704 | 62.204.41.150 | 192.168.2.5 |
Oct 7, 2024 18:46:05.668245077 CEST | 49704 | 80 | 192.168.2.5 | 62.204.41.150 |
Oct 7, 2024 18:46:05.668461084 CEST | 49704 | 80 | 192.168.2.5 | 62.204.41.150 |
Oct 7, 2024 18:46:05.673353910 CEST | 80 | 49704 | 62.204.41.150 | 192.168.2.5 |
Oct 7, 2024 18:46:06.424277067 CEST | 80 | 49704 | 62.204.41.150 | 192.168.2.5 |
Oct 7, 2024 18:46:06.424357891 CEST | 49704 | 80 | 192.168.2.5 | 62.204.41.150 |
Oct 7, 2024 18:46:06.468998909 CEST | 49704 | 80 | 192.168.2.5 | 62.204.41.150 |
Oct 7, 2024 18:46:06.473977089 CEST | 80 | 49704 | 62.204.41.150 | 192.168.2.5 |
Oct 7, 2024 18:46:07.014967918 CEST | 80 | 49704 | 62.204.41.150 | 192.168.2.5 |
Oct 7, 2024 18:46:07.015167952 CEST | 49704 | 80 | 192.168.2.5 | 62.204.41.150 |
Oct 7, 2024 18:46:08.990940094 CEST | 49704 | 80 | 192.168.2.5 | 62.204.41.150 |
Oct 7, 2024 18:46:12.280661106 CEST | 49674 | 443 | 192.168.2.5 | 23.1.237.91 |
Oct 7, 2024 18:46:12.280663967 CEST | 49675 | 443 | 192.168.2.5 | 23.1.237.91 |
Oct 7, 2024 18:46:12.374380112 CEST | 49673 | 443 | 192.168.2.5 | 23.1.237.91 |
Oct 7, 2024 18:46:14.199723959 CEST | 443 | 49703 | 23.1.237.91 | 192.168.2.5 |
Oct 7, 2024 18:46:14.199829102 CEST | 49703 | 443 | 192.168.2.5 | 23.1.237.91 |
Oct 7, 2024 18:46:19.231635094 CEST | 49712 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:19.231669903 CEST | 443 | 49712 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:19.231779099 CEST | 49712 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:19.232115984 CEST | 49712 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:19.232130051 CEST | 443 | 49712 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:19.671066999 CEST | 443 | 49712 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:19.672220945 CEST | 49713 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:19.672260046 CEST | 443 | 49713 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:19.672342062 CEST | 49713 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:19.672821999 CEST | 49713 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:19.672837019 CEST | 443 | 49713 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:20.319964886 CEST | 443 | 49713 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:20.320084095 CEST | 49713 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:20.327027082 CEST | 49713 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:20.327033997 CEST | 443 | 49713 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:20.327307940 CEST | 443 | 49713 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:20.337374926 CEST | 49713 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:20.383409977 CEST | 443 | 49713 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:20.431273937 CEST | 443 | 49713 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:20.431314945 CEST | 443 | 49713 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:20.431335926 CEST | 443 | 49713 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:20.431479931 CEST | 49713 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:20.431499958 CEST | 443 | 49713 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:20.431592941 CEST | 49713 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:20.514271975 CEST | 443 | 49713 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:20.514311075 CEST | 443 | 49713 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:20.514436007 CEST | 49713 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:20.514451027 CEST | 443 | 49713 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:20.514497042 CEST | 49713 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:20.516076088 CEST | 443 | 49713 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:20.516098976 CEST | 443 | 49713 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:20.516146898 CEST | 49713 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:20.516151905 CEST | 443 | 49713 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:20.516196012 CEST | 49713 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:20.596704960 CEST | 443 | 49713 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:20.596735954 CEST | 443 | 49713 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:20.596782923 CEST | 49713 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:20.596791029 CEST | 443 | 49713 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:20.596837997 CEST | 49713 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:20.597412109 CEST | 443 | 49713 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:20.597434998 CEST | 443 | 49713 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:20.597492933 CEST | 49713 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:20.597497940 CEST | 443 | 49713 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:20.597547054 CEST | 49713 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:20.598781109 CEST | 443 | 49713 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:20.598809004 CEST | 443 | 49713 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:20.598875046 CEST | 49713 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:20.598879099 CEST | 443 | 49713 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:20.598932981 CEST | 49713 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:20.599762917 CEST | 443 | 49713 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:20.599792957 CEST | 443 | 49713 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:20.599844933 CEST | 49713 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:20.599849939 CEST | 443 | 49713 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:20.599879980 CEST | 49713 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:20.599910021 CEST | 49713 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:20.679544926 CEST | 443 | 49713 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:20.679573059 CEST | 443 | 49713 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:20.679661989 CEST | 49713 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:20.679670095 CEST | 443 | 49713 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:20.679716110 CEST | 49713 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:20.680565119 CEST | 443 | 49713 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:20.680588961 CEST | 443 | 49713 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:20.680634022 CEST | 49713 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:20.680638075 CEST | 443 | 49713 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:20.680681944 CEST | 49713 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:20.681279898 CEST | 443 | 49713 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:20.681307077 CEST | 443 | 49713 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:20.681350946 CEST | 49713 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:20.681355000 CEST | 443 | 49713 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:20.681379080 CEST | 49713 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:20.681404114 CEST | 49713 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:20.682547092 CEST | 443 | 49713 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:20.682571888 CEST | 443 | 49713 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:20.682610989 CEST | 49713 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:20.682615042 CEST | 443 | 49713 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:20.682651043 CEST | 49713 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:20.682672024 CEST | 49713 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:20.683576107 CEST | 443 | 49713 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:20.683600903 CEST | 443 | 49713 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:20.683641911 CEST | 49713 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:20.683645964 CEST | 443 | 49713 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:20.683695078 CEST | 49713 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:20.684541941 CEST | 443 | 49713 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:20.684570074 CEST | 443 | 49713 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:20.684627056 CEST | 49713 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:20.684632063 CEST | 443 | 49713 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:20.684649944 CEST | 49713 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:20.684670925 CEST | 49713 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:20.685317993 CEST | 443 | 49713 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:20.685374022 CEST | 49713 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:20.685379982 CEST | 443 | 49713 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:20.685410023 CEST | 443 | 49713 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:20.685417891 CEST | 49713 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:20.685456038 CEST | 49713 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:20.685569048 CEST | 49713 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:20.685584068 CEST | 443 | 49713 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:20.685605049 CEST | 49713 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:20.685611010 CEST | 443 | 49713 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:20.728739023 CEST | 49715 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:20.728792906 CEST | 443 | 49715 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:20.728878975 CEST | 49715 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:20.730494976 CEST | 49716 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:20.730547905 CEST | 443 | 49716 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:20.730627060 CEST | 49716 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:20.730916023 CEST | 49715 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:20.730933905 CEST | 443 | 49715 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:20.731707096 CEST | 49716 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:20.731725931 CEST | 443 | 49716 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:20.732728004 CEST | 49717 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:20.732784986 CEST | 443 | 49717 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:20.732853889 CEST | 49717 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:20.732995033 CEST | 49717 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:20.733007908 CEST | 443 | 49717 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:20.734195948 CEST | 49718 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:20.734203100 CEST | 443 | 49718 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:20.734268904 CEST | 49718 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:20.735032082 CEST | 49719 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:20.735061884 CEST | 443 | 49719 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:20.735130072 CEST | 49719 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:20.735328913 CEST | 49719 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:20.735347986 CEST | 443 | 49719 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:20.735490084 CEST | 49718 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:20.735574961 CEST | 443 | 49718 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:21.393157959 CEST | 443 | 49718 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:21.393738031 CEST | 49718 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:21.393762112 CEST | 443 | 49718 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:21.394485950 CEST | 49718 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:21.394490957 CEST | 443 | 49718 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:21.394928932 CEST | 443 | 49715 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:21.395324945 CEST | 49715 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:21.395348072 CEST | 443 | 49715 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:21.395730972 CEST | 49715 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:21.395735979 CEST | 443 | 49715 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:21.403444052 CEST | 443 | 49717 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:21.403736115 CEST | 443 | 49719 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:21.403865099 CEST | 49717 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:21.403882980 CEST | 443 | 49717 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:21.404316902 CEST | 49719 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:21.404347897 CEST | 443 | 49719 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:21.404364109 CEST | 49717 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:21.404369116 CEST | 443 | 49717 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:21.404717922 CEST | 49719 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:21.404723883 CEST | 443 | 49719 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:21.413206100 CEST | 443 | 49716 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:21.413794041 CEST | 49716 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:21.413809061 CEST | 443 | 49716 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:21.414207935 CEST | 49716 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:21.414212942 CEST | 443 | 49716 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:21.489833117 CEST | 443 | 49718 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:21.489907026 CEST | 443 | 49718 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:21.489989996 CEST | 49718 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:21.490021944 CEST | 443 | 49718 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:21.490048885 CEST | 443 | 49718 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:21.490062952 CEST | 49718 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:21.490097046 CEST | 49718 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:21.490351915 CEST | 49718 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:21.490351915 CEST | 49718 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:21.490370989 CEST | 443 | 49718 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:21.490380049 CEST | 443 | 49718 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:21.493264914 CEST | 49722 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:21.493314028 CEST | 443 | 49722 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:21.493439913 CEST | 49722 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:21.493485928 CEST | 443 | 49715 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:21.493546963 CEST | 443 | 49715 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:21.493601084 CEST | 49715 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:21.493618011 CEST | 443 | 49715 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:21.493676901 CEST | 49715 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:21.493680000 CEST | 443 | 49715 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:21.493715048 CEST | 49715 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:21.493732929 CEST | 443 | 49715 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:21.493747950 CEST | 49715 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:21.493755102 CEST | 443 | 49715 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:21.493765116 CEST | 49715 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:21.493767977 CEST | 443 | 49715 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:21.493911982 CEST | 49722 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:21.493930101 CEST | 443 | 49722 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:21.496191025 CEST | 49723 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:21.496243954 CEST | 443 | 49723 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:21.496310949 CEST | 49723 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:21.496465921 CEST | 49723 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:21.496479988 CEST | 443 | 49723 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:21.503377914 CEST | 443 | 49717 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:21.503421068 CEST | 443 | 49717 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:21.503478050 CEST | 49717 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:21.503501892 CEST | 443 | 49717 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:21.503654957 CEST | 443 | 49717 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:21.503712893 CEST | 49717 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:21.503712893 CEST | 49717 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:21.503712893 CEST | 49717 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:21.503732920 CEST | 443 | 49717 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:21.504252911 CEST | 443 | 49719 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:21.504317999 CEST | 443 | 49719 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:21.504373074 CEST | 49719 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:21.504488945 CEST | 49719 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:21.504504919 CEST | 443 | 49719 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:21.504515886 CEST | 49719 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:21.504522085 CEST | 443 | 49719 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:21.506424904 CEST | 49724 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:21.506527901 CEST | 443 | 49724 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:21.506609917 CEST | 49724 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:21.506772995 CEST | 49724 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:21.506808996 CEST | 443 | 49724 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:21.507535934 CEST | 49725 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:21.507566929 CEST | 443 | 49725 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:21.507635117 CEST | 49725 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:21.508223057 CEST | 49725 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:21.508239985 CEST | 443 | 49725 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:21.512991905 CEST | 443 | 49716 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:21.513052940 CEST | 443 | 49716 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:21.513093948 CEST | 49716 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:21.513251066 CEST | 49716 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:21.513256073 CEST | 443 | 49716 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:21.513289928 CEST | 49716 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:21.513294935 CEST | 443 | 49716 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:21.516086102 CEST | 49726 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:21.516107082 CEST | 443 | 49726 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:21.516206980 CEST | 49726 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:21.516483068 CEST | 49726 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:21.516496897 CEST | 443 | 49726 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:21.811876059 CEST | 49717 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:21.811938047 CEST | 443 | 49717 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:22.235595942 CEST | 443 | 49723 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:22.236143112 CEST | 49723 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:22.236171961 CEST | 443 | 49723 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:22.236761093 CEST | 49723 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:22.236767054 CEST | 443 | 49723 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:22.243766069 CEST | 443 | 49724 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:22.244230032 CEST | 49724 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:22.244271994 CEST | 443 | 49724 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:22.244776964 CEST | 49724 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:22.244785070 CEST | 443 | 49724 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:22.253072023 CEST | 443 | 49722 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:22.253448009 CEST | 49722 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:22.253475904 CEST | 443 | 49722 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:22.253626108 CEST | 443 | 49725 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:22.253902912 CEST | 49722 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:22.253909111 CEST | 443 | 49722 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:22.254200935 CEST | 49725 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:22.254223108 CEST | 443 | 49725 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:22.254606962 CEST | 49725 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:22.254611969 CEST | 443 | 49725 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:22.269685030 CEST | 443 | 49726 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:22.279567003 CEST | 49726 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:22.279582024 CEST | 443 | 49726 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:22.281666040 CEST | 49726 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:22.281676054 CEST | 443 | 49726 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:22.330780983 CEST | 443 | 49723 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:22.330854893 CEST | 443 | 49723 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:22.330914021 CEST | 49723 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:22.331154108 CEST | 49723 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:22.331173897 CEST | 443 | 49723 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:22.331182957 CEST | 49723 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:22.331187963 CEST | 443 | 49723 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:22.334461927 CEST | 49727 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:22.334518909 CEST | 443 | 49727 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:22.334578037 CEST | 49727 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:22.334732056 CEST | 49727 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:22.334744930 CEST | 443 | 49727 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:22.343813896 CEST | 443 | 49724 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:22.343871117 CEST | 443 | 49724 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:22.343920946 CEST | 49724 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:22.344088078 CEST | 49724 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:22.344098091 CEST | 443 | 49724 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:22.344110966 CEST | 49724 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:22.344116926 CEST | 443 | 49724 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:22.346887112 CEST | 49728 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:22.346913099 CEST | 443 | 49728 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:22.346971989 CEST | 49728 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:22.347126961 CEST | 49728 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:22.347136974 CEST | 443 | 49728 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:22.355053902 CEST | 443 | 49722 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:22.355107069 CEST | 443 | 49722 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:22.355143070 CEST | 49722 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:22.355355978 CEST | 49722 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:22.355372906 CEST | 443 | 49722 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:22.355381012 CEST | 443 | 49725 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:22.355396986 CEST | 49722 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:22.355401993 CEST | 443 | 49722 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:22.355448961 CEST | 443 | 49725 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:22.355518103 CEST | 49725 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:22.355631113 CEST | 49725 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:22.355643988 CEST | 443 | 49725 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:22.356218100 CEST | 49725 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:22.356224060 CEST | 443 | 49725 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:22.358305931 CEST | 49729 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:22.358324051 CEST | 443 | 49729 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:22.358386040 CEST | 49729 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:22.358500957 CEST | 49729 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:22.358510971 CEST | 443 | 49729 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:22.359116077 CEST | 49730 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:22.359122038 CEST | 443 | 49730 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:22.359170914 CEST | 49730 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:22.359484911 CEST | 49730 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:22.359496117 CEST | 443 | 49730 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:22.420299053 CEST | 443 | 49726 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:22.420367956 CEST | 443 | 49726 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:22.420522928 CEST | 49726 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:22.421571016 CEST | 49726 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:22.421571016 CEST | 49726 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:22.421591997 CEST | 443 | 49726 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:22.421605110 CEST | 443 | 49726 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:22.424351931 CEST | 49731 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:22.424396038 CEST | 443 | 49731 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:22.424488068 CEST | 49731 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:22.425050020 CEST | 49731 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:22.425062895 CEST | 443 | 49731 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:23.016484976 CEST | 443 | 49730 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:23.016555071 CEST | 443 | 49727 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:23.020175934 CEST | 443 | 49729 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:23.024564028 CEST | 49730 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:23.024609089 CEST | 443 | 49730 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:23.025235891 CEST | 49730 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:23.025253057 CEST | 443 | 49730 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:23.025753975 CEST | 49727 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:23.025842905 CEST | 443 | 49727 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:23.026199102 CEST | 49727 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:23.026213884 CEST | 443 | 49727 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:23.026581049 CEST | 49729 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:23.026607037 CEST | 443 | 49729 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:23.027123928 CEST | 49729 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:23.027137041 CEST | 443 | 49729 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:23.423744917 CEST | 443 | 49728 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:23.425277948 CEST | 49728 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:23.425277948 CEST | 49728 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:23.425316095 CEST | 443 | 49728 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:23.425326109 CEST | 443 | 49728 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:23.435302019 CEST | 443 | 49731 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:23.435853958 CEST | 49731 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:23.435878992 CEST | 443 | 49731 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:23.436463118 CEST | 49731 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:23.436471939 CEST | 443 | 49731 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:23.566500902 CEST | 443 | 49727 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:23.566564083 CEST | 443 | 49727 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:23.566625118 CEST | 49727 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:23.566909075 CEST | 49727 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:23.566947937 CEST | 443 | 49727 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:23.566976070 CEST | 49727 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:23.566991091 CEST | 443 | 49727 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:23.567739010 CEST | 443 | 49729 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:23.567816973 CEST | 443 | 49729 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:23.567862034 CEST | 49729 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:23.568094015 CEST | 49729 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:23.568106890 CEST | 443 | 49729 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:23.568116903 CEST | 49729 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:23.568123102 CEST | 443 | 49729 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:23.570571899 CEST | 49733 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:23.570596933 CEST | 443 | 49733 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:23.570759058 CEST | 49733 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:23.570981979 CEST | 49733 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:23.570995092 CEST | 443 | 49733 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:23.571192026 CEST | 49734 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:23.571202040 CEST | 443 | 49734 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:23.571271896 CEST | 49734 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:23.571417093 CEST | 49734 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:23.571425915 CEST | 443 | 49734 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:23.580358982 CEST | 443 | 49730 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:23.580424070 CEST | 443 | 49730 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:23.580471992 CEST | 49730 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:23.580746889 CEST | 49730 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:23.580756903 CEST | 443 | 49730 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:23.580773115 CEST | 49730 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:23.580777884 CEST | 443 | 49730 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:23.583758116 CEST | 49735 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:23.583821058 CEST | 443 | 49735 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:23.583895922 CEST | 49735 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:23.584096909 CEST | 49735 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:23.584125042 CEST | 443 | 49735 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:23.586873055 CEST | 443 | 49731 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:23.586926937 CEST | 443 | 49731 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:23.586968899 CEST | 49731 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:23.587105989 CEST | 49731 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:23.587121964 CEST | 443 | 49731 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:23.587132931 CEST | 49731 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:23.587140083 CEST | 443 | 49731 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:23.589807034 CEST | 49736 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:23.589829922 CEST | 443 | 49736 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:23.589901924 CEST | 49736 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:23.590050936 CEST | 49736 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:23.590065002 CEST | 443 | 49736 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:23.592736006 CEST | 443 | 49728 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:23.592788935 CEST | 443 | 49728 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:23.592830896 CEST | 49728 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:23.592981100 CEST | 49728 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:23.592993975 CEST | 443 | 49728 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:23.593005896 CEST | 49728 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:23.593014002 CEST | 443 | 49728 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:23.597059011 CEST | 49737 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:23.597083092 CEST | 443 | 49737 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:23.597138882 CEST | 49737 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:23.597321033 CEST | 49737 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:23.597332001 CEST | 443 | 49737 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:23.684663057 CEST | 443 | 49733 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:23.685039997 CEST | 49738 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:23.685070992 CEST | 443 | 49738 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:23.685137033 CEST | 49738 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:23.685574055 CEST | 49738 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:23.685584068 CEST | 443 | 49738 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:23.686362028 CEST | 443 | 49734 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:23.686614037 CEST | 49739 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:23.686639071 CEST | 443 | 49739 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:23.686698914 CEST | 49739 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:23.686835051 CEST | 49739 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:23.686847925 CEST | 443 | 49739 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:23.688033104 CEST | 443 | 49735 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:23.688234091 CEST | 49740 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:23.688266993 CEST | 443 | 49740 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:23.688321114 CEST | 49740 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:23.688524961 CEST | 49740 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:23.688539028 CEST | 443 | 49740 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:23.689304113 CEST | 443 | 49736 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:23.689486980 CEST | 49741 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:23.689512968 CEST | 443 | 49741 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:23.689564943 CEST | 49741 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:23.689666033 CEST | 49741 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:23.689678907 CEST | 443 | 49741 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:23.689965963 CEST | 443 | 49737 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:23.690121889 CEST | 49742 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:23.690130949 CEST | 443 | 49742 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:23.690179110 CEST | 49742 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:23.690308094 CEST | 49742 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:23.690316916 CEST | 443 | 49742 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:23.701337099 CEST | 443 | 49738 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:23.702164888 CEST | 443 | 49739 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:23.703905106 CEST | 49743 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:23.703946114 CEST | 443 | 49743 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:23.704027891 CEST | 49743 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:23.704931974 CEST | 49744 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:23.704962015 CEST | 443 | 49744 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:23.705061913 CEST | 49744 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:23.705112934 CEST | 49743 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:23.705132961 CEST | 443 | 49743 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:23.705338001 CEST | 49744 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:23.705357075 CEST | 443 | 49744 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:23.706461906 CEST | 443 | 49742 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:23.708029032 CEST | 49745 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:23.708125114 CEST | 443 | 49745 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:23.708208084 CEST | 49745 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:23.708338022 CEST | 49745 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:23.708374023 CEST | 443 | 49745 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:23.723351002 CEST | 443 | 49744 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:23.723583937 CEST | 49746 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:23.723609924 CEST | 443 | 49746 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:23.723674059 CEST | 49746 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:23.723721027 CEST | 443 | 49741 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:23.723777056 CEST | 49741 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:23.723917961 CEST | 49746 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:23.723942995 CEST | 443 | 49746 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:23.723948002 CEST | 49741 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:23.723964930 CEST | 443 | 49741 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:23.725573063 CEST | 49747 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:23.725608110 CEST | 443 | 49747 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:23.725683928 CEST | 49747 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:23.725964069 CEST | 49747 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:23.725975990 CEST | 443 | 49747 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:23.726725101 CEST | 443 | 49745 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:23.726893902 CEST | 49748 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:23.726927996 CEST | 443 | 49748 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:23.726982117 CEST | 49748 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:23.727076054 CEST | 49748 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:23.727089882 CEST | 443 | 49748 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:23.732773066 CEST | 443 | 49743 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:23.732851982 CEST | 49743 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:23.732882977 CEST | 49743 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:23.732896090 CEST | 443 | 49743 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:23.733040094 CEST | 49749 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:23.733077049 CEST | 443 | 49749 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:23.733122110 CEST | 49749 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:23.733261108 CEST | 49749 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:23.733278036 CEST | 443 | 49749 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:23.738272905 CEST | 443 | 49747 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:23.738570929 CEST | 49750 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:23.738605976 CEST | 443 | 49750 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:23.738665104 CEST | 49750 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:23.738975048 CEST | 49750 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:23.738991976 CEST | 443 | 49750 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:23.739659071 CEST | 443 | 49748 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:23.741708994 CEST | 49751 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:23.741719007 CEST | 443 | 49751 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:23.741789103 CEST | 49751 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:23.741965055 CEST | 49751 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:23.741976976 CEST | 443 | 49751 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:23.750180006 CEST | 443 | 49749 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:23.752835989 CEST | 443 | 49750 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:23.755099058 CEST | 443 | 49751 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:23.755333900 CEST | 49752 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:23.755348921 CEST | 443 | 49752 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:23.755415916 CEST | 49752 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:23.755815029 CEST | 49752 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:23.755827904 CEST | 443 | 49752 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:24.476762056 CEST | 443 | 49740 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:24.476861000 CEST | 49740 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:24.478132963 CEST | 49740 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:24.478142977 CEST | 443 | 49740 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:24.478368044 CEST | 443 | 49740 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:24.479155064 CEST | 49740 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:24.503094912 CEST | 443 | 49752 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:24.503170967 CEST | 49752 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:24.504473925 CEST | 49752 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:24.504486084 CEST | 443 | 49752 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:24.504745007 CEST | 443 | 49752 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:24.505143881 CEST | 443 | 49746 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:24.505227089 CEST | 49746 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:24.505873919 CEST | 49752 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:24.506270885 CEST | 49746 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:24.506298065 CEST | 443 | 49746 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:24.506593943 CEST | 443 | 49746 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:24.507631063 CEST | 49746 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:24.523401976 CEST | 443 | 49740 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:24.551410913 CEST | 443 | 49752 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:24.551443100 CEST | 443 | 49746 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:24.595247030 CEST | 443 | 49740 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:24.595314980 CEST | 443 | 49740 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:24.595407009 CEST | 49740 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:24.595583916 CEST | 49740 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:24.595606089 CEST | 443 | 49740 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:24.595618010 CEST | 49740 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:24.595623016 CEST | 443 | 49740 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:24.630413055 CEST | 443 | 49752 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:24.630479097 CEST | 443 | 49752 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:24.630620003 CEST | 49752 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:24.630796909 CEST | 49752 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:24.630816936 CEST | 443 | 49752 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:24.630852938 CEST | 49752 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:24.630860090 CEST | 443 | 49752 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:24.630914927 CEST | 443 | 49746 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:24.630980968 CEST | 443 | 49746 | 13.107.246.64 | 192.168.2.5 |
Oct 7, 2024 18:46:24.633260012 CEST | 49746 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:24.633260012 CEST | 49746 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:24.633260012 CEST | 49746 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:24.933927059 CEST | 49746 | 443 | 192.168.2.5 | 13.107.246.64 |
Oct 7, 2024 18:46:24.934021950 CEST | 443 | 49746 | 13.107.246.64 | 192.168.2.5 |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Oct 7, 2024 18:46:08.986644983 CEST | 1.1.1.1 | 192.168.2.5 | 0x198 | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false | ||
Oct 7, 2024 18:46:08.986644983 CEST | 1.1.1.1 | 192.168.2.5 | 0x198 | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false | ||
Oct 7, 2024 18:46:09.614890099 CEST | 1.1.1.1 | 192.168.2.5 | 0x9d35 | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Oct 7, 2024 18:46:09.614890099 CEST | 1.1.1.1 | 192.168.2.5 | 0x9d35 | No error (0) | 192.229.221.95 | A (IP address) | IN (0x0001) | false | ||
Oct 7, 2024 18:46:19.230451107 CEST | 1.1.1.1 | 192.168.2.5 | 0xb329 | No error (0) | s-part-0036.t-0009.t-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Oct 7, 2024 18:46:19.230451107 CEST | 1.1.1.1 | 192.168.2.5 | 0xb329 | No error (0) | 13.107.246.64 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.5 | 49704 | 62.204.41.150 | 80 | 4616 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 7, 2024 18:46:05.668461084 CEST | 88 | OUT | |
Oct 7, 2024 18:46:06.424277067 CEST | 203 | IN | |
Oct 7, 2024 18:46:06.468998909 CEST | 419 | OUT | |
Oct 7, 2024 18:46:07.014967918 CEST | 210 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 12:46:04 |
Start date: | 07/10/2024 |
Path: | C:\Users\user\Desktop\1f13Cs1ogc.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xfe0000 |
File size: | 505'344 bytes |
MD5 hash: | BE961E1299E54C9A50C773DB0DC3696C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 1 |
Start time: | 12:46:04 |
Start date: | 07/10/2024 |
Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0xd0000 |
File size: | 262'432 bytes |
MD5 hash: | 8FDF47E0FF70C40ED3A17014AEEA4232 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 2 |
Start time: | 12:46:04 |
Start date: | 07/10/2024 |
Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x4d0000 |
File size: | 262'432 bytes |
MD5 hash: | 8FDF47E0FF70C40ED3A17014AEEA4232 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 3 |
Start time: | 12:46:04 |
Start date: | 07/10/2024 |
Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x7d0000 |
File size: | 262'432 bytes |
MD5 hash: | 8FDF47E0FF70C40ED3A17014AEEA4232 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
Has exited: | true |
Target ID: | 7 |
Start time: | 12:46:05 |
Start date: | 07/10/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x80000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Execution Graph
Execution Coverage: | 1.3% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 7.1% |
Total number of Nodes: | 197 |
Total number of Limit Nodes: | 4 |
Graph
Function 00FE2021 Relevance: 7.6, APIs: 1, Strings: 3, Instructions: 631memoryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00FF8E2E Relevance: 4.7, APIs: 3, Instructions: 202COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00FFA3A6 Relevance: 3.2, APIs: 2, Instructions: 177COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00FF9FAA Relevance: 1.6, APIs: 1, Instructions: 147COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0103094F Relevance: 19.6, Strings: 11, Instructions: 5885COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00FFD39B Relevance: 10.2, APIs: 1, Strings: 4, Instructions: 1436COMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00FFC814 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00FFC085 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 251COMMONLIBRARYCODE
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00FE7922 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00FFC498 Relevance: 4.7, APIs: 3, Instructions: 205COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00FE729C Relevance: 1.7, APIs: 1, Instructions: 242COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00FF9ABF Relevance: 1.6, APIs: 1, Instructions: 108COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00FFC6EB Relevance: 1.6, APIs: 1, Instructions: 83COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00FFC91A Relevance: 1.5, APIs: 1, Instructions: 45COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00FE7AAF Relevance: 1.5, APIs: 1, Instructions: 3COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00FE1D79 Relevance: 1.4, Strings: 1, Instructions: 156COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00FFCC4B Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00FFBB36 Relevance: .3, Instructions: 327COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00FFA64C Relevance: .0, Instructions: 22COMMONLIBRARYCODE
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 01026628 Relevance: .0, Instructions: 15COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00FE2003 Relevance: .0, Instructions: 12COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00FF0F2E Relevance: .0, Instructions: 12COMMONLIBRARYCODE
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00FEA5C8 Relevance: 10.8, APIs: 3, Strings: 3, Instructions: 303COMMONLIBRARYCODE
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00FF5F4A Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00FFF356 Relevance: 9.3, APIs: 6, Instructions: 298COMMON
Control-flow Graph
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00FE53B1 Relevance: 9.1, APIs: 6, Instructions: 65COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00FF0F50 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00FE4436 Relevance: 7.5, APIs: 5, Instructions: 48COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00FE3DB1 Relevance: 7.5, APIs: 5, Instructions: 48COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00FE4308 Relevance: 7.5, APIs: 5, Instructions: 47COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00FEB3A2 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00FEA96D Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Execution Graph
Execution Coverage: | 13.4% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 0.6% |
Total number of Nodes: | 1529 |
Total number of Limit Nodes: | 3 |
Graph
Function 004045C0 Relevance: 112.1, APIs: 34, Strings: 30, Instructions: 114stringmemoryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00406280 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 191networkfileCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00417850 Relevance: 1.5, APIs: 1, Instructions: 36COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00401160 Relevance: 1.5, APIs: 1, Instructions: 15COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00419C10 Relevance: 18.2, APIs: 8, Strings: 2, Instructions: 684libraryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00404880 Relevance: 11.0, APIs: 1, Strings: 5, Instructions: 479networkCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 004047B0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 60networkCOMMON
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00419860 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 212libraryCOMMON
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 004117A0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 160stringCOMMON
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 004169F0 Relevance: 1.6, APIs: 1, Instructions: 94COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 004178E0 Relevance: 1.5, APIs: 1, Instructions: 40COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00401110 Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 004010A0 Relevance: 1.3, APIs: 1, Instructions: 41memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00410250 Relevance: 26.6, APIs: 3, Strings: 12, Instructions: 363stringCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00410A60 Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 205stringprocesssynchronizationCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 004152C0 Relevance: 9.1, APIs: 1, Strings: 5, Instructions: 138stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00416F00 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 156stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|