Edit tour
Windows
Analysis Report
SecuriteInfo.com.Trojan.DownLoader47.43340.27469.30352.exe
Overview
General Information
| Sample name: | SecuriteInfo.com.Trojan.DownLoader47.43340.27469.30352.exe |
| Analysis ID: | 1528588 |
| MD5: | 7da5b29a33cdab4e5a1dca996ec33a21 |
| SHA1: | e28103e84901cfe9c3dd58c8d3583ae6031d9fa2 |
| SHA256: | e9f7a54574090f114cbbaa06baba2912e0c61d2ade171ab0fc076ed1c785217c |
| Tags: | exe |
| Infos: |   |
 | |
Detection
LummaC
| Score: | 100 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Found malware configuration
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Injects a PE file into a foreign processes
LummaC encrypted strings found
Machine Learning detection for sample
Sample uses string decryption to hide its real strings
Sigma detected: Silenttrinity Stager Msbuild Activity
Tries to resolve many domain names, but no domain seems valid
Writes to foreign memory regions
AV process strings found (often used to terminate AV products)
Checks if the current process is being debugged
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected non-DNS traffic on DNS port
Detected potential crypto function
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Classification
- System is w10x64
SecuriteInfo.com.Trojan.DownLoader47.43340.27469.30352.exe (PID: 6432 cmdline: "C:\Users\ user\Deskt op\Securit eInfo.com. Trojan.Dow nLoader47. 43340.2746 9.30352.ex e" MD5: 7DA5B29A33CDAB4E5A1DCA996EC33A21) 
MSBuild.exe (PID: 6580 cmdline: "C:\Window s\Microsof t.NET\Fram ework\v4.0 .30319\MSB uild.exe" MD5: 8FDF47E0FF70C40ED3A17014AEEA4232) - MSBuild.exe (PID: 6396 cmdline:
"C:\Window s\Microsof t.NET\Fram ework\v4.0 .30319\MSB uild.exe" MD5: 8FDF47E0FF70C40ED3A17014AEEA4232) 
WerFault.exe (PID: 3916 cmdline: C:\Windows \SysWOW64\ WerFault.e xe -u -p 6 432 -s 272 MD5: C31336C1EFC2CCB44B4326EA793040F2)
- cleanup
| Name | Description | Attribution | Blogpost URLs | Link |
|---|---|---|---|---|
| Lumma Stealer, LummaC2 Stealer | Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell. | No Attribution |
{"C2 url": ["mobbipenju.stor", "studennotediw.stor", "trustterwowqm.shop", "spirittunek.stor", "clearancek.site", "dissapoiznw.stor", "eaglepawnoy.stor", "bathdoomgaz.stor", "licendfilteo.site"], "Build id": "tLYMe5--deli333"}| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_LummaCStealer_2 | Yara detected LummaC Stealer | Joe Security |
System Summary |   |
|---|
| Source: | Author: Kiran kumar s, oscd.community: | ||
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-10-08T03:24:09.977390+0200 | 2054653 | 1 | A Network Trojan was detected | 192.168.2.9 | 49709 | 172.67.206.204 | 443 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-10-08T03:24:09.977390+0200 | 2049836 | 1 | A Network Trojan was detected | 192.168.2.9 | 49709 | 172.67.206.204 | 443 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-10-08T03:24:07.197543+0200 | 2056477 | 1 | Domain Observed Used for C2 Detected | 192.168.2.9 | 64771 | 1.1.1.1 | 53 | UDP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-10-08T03:24:07.245457+0200 | 2056471 | 1 | Domain Observed Used for C2 Detected | 192.168.2.9 | 64724 | 1.1.1.1 | 53 | UDP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-10-08T03:24:07.167904+0200 | 2056481 | 1 | Domain Observed Used for C2 Detected | 192.168.2.9 | 52751 | 1.1.1.1 | 53 | UDP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-10-08T03:24:07.157244+0200 | 2056483 | 1 | Domain Observed Used for C2 Detected | 192.168.2.9 | 56643 | 1.1.1.1 | 53 | UDP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-10-08T03:24:07.229782+0200 | 2056473 | 1 | Domain Observed Used for C2 Detected | 192.168.2.9 | 60561 | 1.1.1.1 | 53 | UDP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-10-08T03:24:07.144800+0200 | 2056485 | 1 | Domain Observed Used for C2 Detected | 192.168.2.9 | 50328 | 1.1.1.1 | 53 | UDP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-10-08T03:24:07.212175+0200 | 2056475 | 1 | Domain Observed Used for C2 Detected | 192.168.2.9 | 50182 | 1.1.1.1 | 53 | UDP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-10-08T03:24:07.181487+0200 | 2056479 | 1 | Domain Observed Used for C2 Detected | 192.168.2.9 | 62124 | 1.1.1.1 | 53 | UDP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-10-08T03:24:07.131654+0200 | 2056174 | 1 | Domain Observed Used for C2 Detected | 192.168.2.9 | 54523 | 1.1.1.1 | 53 | UDP |
Click to jump to signature section
Show All Signature Results
AV Detection | |
|---|
| Source: | Avira: | ||
| Source: | URL Reputation: | ||
| Source: | URL Reputation: | ||
| Source: | Malware Configuration Extractor: | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | ReversingLabs: | |||
| Source: | Virustotal: | Perma Link | ||
| Source: | Integrated Neural Analysis Model: | ||
| Source: | Joe Sandbox ML: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | Static PE information: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 0_2_00E49ABF | |
| Source: | Code function: | 0_2_00EA604C | |
| Source: | Code function: | 0_2_00E8C198 | |
| Source: | Code function: | 0_2_00EA6140 | |
| Source: | Code function: | 0_2_00E8E2E8 | |
| Source: | Code function: | 0_2_00EA22A8 | |
| Source: | Code function: | 0_2_00E6A268 | |
| Source: | Code function: | 0_2_00E88278 | |
| Source: | Code function: | 0_2_00E8C224 | |
| Source: | Code function: | 0_2_00E5E3F7 | |
| Source: | Code function: | 0_2_00E6E3F3 | |
| Source: | Code function: | 0_2_00E8C3AC | |
| Source: | Code function: | 0_2_00E8E388 | |
| Source: | Code function: | 0_2_00EA6343 | |
| Source: | Code function: | 0_2_00E8A438 | |
| Source: | Code function: | 0_2_00E8A438 | |
| Source: | Code function: | 0_2_00E86410 | |
| Source: | Code function: | 0_2_00E605B8 | |
| Source: | Code function: | 0_2_00E8C568 | |
| Source: | Code function: | 0_2_00E866E6 | |
| Source: | Code function: | 0_2_00EA47F8 | |
| Source: | Code function: | 0_2_00E9074E | |
| Source: | Code function: | 0_2_00E72702 | |
| Source: | Code function: | 0_2_00E6C81B | |
| Source: | Code function: | 0_2_00EA49F8 | |
| Source: | Code function: | 0_2_00E78948 | |
| Source: | Code function: | 0_2_00E6C938 | |
| Source: | Code function: | 0_2_00E90AD4 | |
| Source: | Code function: | 0_2_00E90AD4 | |
| Source: | Code function: | 0_2_00E90AD4 | |
| Source: | Code function: | 0_2_00E8ABBB | |
| Source: | Code function: | 0_2_00EA6B98 | |
| Source: | Code function: | 0_2_00EA6B98 | |
| Source: | Code function: | 0_2_00E7CB98 | |
| Source: | Code function: | 0_2_00E98B78 | |
| Source: | Code function: | 0_2_00E62B08 | |
| Source: | Code function: | 0_2_00E9EC08 | |
| Source: | Code function: | 0_2_00EA0C08 | |
| Source: | Code function: | 0_2_00E72D4B | |
| Source: | Code function: | 0_2_00EA6D28 | |
| Source: | Code function: | 0_2_00EA6D28 | |
| Source: | Code function: | 0_2_00EA6EA8 | |
| Source: | Code function: | 0_2_00EA6EA8 | |
| Source: | Code function: | 0_2_00EA6FD8 | |
| Source: | Code function: | 0_2_00E7EF70 | |
| Source: | Code function: | 0_2_00E7AF2D | |
| Source: | Code function: | 0_2_00EA1048 | |
| Source: | Code function: | 0_2_00E8B175 | |
| Source: | Code function: | 0_2_00E85108 | |
| Source: | Code function: | 0_2_00EA5288 | |
| Source: | Code function: | 0_2_00E7338E | |
| Source: | Code function: | 0_2_00E85368 | |
| Source: | Code function: | 0_2_00E91327 | |
| Source: | Code function: | 0_2_00E91327 | |
| Source: | Code function: | 0_2_00E91327 | |
| Source: | Code function: | 0_2_00EA74F8 | |
| Source: | Code function: | 0_2_00E734A4 | |
| Source: | Code function: | 0_2_00E9143A | |
| Source: | Code function: | 0_2_00E9143A | |
| Source: | Code function: | 0_2_00EA36EE | |
| Source: | Code function: | 0_2_00EA3642 | |
| Source: | Code function: | 0_2_00E7165F | |
| Source: | Code function: | 0_2_00EA1798 | |
| Source: | Code function: | 0_2_00E8D75B | |
| Source: | Code function: | 0_2_00EA38E2 | |
| Source: | Code function: | 0_2_00E918D8 | |
| Source: | Code function: | 0_2_00E71920 | |
| Source: | Code function: | 0_2_00E7FAE2 | |
| Source: | Code function: | 0_2_00E69AE8 | |
| Source: | Code function: | 0_2_00E6FA44 | |
| Source: | Code function: | 0_2_00E61A58 | |
| Source: | Code function: | 0_2_00EA3A08 | |
| Source: | Code function: | 0_2_00E69BF8 | |
| Source: | Code function: | 0_2_00E6BB58 | |
| Source: | Code function: | 0_2_00E6FCD4 | |
| Source: | Code function: | 0_2_00E6BCB9 | |
| Source: | Code function: | 0_2_00EA5EE8 | |
| Source: | Code function: | 0_2_00E85EC3 | |
| Source: | Code function: | 0_2_00E91FF9 | |
| Source: | Code function: | 0_2_00EA3F68 | |
| Source: | Code function: | 3_2_0040D390 | |
| Source: | Code function: | 3_2_0044676A | |
| Source: | Code function: | 3_2_00446A0A | |
| Source: | Code function: | 3_2_00447082 | |
| Source: | Code function: | 3_2_00444170 | |
| Source: | Code function: | 3_2_0044A100 | |
| Source: | Code function: | 3_2_00435121 | |
| Source: | Code function: | 3_2_004491F0 | |
| Source: | Code function: | 3_2_004491F0 | |
| Source: | Code function: | 3_2_00428230 | |
| Source: | Code function: | 3_2_0042F2C0 | |
| Source: | Code function: | 3_2_004453D0 | |
| Source: | Code function: | 3_2_0042B3A0 | |
| Source: | Code function: | 3_2_004483B0 | |
| Source: | Code function: | 3_2_0042F46A | |
| Source: | Code function: | 3_2_00431410 | |
| Source: | Code function: | 3_2_0042F4D4 | |
| Source: | Code function: | 3_2_00428490 | |
| Source: | Code function: | 3_2_004314B0 | |
| Source: | Code function: | 3_2_0042D560 | |
| Source: | Code function: | 3_2_0042D560 | |
| Source: | Code function: | 3_2_0043456A | |
| Source: | Code function: | 3_2_0043456A | |
| Source: | Code function: | 3_2_0041151B | |
| Source: | Code function: | 3_2_0040151F | |
| Source: | Code function: | 3_2_004165CC | |
| Source: | Code function: | 3_2_0044A620 | |
| Source: | Code function: | 3_2_0041463D | |
| Source: | Code function: | 3_2_0041463D | |
| Source: | Code function: | 3_2_004036E0 | |
| Source: | Code function: | 3_2_0042F690 | |
| Source: | Code function: | 3_2_0043387B | |
| Source: | Code function: | 3_2_00446816 | |
| Source: | Code function: | 3_2_0041582B | |
| Source: | Code function: | 3_2_004448C0 | |
| Source: | Code function: | 3_2_00430883 | |
| Source: | Code function: | 3_2_0040F943 | |
| Source: | Code function: | 3_2_00447920 | |
| Source: | Code function: | 3_2_0042D9A0 | |
| Source: | Code function: | 3_2_0040FA60 | |
| Source: | Code function: | 3_2_0041BA70 | |
| Source: | Code function: | 3_2_00434A00 | |
| Source: | Code function: | 3_2_0042DB64 | |
| Source: | Code function: | 3_2_00412B6C | |
| Source: | Code function: | 3_2_00421B20 | |
| Source: | Code function: | 3_2_00447B20 | |
| Source: | Code function: | 3_2_00446B30 | |
| Source: | Code function: | 3_2_00433BD3 | |
| Source: | Code function: | 3_2_00433BD3 | |
| Source: | Code function: | 3_2_00433BD3 | |
| Source: | Code function: | 3_2_00422BEF | |
| Source: | Code function: | 3_2_00404B80 | |
| Source: | Code function: | 3_2_0040CC10 | |
| Source: | Code function: | 3_2_00405C30 | |
| Source: | Code function: | 3_2_0041FCC0 | |
| Source: | Code function: | 3_2_00449CC0 | |
| Source: | Code function: | 3_2_00449CC0 | |
| Source: | Code function: | 3_2_0040EC80 | |
| Source: | Code function: | 3_2_00434C90 | |
| Source: | Code function: | 3_2_00434C90 | |
| Source: | Code function: | 3_2_0043BCA0 | |
| Source: | Code function: | 3_2_0040CD20 | |
| Source: | Code function: | 3_2_00443D30 | |
| Source: | Code function: | 3_2_00441D30 | |
| Source: | Code function: | 3_2_0040EDE1 | |
| Source: | Code function: | 3_2_00448DE0 | |
| Source: | Code function: | 3_2_00448DE0 | |
| Source: | Code function: | 3_2_00448DE0 | |
| Source: | Code function: | 3_2_00412DFC | |
| Source: | Code function: | 3_2_0041DD90 | |
| Source: | Code function: | 3_2_00449E50 | |
| Source: | Code function: | 3_2_00449E50 | |
| Source: | Code function: | 3_2_00448ED0 | |
| Source: | Code function: | 3_2_00448ED0 | |
| Source: | Code function: | 3_2_00448ED0 | |
| Source: | Code function: | 3_2_00448ED0 | |
| Source: | Code function: | 3_2_00449FD0 | |
| Source: | Code function: | 3_2_00449FD0 | |
Networking | |
|---|
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | TCP traffic: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | ASN Name: | ||
| Source: | ASN Name: | ||
| Source: | JA3 fingerprint: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Code function: | 3_2_004396A0 | |
| Source: | Code function: | 3_2_004396A0 | |
| Source: | Code function: | 0_2_00E32021 | |
| Source: | Code function: | 0_2_00E96078 | |
| Source: | Code function: | 0_2_00E8A059 | |
| Source: | Code function: | 0_2_00E5E175 | |
| Source: | Code function: | 0_2_00E5E2D5 | |
| Source: | Code function: | 0_2_00E62268 | |
| Source: | Code function: | 0_2_00E64278 | |
| Source: | Code function: | 0_2_00E5E212 | |
| Source: | Code function: | 0_2_00E96378 | |
| Source: | Code function: | 0_2_00E62302 | |
| Source: | Code function: | 0_2_00E68428 | |
| Source: | Code function: | 0_2_00E8A438 | |
| Source: | Code function: | 0_2_00E605B8 | |
| Source: | Code function: | 0_2_00E6E768 | |
| Source: | Code function: | 0_2_00E94858 | |
| Source: | Code function: | 0_2_00E3CAF2 | |
| Source: | Code function: | 0_2_00E94A88 | |
| Source: | Code function: | 0_2_00E7CB98 | |
| Source: | Code function: | 0_2_00E64C78 | |
| Source: | Code function: | 0_2_00E66C29 | |
| Source: | Code function: | 0_2_00EA4DA8 | |
| Source: | Code function: | 0_2_00E68F38 | |
| Source: | Code function: | 0_2_00E6F058 | |
| Source: | Code function: | 0_2_00E6B2D8 | |
| Source: | Code function: | 0_2_00EA5288 | |
| Source: | Code function: | 0_2_00E3729C | |
| Source: | Code function: | 0_2_00E4D39B | |
| Source: | Code function: | 0_2_00E67338 | |
| Source: | Code function: | 0_2_00E9D598 | |
| Source: | Code function: | 0_2_00E65618 | |
| Source: | Code function: | 0_2_00EA1798 | |
| Source: | Code function: | 0_2_00E4572C | |
| Source: | Code function: | 0_2_00E81908 | |
| Source: | Code function: | 0_2_00E67908 | |
| Source: | Code function: | 0_2_00E8BADA | |
| Source: | Code function: | 0_2_00E4BB36 | |
| Source: | Code function: | 0_2_00E9BCB8 | |
| Source: | Code function: | 0_2_00E43C92 | |
| Source: | Code function: | 0_2_00E31D79 | |
| Source: | Code function: | 0_2_00E3FEF0 | |
| Source: | Code function: | 0_2_00E5DED8 | |
| Source: | Code function: | 3_2_0040FFE0 | |
| Source: | Code function: | 3_2_0040C060 | |
| Source: | Code function: | 3_2_00401000 | |
| Source: | Code function: | 3_2_00447082 | |
| Source: | Code function: | 3_2_00409110 | |
| Source: | Code function: | 3_2_004491F0 | |
| Source: | Code function: | 3_2_00412180 | |
| Source: | Code function: | 3_2_0042D181 | |
| Source: | Code function: | 3_2_004391A0 | |
| Source: | Code function: | 3_2_0040129D | |
| Source: | Code function: | 3_2_00405340 | |
| Source: | Code function: | 3_2_0042D181 | |
| Source: | Code function: | 3_2_004073A0 | |
| Source: | Code function: | 3_2_004483B0 | |
| Source: | Code function: | 3_2_0040A460 | |
| Source: | Code function: | 3_2_0040E400 | |
| Source: | Code function: | 3_2_004394A0 | |
| Source: | Code function: | 3_2_0040B550 | |
| Source: | Code function: | 3_2_0042D560 | |
| Source: | Code function: | 3_2_004305E0 | |
| Source: | Code function: | 3_2_004406C0 | |
| Source: | Code function: | 3_2_004036E0 | |
| Source: | Code function: | 3_2_0042B69D | |
| Source: | Code function: | 3_2_00408740 | |
| Source: | Code function: | 3_2_004448C0 | |
| Source: | Code function: | 3_2_004298E2 | |
| Source: | Code function: | 3_2_00411890 | |
| Source: | Code function: | 3_2_0042E977 | |
| Source: | Code function: | 3_2_00409903 | |
| Source: | Code function: | 3_2_004489D7 | |
| Source: | Code function: | 3_2_00437980 | |
| Source: | Code function: | 3_2_0042D9A0 | |
| Source: | Code function: | 3_2_0042FA20 | |
| Source: | Code function: | 3_2_0040AA30 | |
| Source: | Code function: | 3_2_00424A30 | |
| Source: | Code function: | 3_2_0042CAF0 | |
| Source: | Code function: | 3_2_00406B60 | |
| Source: | Code function: | 3_2_0042DB64 | |
| Source: | Code function: | 3_2_00448B00 | |
| Source: | Code function: | 3_2_00409B1C | |
| Source: | Code function: | 3_2_00437BB0 | |
| Source: | Code function: | 3_2_0042EC02 | |
| Source: | Code function: | 3_2_0041FCC0 | |
| Source: | Code function: | 3_2_0043EDE0 | |
| Source: | Code function: | 3_2_00448DE0 | |
| Source: | Code function: | 3_2_00407DA0 | |
| Source: | Code function: | 3_2_00432E33 | |
| Source: | Code function: | 3_2_00448ED0 | |
| Source: | Code function: | 3_2_00447ED0 | |
| Source: | Process created: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Classification label: | ||
| Source: | Code function: | 3_2_00428230 | |
| Source: | Mutant created: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Command line argument: | 0_2_00E32021 | |
| Source: | Command line argument: | 0_2_00E32021 | |
| Source: | Command line argument: | 0_2_00E32021 | |
| Source: | Static PE information: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | ReversingLabs: | ||
| Source: | Virustotal: | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 0_2_00E72727 | |
| Source: | Code function: | 0_2_00E371C0 | |
| Source: | Code function: | 3_2_0041584F | |
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | API coverage: | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Code function: | 0_2_00E49ABF | |
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Process queried: | Jump to behavior | ||
| Source: | Process queried: | Jump to behavior | ||
| Source: | Code function: | 3_2_004464F0 | |
| Source: | Code function: | 0_2_00E37922 | |
| Source: | Code function: | 0_2_00E32003 | |
| Source: | Code function: | 0_2_00E4A64C | |
| Source: | Code function: | 0_2_00E40F2E | |
| Source: | Code function: | 0_2_00E4CC4B | |
| Source: | Code function: | 0_2_00E37610 | |
| Source: | Code function: | 0_2_00E37922 | |
| Source: | Code function: | 0_2_00E37AAF | |
| Source: | Code function: | 0_2_00E3DA73 | |
HIPS / PFW / Operating System Protection Evasion | |
|---|
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Code function: | 0_2_00E4C085 | |
| Source: | Code function: | 0_2_00E4622B | |
| Source: | Code function: | 0_2_00E4C372 | |
| Source: | Code function: | 0_2_00E4C327 | |
| Source: | Code function: | 0_2_00E4C498 | |
| Source: | Code function: | 0_2_00E4C40D | |
| Source: | Code function: | 0_2_00E4C6EB | |
| Source: | Code function: | 0_2_00E4C814 | |
| Source: | Code function: | 0_2_00E4C9E9 | |
| Source: | Code function: | 0_2_00E4C91A | |
| Source: | Code function: | 0_2_00E45D7F | |
| Source: | Code function: | 0_2_00E37815 | |
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
Stealing of Sensitive Information | |
|---|
| Source: | File source: | ||
Remote Access Functionality | |
|---|
| Source: | File source: | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Command and Scripting Interpreter | 1 DLL Side-Loading | 311 Process Injection | 2 Virtualization/Sandbox Evasion | OS Credential Dumping | 1 System Time Discovery | Remote Services | 1 Archive Collected Data | 11 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | 1 PowerShell | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 311 Process Injection | LSASS Memory | 41 Security Software Discovery | Remote Desktop Protocol | 2 Clipboard Data | 1 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 11 Deobfuscate/Decode Files or Information | Security Account Manager | 2 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | Data from Network Shared Drive | 3 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 3 Obfuscated Files or Information | NTDS | 1 File and Directory Discovery | Distributed Component Object Model | Input Capture | 114 Application Layer Protocol | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Software Packing | LSA Secrets | 13 System Information Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
| Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 DLL Side-Loading | Cached Domain Credentials | Wi-Fi Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 39% | ReversingLabs | Win32.Trojan.Mikey | ||
| 42% | Virustotal | Browse | ||
| 100% | Avira | HEUR/AGEN.1310458 | ||
| 100% | Joe Sandbox ML |
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | Virustotal | Browse | ||
| 11% | Virustotal | Browse | ||
| 0% | Virustotal | Browse | ||
| 18% | Virustotal | Browse | ||
| 14% | Virustotal | Browse | ||
| 14% | Virustotal | Browse | ||
| 1% | Virustotal | Browse | ||
| 14% | Virustotal | Browse | ||
| 16% | Virustotal | Browse | ||
| 18% | Virustotal | Browse | ||
| 14% | Virustotal | Browse | ||
| 14% | Virustotal | Browse | ||
| 18% | Virustotal | Browse |
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 100% | URL Reputation | malware | ||
| 100% | URL Reputation | malware | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | Virustotal | Browse | ||
| 16% | Virustotal | Browse | ||
| 0% | Virustotal | Browse | ||
| 0% | Virustotal | Browse | ||
| 1% | Virustotal | Browse | ||
| 0% | Virustotal | Browse |
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| steamcommunity.com | 104.102.49.254 | true | true |
| unknown |
| sergei-esenin.com | 172.67.206.204 | true | true |
| unknown |
| fp2e7a.wpc.phicdn.net | 192.229.221.95 | true | false |
| unknown |
| trustterwowqm.shop | unknown | unknown | true |
| unknown |
| eaglepawnoy.store | unknown | unknown | true |
| unknown |
| bathdoomgaz.store | unknown | unknown | true |
| unknown |
| spirittunek.store | unknown | unknown | true |
| unknown |
| licendfilteo.site | unknown | unknown | true |
| unknown |
| studennotediw.store | unknown | unknown | true |
| unknown |
| mobbipenju.store | unknown | unknown | true |
| unknown |
| clearancek.site | unknown | unknown | true |
| unknown |
| 206.23.85.13.in-addr.arpa | unknown | unknown | true |
| unknown |
| dissapoiznw.store | unknown | unknown | true |
| unknown |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| true |
| unknown | |
| true |
| unknown | |
| true | unknown | ||
| true | unknown | ||
| true | unknown | ||
| true | unknown | ||
| true | unknown | ||
| true | unknown | ||
| true | unknown | ||
| true | unknown | ||
| true | unknown |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| true | unknown | |||
| true |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false | unknown | |||
| true | unknown | |||
| false | unknown | |||
| false |
| unknown | ||
| false | unknown | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false | unknown | |||
| true | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 104.102.49.254 | steamcommunity.com | United States | 16625 | AKAMAI-ASUS | true | |
| 172.67.206.204 | sergei-esenin.com | United States | 13335 | CLOUDFLARENETUS | true |
| Joe Sandbox version: | 41.0.0 Charoite |
| Analysis ID: | 1528588 |
| Start date and time: | 2024-10-08 03:23:09 +02:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 5m 31s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 14 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | SecuriteInfo.com.Trojan.DownLoader47.43340.27469.30352.exe |
| Detection: | MAL |
| Classification: | mal100.troj.evad.winEXE@6/5@12/2 |
| EGA Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 40.126.32.140, 40.126.32.138, 20.190.160.14, 40.126.32.74, 20.190.160.22, 40.126.32.72, 40.126.32.76, 40.126.32.133, 52.168.117.173, 4.245.163.56, 192.229.221.95, 40.69.42.241, 13.95.31.18, 13.85.23.206, 4.175.87.197
- Excluded domains from analysis (whitelisted): onedsblobprdeus16.eastus.cloudapp.azure.com, prdv4a.aadg.msidentity.com, slscr.update.microsoft.com, www.tm.v4.a.prd.aadg.trafficmanager.net, login.msa.msidentity.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, ocsp.digicert.com, login.live.com, blobcollector.events.data.trafficmanager.net, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, umwatson.events.data.microsoft.com, www.tm.lg.prod.aadmsa.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
| Time | Type | Description |
|---|---|---|
| 21:24:06 | API Interceptor | |
| 21:24:11 | API Interceptor |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 104.102.49.254 | Get hash | malicious | Unknown | Browse |
| |
| 172.67.206.204 | Get hash | malicious | LummaC | Browse | ||
| Get hash | malicious | LummaC | Browse | |||
| Get hash | malicious | LummaC | Browse | |||
| Get hash | malicious | LummaC | Browse | |||
| Get hash | malicious | LummaC | Browse | |||
| Get hash | malicious | LummaC | Browse | |||
| Get hash | malicious | LummaC | Browse | |||
| Get hash | malicious | LummaC, Vidar | Browse | |||
| Get hash | malicious | LummaC | Browse | |||
| Get hash | malicious | LummaC | Browse |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| sergei-esenin.com | Get hash | malicious | LummaC | Browse |
| |
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| steamcommunity.com | Get hash | malicious | LummaC | Browse |
| |
| Get hash | malicious | LummaC, Vidar | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| fp2e7a.wpc.phicdn.net | Get hash | malicious | SmokeLoader | Browse |
| |
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | LummaC, Vidar | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Xmrig | Browse |
| ||
| Get hash | malicious | SmokeLoader | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| CLOUDFLARENETUS | Get hash | malicious | LummaC | Browse |
| |
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Xmrig | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| AKAMAI-ASUS | Get hash | malicious | LummaC | Browse |
| |
| Get hash | malicious | LummaC, Vidar | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| a0e9f5d64349fb13191bc781f81f42e1 | Get hash | malicious | SmokeLoader | Browse |
| |
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC, Vidar | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | SmokeLoader | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
|
⊘No context
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_SecuriteInfo.com_1b82bec763645d16ab9c0b439f8b0a42b432fae_974fe18f_a875a024-b057-4196-baf7-1056fcad35d7\Report.wer
Download File
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 65536 |
| Entropy (8bit): | 0.7024064719939977 |
| Encrypted: | false |
| SSDEEP: | 96:d4F4boV6z+0LnyFsv9yLvfAWf8QXIDcQvc6QcEVcw3cE/jLXLz+HbHg/5hZAX/dN:GGo8z+vFd0BU/HDMjhzuiFYZ24IO8SI |
| MD5: | FFEAAD7CD3968D93A122AEE55697C3F1 |
| SHA1: | 50BCFD952C31269A961A9EBA5BB5B4BD31A1835B |
| SHA-256: | 726E9358F3D0FEC1F3F7BBA21A0F3D0C4EFD00DCDFBBAAC77EBFC33C67C3B43A |
| SHA-512: | 9A16EEEC5B86C1C8B1DDB6DDFE3CD14E689606EAFE2D9E92170D131BA21192D124BA1D270BF8F3E8F28F5E36E2797E70812C807482AB07C929638A13EE2D4BEB |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 35022 |
| Entropy (8bit): | 1.6911153552579334 |
| Encrypted: | false |
| SSDEEP: | 192:+E5MrOJg0W/2z6eG3//jYkKqLEYCzk7X:zZJdSYU9NLEP |
| MD5: | 132848499C26900D9B6B77F1DBB5D33A |
| SHA1: | B43FE824F63B2B0284620E3A875117E0A169D83E |
| SHA-256: | D1008A9281A5ECA1F71A8E90FB72B186201ADEA35D69842F504FA256F10EECA6 |
| SHA-512: | 5C4EC3AF39D6B87E29674A616A2DA3E6D4507FFFA4C2431EE20ED4B077CB922FF6DF8A6889FC440210A21CAD4F0A7FEA3D17AD200EADAF48CA25C9BF4276B0F0 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8590 |
| Entropy (8bit): | 3.701516472357159 |
| Encrypted: | false |
| SSDEEP: | 192:R6l7wVeJKv6a6YcDgSUfzIJgmffkE0prr89bWmsf0U2ym:R6lXJa6a6Y3SUr2gmffkEtWFfK |
| MD5: | 4E6990261A11141AB6E62A1C91F2011E |
| SHA1: | EDF4C8CE191205BAA98D2E74361AD585765D862D |
| SHA-256: | 30C2893CCE1052F7BDB15B5D7DDCF27B338A12CF69FEBC639D06AB071A2605D0 |
| SHA-512: | 1918CABED43F31840A2E0729D541BF2055343B65AEDB12BD0D3B0AB5222A5540DCA3D8BFD9F0F6EA25B7D048645F666B6F65E35DB3134D2544F727CF941C1309 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4986 |
| Entropy (8bit): | 4.600314152835714 |
| Encrypted: | false |
| SSDEEP: | 48:cvIwWl8zsmJg77aI9w7WpW8VYP1Ym8M4Jgf4NdFs+q8xMVQYabSmSXd:uIjf8I7CK7VCEJgfsUwMRabSmSXd |
| MD5: | 9947356AC2B1D17239DFD641E2AABDFC |
| SHA1: | F7A7450C141BF0E3A7465EFE4B2D46B90639D143 |
| SHA-256: | 6C331F887DBF9DBFB95C48FF209139DA882CC4C33DE2035C4953D9F012C4D042 |
| SHA-512: | 92A7008694C6211796F82A887D67CC3793D72FF46E2A406446E49C63089EB26CCCBAD1FB43969E57992ADE87B6F5E6AD10F59613F0E67672E625486F776E93CD |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1835008 |
| Entropy (8bit): | 4.394799089910549 |
| Encrypted: | false |
| SSDEEP: | 6144:gl4fiJoH0ncNXiUjt10qFG/gaocYGBoaUMMhA2NX4WABlBuNA+OBSqa:44vFFMYQUMM6VFYS+U |
| MD5: | D94DF5F2E0EF7AC46642B99B0A60375C |
| SHA1: | 9BD3D6C1EB41D153FB9890E7CDD641023FDA1864 |
| SHA-256: | 7654803166B21282E952448873EF8615235388984B8F46FEFAC0B2169EBEE6D2 |
| SHA-512: | 224FBE69AE2A21B55F616194F6DC913391F2B78718A48FAF5057970E9A371B006AA32B8D6B97C737D835702D921A63DE0E675DB3AF299D1B07356D74E4C817A7 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| File type: | |
| Entropy (8bit): | 7.7224526627229455 |
| TrID: |
|
| File name: | SecuriteInfo.com.Trojan.DownLoader47.43340.27469.30352.exe |
| File size: | 550'912 bytes |
| MD5: | 7da5b29a33cdab4e5a1dca996ec33a21 |
| SHA1: | e28103e84901cfe9c3dd58c8d3583ae6031d9fa2 |
| SHA256: | e9f7a54574090f114cbbaa06baba2912e0c61d2ade171ab0fc076ed1c785217c |
| SHA512: | dd4a03b3c430547a9e68db4bf91f94653f84879fdcf00ac24f62291cf5c30829096569d7cd5ab42bbf63e0e03c8c42b580e28c2007a7b296f564122cfed130d8 |
| SSDEEP: | 12288:A90Q9bcUr0Kv8MZzSZGGvoBlcuykDZCAuW0iZ4H4S:AvbcpMRSxpktvT4Y |
| TLSH: | 6EC4021575C0C072E5B315320AF0EAB45A7EF9A00A669EDF67880F7F4B305D0E725AA7 |
| File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......=.9.y.WUy.WUy.WU..TTu.WU..RT..WU..STl.WU..VTz.WUy.VU!.WUilTTm.WUilSTk.WUilRT4.WU1m^Tx.WU1m.Ux.WU1mUTx.WURichy.WU............... |
 | |
| Icon Hash: | 00928e8e8686b000 |
| Entrypoint: | 0x406f52 |
| Entrypoint Section: | .text |
| Digitally signed: | false |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
| DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
| Time Stamp: | 0x670467F5 [Mon Oct 7 23:00:05 2024 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 6 |
| OS Version Minor: | 0 |
| File Version Major: | 6 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 6 |
| Subsystem Version Minor: | 0 |
| Import Hash: | d10af643340e1121562abe3e6bd5b0e1 |
| Instruction |
|---|
| call 00007FB4D910BF10h |
| jmp 00007FB4D910B47Fh |
| push ebp |
| mov ebp, esp |
| mov eax, dword ptr [ebp+08h] |
| push esi |
| mov ecx, dword ptr [eax+3Ch] |
| add ecx, eax |
| movzx eax, word ptr [ecx+14h] |
| lea edx, dword ptr [ecx+18h] |
| add edx, eax |
| movzx eax, word ptr [ecx+06h] |
| imul esi, eax, 28h |
| add esi, edx |
| cmp edx, esi |
| je 00007FB4D910B61Bh |
| mov ecx, dword ptr [ebp+0Ch] |
| cmp ecx, dword ptr [edx+0Ch] |
| jc 00007FB4D910B60Ch |
| mov eax, dword ptr [edx+08h] |
| add eax, dword ptr [edx+0Ch] |
| cmp ecx, eax |
| jc 00007FB4D910B60Eh |
| add edx, 28h |
| cmp edx, esi |
| jne 00007FB4D910B5ECh |
| xor eax, eax |
| pop esi |
| pop ebp |
| ret |
| mov eax, edx |
| jmp 00007FB4D910B5FBh |
| push esi |
| call 00007FB4D910C224h |
| test eax, eax |
| je 00007FB4D910B622h |
| mov eax, dword ptr fs:[00000018h] |
| mov esi, 0048655Ch |
| mov edx, dword ptr [eax+04h] |
| jmp 00007FB4D910B606h |
| cmp edx, eax |
| je 00007FB4D910B612h |
| xor eax, eax |
| mov ecx, edx |
| lock cmpxchg dword ptr [esi], ecx |
| test eax, eax |
| jne 00007FB4D910B5F2h |
| xor al, al |
| pop esi |
| ret |
| mov al, 01h |
| pop esi |
| ret |
| push ebp |
| mov ebp, esp |
| cmp dword ptr [ebp+08h], 00000000h |
| jne 00007FB4D910B609h |
| mov byte ptr [00486560h], 00000001h |
| call 00007FB4D910B8BAh |
| call 00007FB4D910E7D7h |
| test al, al |
| jne 00007FB4D910B606h |
| xor al, al |
| pop ebp |
| ret |
| call 00007FB4D9117239h |
| test al, al |
| jne 00007FB4D910B60Ch |
| push 00000000h |
| call 00007FB4D910E7DEh |
| pop ecx |
| jmp 00007FB4D910B5EBh |
| mov al, 01h |
| pop ebp |
| ret |
| push ebp |
| mov ebp, esp |
| cmp byte ptr [00486561h], 00000000h |
| je 00007FB4D910B606h |
| mov al, 01h |
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0x2c6c0 | 0x28 | .rdata |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x88000 | 0x3d8 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x89000 | 0x1ad8 | .reloc |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x2abc0 | 0x1c | .rdata |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x2ab00 | 0x40 | .rdata |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x23000 | 0x12c | .rdata |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0x210f0 | 0x21200 | 432a6f4821dcf831ac04d651989b8210 | False | 0.5865639740566038 | data | 6.667052687296067 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .rdata | 0x23000 | 0x9d78 | 0x9e00 | ea735719de5f1fbf0b05c80975a258de | False | 0.43517602848101267 | data | 4.957696870793669 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .data | 0x2d000 | 0x5a188 | 0x59400 | b9c4630506dab9113835d7711d83fd72 | False | 0.9911726409313726 | DOS executable (block device driver \377\377\377\377,32-bit sector-support) | 7.992613980358461 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .rsrc | 0x88000 | 0x3d8 | 0x400 | c67ba8481d4e7c92e5fe9f152983a3f3 | False | 0.439453125 | data | 3.287044161603086 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .reloc | 0x89000 | 0x1ad8 | 0x1c00 | 45a933f459cf2411c3beb34de2684b0d | False | 0.7268415178571429 | data | 6.390275449386977 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
|---|---|---|---|---|---|---|
| RT_VERSION | 0x88058 | 0x380 | data | English | United States | 0.46205357142857145 |
| DLL | Import |
|---|---|
| KERNEL32.dll | AttachConsole, MultiByteToWideChar, GetStringTypeW, WideCharToMultiByte, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionEx, DeleteCriticalSection, EncodePointer, DecodePointer, LCMapStringEx, GetCPInfo, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, GetStartupInfoW, GetModuleHandleW, CreateFileW, RaiseException, RtlUnwind, GetLastError, SetLastError, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, GetProcAddress, LoadLibraryExW, GetStdHandle, WriteFile, GetModuleFileNameW, ExitProcess, GetModuleHandleExW, HeapAlloc, HeapFree, GetFileType, LCMapStringW, GetLocaleInfoW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, GetFileSizeEx, SetFilePointerEx, CloseHandle, FlushFileBuffers, GetConsoleOutputCP, GetConsoleMode, ReadFile, HeapReAlloc, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetACP, GetOEMCP, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetStdHandle, GetProcessHeap, ReadConsoleW, HeapSize, WriteConsoleW |
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| English | United States |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-10-08T03:24:07.131654+0200 | 2056174 | ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (trustterwowqm .shop) | 1 | 192.168.2.9 | 54523 | 1.1.1.1 | 53 | UDP |
| 2024-10-08T03:24:07.144800+0200 | 2056485 | ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store) | 1 | 192.168.2.9 | 50328 | 1.1.1.1 | 53 | UDP |
| 2024-10-08T03:24:07.157244+0200 | 2056483 | ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store) | 1 | 192.168.2.9 | 56643 | 1.1.1.1 | 53 | UDP |
| 2024-10-08T03:24:07.167904+0200 | 2056481 | ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store) | 1 | 192.168.2.9 | 52751 | 1.1.1.1 | 53 | UDP |
| 2024-10-08T03:24:07.181487+0200 | 2056479 | ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store) | 1 | 192.168.2.9 | 62124 | 1.1.1.1 | 53 | UDP |
| 2024-10-08T03:24:07.197543+0200 | 2056477 | ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store) | 1 | 192.168.2.9 | 64771 | 1.1.1.1 | 53 | UDP |
| 2024-10-08T03:24:07.212175+0200 | 2056475 | ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store) | 1 | 192.168.2.9 | 50182 | 1.1.1.1 | 53 | UDP |
| 2024-10-08T03:24:07.229782+0200 | 2056473 | ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site) | 1 | 192.168.2.9 | 60561 | 1.1.1.1 | 53 | UDP |
| 2024-10-08T03:24:07.245457+0200 | 2056471 | ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site) | 1 | 192.168.2.9 | 64724 | 1.1.1.1 | 53 | UDP |
| 2024-10-08T03:24:09.977390+0200 | 2049836 | ET MALWARE Lumma Stealer Related Activity | 1 | 192.168.2.9 | 49709 | 172.67.206.204 | 443 | TCP |
| 2024-10-08T03:24:09.977390+0200 | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 1 | 192.168.2.9 | 49709 | 172.67.206.204 | 443 | TCP |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Oct 8, 2024 03:24:01.141916037 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:01.179049969 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:01.179064035 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:01.179116011 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:01.181555033 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:01.181626081 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:01.186386108 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:01.192037106 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:01.193908930 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:01.199156046 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:01.199167013 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:01.199223995 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:01.201009989 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:01.201045036 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:01.205883026 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:01.279764891 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:01.279784918 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:01.279851913 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:01.282610893 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:01.282671928 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:01.287452936 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:01.296556950 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:01.298612118 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:01.301784039 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:01.301798105 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:01.301853895 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:01.303517103 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:01.303591967 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:01.308322906 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:01.353882074 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:01.413355112 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:01.415920973 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:01.415956974 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:01.415992975 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:01.416146994 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:01.416162968 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:01.416199923 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:01.416229963 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:01.416277885 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:01.418556929 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:01.418911934 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:01.419084072 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:01.419894934 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:01.420948029 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:01.423674107 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:01.423719883 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:01.423831940 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:01.424721003 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:01.514674902 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:01.517235041 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:01.517247915 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:01.517332077 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:01.517728090 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:01.519552946 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:01.519633055 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:01.519645929 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:01.519661903 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:01.519711018 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:01.521677017 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:01.521760941 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:01.522509098 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:01.524447918 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:01.524466991 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:01.526472092 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:01.526483059 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:01.620569944 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:01.623128891 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:01.625197887 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:01.625211954 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:01.625281096 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:01.627055883 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:01.627978086 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:01.631881952 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:01.722157955 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:01.722173929 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:01.722239017 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:01.725172043 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:01.725200891 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:01.725693941 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:01.728427887 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:01.728441000 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:01.728507996 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:01.730006933 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:01.730415106 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:01.730467081 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:01.733005047 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:01.736278057 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:01.736288071 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:01.824443102 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:01.825944901 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:01.826215982 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:01.827832937 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:01.827888012 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:01.832603931 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:01.832689047 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:01.883219004 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:01.883234978 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:01.883341074 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:01.885960102 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:01.886260033 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:01.890849113 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:01.891016960 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:01.916510105 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:01.926498890 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:01.926516056 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:01.926616907 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:01.930721998 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:01.934602022 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:01.939577103 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:01.962502956 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:01.990830898 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:01.990848064 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:01.990966082 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:02.037756920 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:02.037798882 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:02.037938118 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:02.089911938 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:02.137100935 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:02.215255022 CEST | 49676 | 443 | 192.168.2.9 | 23.206.229.209 |
| Oct 8, 2024 03:24:02.215269089 CEST | 49675 | 443 | 192.168.2.9 | 23.206.229.209 |
| Oct 8, 2024 03:24:02.243437052 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:02.244616032 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:02.245193958 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:02.246252060 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:02.247193098 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:02.249483109 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:02.251172066 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:02.293883085 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:02.342864037 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:02.345371962 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:02.345426083 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:02.345581055 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:02.348167896 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:02.353064060 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:02.379731894 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:02.386061907 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:02.402734995 CEST | 49674 | 443 | 192.168.2.9 | 23.206.229.209 |
| Oct 8, 2024 03:24:02.409209013 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:02.414179087 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:02.433381081 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:02.433413982 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:02.433515072 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:02.462759018 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:02.477704048 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:02.489289999 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:02.505156994 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:02.538544893 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:02.541352987 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:02.546235085 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:02.558695078 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:02.585002899 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:02.585120916 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:02.596194029 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:02.597640038 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:02.602622986 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:02.634413958 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:02.634444952 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:02.634557962 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:02.636929989 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:02.672749043 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:02.673391104 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:02.678209066 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:02.678467989 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:02.698520899 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:02.698559046 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:02.698596001 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:02.698612928 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:02.698658943 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:02.712272882 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:02.715282917 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:02.720230103 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:02.743838072 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:02.775127888 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:02.775146008 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:02.775204897 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:02.810946941 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:02.827341080 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:02.828936100 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:02.833909988 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:02.842453957 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:02.850177050 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:02.866898060 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:02.873683929 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:02.877089977 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:02.882215023 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:02.928551912 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:02.928566933 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:02.928672075 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:02.947530985 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:02.948571920 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:02.953342915 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:02.969644070 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:02.977689028 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:02.977729082 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:02.977770090 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:03.005475044 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:03.016967058 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:03.021928072 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:03.035717964 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:03.065876007 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:03.065988064 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:03.066056967 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:03.112737894 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:03.131231070 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:03.131463051 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:03.156399012 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:03.182106018 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:03.190243959 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:03.195121050 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:03.260210991 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:03.260546923 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:03.265393972 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:03.273838043 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:03.280112982 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:03.324728966 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:03.351656914 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:03.355710983 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:03.360605001 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:03.360618114 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:03.360701084 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:03.363009930 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:03.364042997 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:03.364804983 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:03.368861914 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:03.409938097 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:03.416501999 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:03.420588017 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:03.425501108 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:03.458681107 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:03.462001085 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:03.467103004 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:03.467124939 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:03.467192888 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:03.469970942 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:03.470227957 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:03.474965096 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:03.516278982 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:03.518656015 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:03.557966948 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:03.561264992 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:03.570135117 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:03.570194006 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:03.570246935 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:03.572822094 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:03.576091051 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:03.580882072 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:03.616839886 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:03.619580030 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:03.666568041 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:03.670703888 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:03.677366018 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:03.679464102 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:03.687539101 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:03.687824965 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:03.687880993 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:03.690269947 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:03.691063881 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:03.695863962 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:03.768651009 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:03.772291899 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:03.776191950 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:03.776310921 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:03.780070066 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:03.785990000 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:03.786784887 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:03.789635897 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:03.792637110 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:03.792711973 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:03.792818069 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:03.792872906 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:03.796158075 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:03.796348095 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:03.801220894 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:03.875811100 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:03.878694057 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:03.882131100 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:03.884049892 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:03.889046907 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:03.891973019 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:03.896842003 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:03.899275064 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:03.899338007 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:03.899549007 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:03.899597883 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:03.902076960 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:03.902559042 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:03.907186985 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:03.953919888 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:03.979818106 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:03.982975006 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:03.988100052 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:03.989299059 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:03.991569996 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:03.997934103 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:04.000273943 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:04.004215002 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:04.004295111 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:04.004467964 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:04.004534006 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:04.006517887 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:04.006867886 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:04.027638912 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:04.090451002 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:04.093847036 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:04.096024990 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:04.098207951 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:04.103092909 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:04.117218971 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:04.119920015 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:04.120299101 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:04.120491028 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:04.121205091 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:04.121263027 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:04.124372005 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:04.124432087 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:04.129281998 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:04.169935942 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:04.204624891 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:04.207974911 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:04.210967064 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:04.212852001 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:04.213267088 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:04.218135118 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:04.219894886 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:04.222021103 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:04.225660086 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:04.225742102 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:04.225836039 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:04.225891113 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:04.228146076 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:04.228239059 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:04.233212948 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:04.324110031 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:04.326741934 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:04.326826096 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:04.326875925 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:04.327215910 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:04.329257965 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:04.329296112 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:04.329339027 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:04.329358101 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:04.329490900 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:04.329541922 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:04.331485033 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:04.331571102 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:04.334912062 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:04.336857080 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:04.377855062 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:04.426075935 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:04.429039001 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:04.429255962 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:04.429255962 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:04.429353952 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:04.431020975 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:04.431102037 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:04.431143045 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:04.431194067 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:04.431647062 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:04.431726933 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:04.433716059 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:04.434004068 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:04.434171915 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:04.436499119 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:04.438590050 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:04.438787937 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:04.527899027 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:04.530304909 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:04.530498028 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:04.530498028 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:04.530920029 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:04.532584906 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:04.532661915 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:04.532689095 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:04.534550905 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:04.535182953 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:04.535399914 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:04.535526037 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:04.536019087 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:04.539468050 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:04.539977074 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:04.540262938 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:04.541038990 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:04.674048901 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:04.677086115 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:04.677098036 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:04.677126884 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:04.677139997 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:04.677155972 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:04.677156925 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:04.677186966 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:04.677222013 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:04.679941893 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:04.679970026 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:04.680620909 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:04.680752993 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:04.683192015 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:04.684803009 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:04.684861898 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:04.685410976 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:04.685616016 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:04.776411057 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:04.779098988 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:04.779234886 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:04.779252052 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:04.779298067 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:04.781641006 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:04.781658888 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:04.781682014 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:04.781718969 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:04.781841993 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:04.784053087 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:04.784682989 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:04.784739017 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:04.785454035 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:04.786629915 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:04.789535999 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:04.789629936 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:04.790358067 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:05.012761116 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:05.012789011 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:05.012800932 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:05.012816906 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:05.012830019 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:05.012897015 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:05.012998104 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:05.019898891 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:05.020713091 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:05.021317959 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:05.021764040 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:05.022140980 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:05.024826050 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:05.025552988 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:05.026073933 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:05.026561022 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:05.026881933 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:05.118439913 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:05.121437073 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:05.121448994 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:05.121500015 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:05.122129917 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:05.122174978 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:05.122267008 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:05.154330015 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:05.154751062 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:05.154989004 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:05.155307055 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:05.155535936 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:05.159552097 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:05.159564018 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:05.159686089 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:05.160033941 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:05.160233974 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:05.252970934 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:05.253017902 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:05.253089905 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:05.255331039 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:05.255702019 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:05.255747080 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:05.257286072 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:05.258721113 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:05.259715080 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:05.262151957 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:05.263562918 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:05.264628887 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:05.346271038 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:05.349442959 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:05.349570990 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:05.354293108 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:05.354326010 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:05.358498096 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:05.358537912 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:05.358604908 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:05.361682892 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:05.362682104 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:05.367764950 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:05.402702093 CEST | 49677 | 443 | 192.168.2.9 | 20.189.173.11 |
| Oct 8, 2024 03:24:05.447412968 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:05.449992895 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:05.454901934 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:05.454915047 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:05.454998970 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:05.457254887 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:05.457592964 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:05.462120056 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:05.482568026 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:05.482582092 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:05.482645988 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:05.485084057 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:05.485174894 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:05.489937067 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:05.585038900 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:05.588325977 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:05.590154886 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:05.590167999 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:05.590202093 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:05.590219021 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:05.592858076 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:05.592921972 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:05.592936993 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:05.592976093 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:05.593472004 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:05.595382929 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:05.598267078 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:05.598676920 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:05.600331068 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:05.603526115 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:05.645848989 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:05.690706015 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:05.694017887 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:05.694478989 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:05.696885109 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:05.698890924 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:05.699903965 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:05.699915886 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:05.699958086 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:05.702220917 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:05.702755928 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:05.707062960 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:05.753902912 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:05.784904957 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:05.787334919 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:05.792370081 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:05.795847893 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:05.795859098 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:05.795901060 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:05.798396111 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:05.798515081 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:05.803313971 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:05.805028915 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:05.805042028 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:05.805083036 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:05.807248116 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:05.807339907 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:05.812184095 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:05.893982887 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:05.898255110 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:05.898504972 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:05.898514986 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:05.898525953 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:05.898591995 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:05.901065111 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:05.901783943 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:05.905848980 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:05.923748016 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:05.923762083 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:05.923821926 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:05.927859068 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:05.928786039 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:05.933651924 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:06.053209066 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:06.057059050 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:06.059890985 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:06.059962034 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:06.060024023 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:06.062206030 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:06.062268019 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:06.066989899 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:06.073164940 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:06.073179960 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:06.073246956 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:06.075817108 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:06.076703072 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:06.081495047 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:06.157697916 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:06.160327911 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:06.163975000 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:06.164043903 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:06.166110039 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:06.171005011 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:06.171380043 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:06.173273087 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:06.181330919 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:06.181349993 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:06.181401014 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:06.183433056 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:06.183590889 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:06.188458920 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:06.261940002 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:06.265002012 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:06.268843889 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:06.268903017 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:06.271095037 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:06.271662951 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:06.273678064 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:06.278585911 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:06.284604073 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:06.284661055 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:06.284713030 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:06.289251089 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:06.290333986 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:06.295156956 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:06.369385958 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:06.371974945 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:06.372579098 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:06.372641087 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:06.372663021 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:06.372684956 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:06.374793053 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:06.374914885 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:06.379735947 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:06.389730930 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:06.389772892 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:06.389843941 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:06.392127991 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:06.392211914 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:06.397056103 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:06.470515013 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:06.473048925 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:06.478303909 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:06.478354931 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:06.478699923 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:06.481107950 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:06.481232882 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:06.486071110 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:06.492640018 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:06.492652893 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:06.492696047 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:06.494788885 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:06.494883060 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:06.499629021 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:06.576899052 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:06.581459999 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:06.581562996 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:06.581688881 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:06.593619108 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:06.593631983 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:06.593707085 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:06.606442928 CEST | 49673 | 443 | 192.168.2.9 | 204.79.197.203 |
| Oct 8, 2024 03:24:06.812316895 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:06.812364101 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:06.813239098 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:06.813461065 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:06.814416885 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:06.819164991 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:06.862656116 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:06.927150965 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:06.927186012 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:06.927231073 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:06.927830935 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:06.928325891 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:06.928384066 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:06.936969042 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:06.938141108 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:06.939354897 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:06.940300941 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:06.942141056 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:06.943350077 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:06.944164038 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:06.945106030 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:07.032032013 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:07.059879065 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:07.064933062 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:07.086770058 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:07.086787939 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:07.086798906 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:07.086834908 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:07.103945971 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:07.111284971 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:07.116271973 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:07.156915903 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:07.157058954 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:07.157119989 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:07.160320044 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:07.161469936 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:07.166300058 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:07.178102016 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:07.181864023 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:07.206994057 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:07.214925051 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:07.257122040 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:07.260787964 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:07.262015104 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:07.262022018 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:07.262135983 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:07.272367001 CEST | 49707 | 443 | 192.168.2.9 | 104.102.49.254 |
| Oct 8, 2024 03:24:07.272416115 CEST | 443 | 49707 | 104.102.49.254 | 192.168.2.9 |
| Oct 8, 2024 03:24:07.272484064 CEST | 49707 | 443 | 192.168.2.9 | 104.102.49.254 |
| Oct 8, 2024 03:24:07.276834011 CEST | 49707 | 443 | 192.168.2.9 | 104.102.49.254 |
| Oct 8, 2024 03:24:07.276858091 CEST | 443 | 49707 | 104.102.49.254 | 192.168.2.9 |
| Oct 8, 2024 03:24:07.277394056 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:07.277880907 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:07.283509970 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:07.312071085 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:07.314699888 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:07.314759016 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:07.314848900 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:07.319061995 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:07.323785067 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:07.329791069 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:07.359369040 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:07.359406948 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:07.359417915 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:07.359525919 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:07.363565922 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:07.379096031 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:07.379242897 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:07.379254103 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:07.379293919 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:07.382972956 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:07.384260893 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:07.389180899 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:07.420717955 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:07.421907902 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:07.421971083 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:07.424052954 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:07.452588081 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:07.455419064 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:07.472420931 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:07.474371910 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:07.484663010 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:07.484682083 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:07.484735012 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:07.487968922 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:07.488779068 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:07.493611097 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:07.551357031 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:07.555306911 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:07.570445061 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:07.575321913 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:07.575372934 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:07.591819048 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:07.591913939 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:07.591958046 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:07.666315079 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:24:07.715317965 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:24:07.928064108 CEST | 443 | 49707 | 104.102.49.254 | 192.168.2.9 |
| Oct 8, 2024 03:24:07.928133965 CEST | 49707 | 443 | 192.168.2.9 | 104.102.49.254 |
| Oct 8, 2024 03:24:07.934983015 CEST | 49707 | 443 | 192.168.2.9 | 104.102.49.254 |
| Oct 8, 2024 03:24:07.934993982 CEST | 443 | 49707 | 104.102.49.254 | 192.168.2.9 |
| Oct 8, 2024 03:24:07.935300112 CEST | 443 | 49707 | 104.102.49.254 | 192.168.2.9 |
| Oct 8, 2024 03:24:07.980794907 CEST | 49707 | 443 | 192.168.2.9 | 104.102.49.254 |
| Oct 8, 2024 03:24:08.135567904 CEST | 49707 | 443 | 192.168.2.9 | 104.102.49.254 |
| Oct 8, 2024 03:24:08.179403067 CEST | 443 | 49707 | 104.102.49.254 | 192.168.2.9 |
| Oct 8, 2024 03:24:08.756198883 CEST | 443 | 49707 | 104.102.49.254 | 192.168.2.9 |
| Oct 8, 2024 03:24:08.756262064 CEST | 443 | 49707 | 104.102.49.254 | 192.168.2.9 |
| Oct 8, 2024 03:24:08.756287098 CEST | 49707 | 443 | 192.168.2.9 | 104.102.49.254 |
| Oct 8, 2024 03:24:08.756314993 CEST | 443 | 49707 | 104.102.49.254 | 192.168.2.9 |
| Oct 8, 2024 03:24:08.756330967 CEST | 443 | 49707 | 104.102.49.254 | 192.168.2.9 |
| Oct 8, 2024 03:24:08.756340027 CEST | 443 | 49707 | 104.102.49.254 | 192.168.2.9 |
| Oct 8, 2024 03:24:08.756349087 CEST | 49707 | 443 | 192.168.2.9 | 104.102.49.254 |
| Oct 8, 2024 03:24:08.756356955 CEST | 49707 | 443 | 192.168.2.9 | 104.102.49.254 |
| Oct 8, 2024 03:24:08.756390095 CEST | 49707 | 443 | 192.168.2.9 | 104.102.49.254 |
| Oct 8, 2024 03:24:08.863440990 CEST | 443 | 49707 | 104.102.49.254 | 192.168.2.9 |
| Oct 8, 2024 03:24:08.863511086 CEST | 443 | 49707 | 104.102.49.254 | 192.168.2.9 |
| Oct 8, 2024 03:24:08.863545895 CEST | 49707 | 443 | 192.168.2.9 | 104.102.49.254 |
| Oct 8, 2024 03:24:08.863554955 CEST | 443 | 49707 | 104.102.49.254 | 192.168.2.9 |
| Oct 8, 2024 03:24:08.863605022 CEST | 49707 | 443 | 192.168.2.9 | 104.102.49.254 |
| Oct 8, 2024 03:24:08.869064093 CEST | 443 | 49707 | 104.102.49.254 | 192.168.2.9 |
| Oct 8, 2024 03:24:08.869131088 CEST | 49707 | 443 | 192.168.2.9 | 104.102.49.254 |
| Oct 8, 2024 03:24:08.869172096 CEST | 443 | 49707 | 104.102.49.254 | 192.168.2.9 |
| Oct 8, 2024 03:24:08.869226933 CEST | 49707 | 443 | 192.168.2.9 | 104.102.49.254 |
| Oct 8, 2024 03:24:08.869235992 CEST | 443 | 49707 | 104.102.49.254 | 192.168.2.9 |
| Oct 8, 2024 03:24:08.869322062 CEST | 443 | 49707 | 104.102.49.254 | 192.168.2.9 |
| Oct 8, 2024 03:24:08.869482994 CEST | 49707 | 443 | 192.168.2.9 | 104.102.49.254 |
| Oct 8, 2024 03:24:08.870213032 CEST | 49707 | 443 | 192.168.2.9 | 104.102.49.254 |
| Oct 8, 2024 03:24:08.870222092 CEST | 443 | 49707 | 104.102.49.254 | 192.168.2.9 |
| Oct 8, 2024 03:24:09.065902948 CEST | 49709 | 443 | 192.168.2.9 | 172.67.206.204 |
| Oct 8, 2024 03:24:09.065953016 CEST | 443 | 49709 | 172.67.206.204 | 192.168.2.9 |
| Oct 8, 2024 03:24:09.066054106 CEST | 49709 | 443 | 192.168.2.9 | 172.67.206.204 |
| Oct 8, 2024 03:24:09.066329002 CEST | 49709 | 443 | 192.168.2.9 | 172.67.206.204 |
| Oct 8, 2024 03:24:09.066340923 CEST | 443 | 49709 | 172.67.206.204 | 192.168.2.9 |
| Oct 8, 2024 03:24:09.537797928 CEST | 443 | 49709 | 172.67.206.204 | 192.168.2.9 |
| Oct 8, 2024 03:24:09.537904978 CEST | 49709 | 443 | 192.168.2.9 | 172.67.206.204 |
| Oct 8, 2024 03:24:09.539519072 CEST | 49709 | 443 | 192.168.2.9 | 172.67.206.204 |
| Oct 8, 2024 03:24:09.539535046 CEST | 443 | 49709 | 172.67.206.204 | 192.168.2.9 |
| Oct 8, 2024 03:24:09.539829016 CEST | 443 | 49709 | 172.67.206.204 | 192.168.2.9 |
| Oct 8, 2024 03:24:09.541081905 CEST | 49709 | 443 | 192.168.2.9 | 172.67.206.204 |
| Oct 8, 2024 03:24:09.541081905 CEST | 49709 | 443 | 192.168.2.9 | 172.67.206.204 |
| Oct 8, 2024 03:24:09.541151047 CEST | 443 | 49709 | 172.67.206.204 | 192.168.2.9 |
| Oct 8, 2024 03:24:09.977406025 CEST | 443 | 49709 | 172.67.206.204 | 192.168.2.9 |
| Oct 8, 2024 03:24:09.977509975 CEST | 443 | 49709 | 172.67.206.204 | 192.168.2.9 |
| Oct 8, 2024 03:24:09.977565050 CEST | 49709 | 443 | 192.168.2.9 | 172.67.206.204 |
| Oct 8, 2024 03:24:09.977859020 CEST | 49709 | 443 | 192.168.2.9 | 172.67.206.204 |
| Oct 8, 2024 03:24:09.977859020 CEST | 49709 | 443 | 192.168.2.9 | 172.67.206.204 |
| Oct 8, 2024 03:24:09.977878094 CEST | 443 | 49709 | 172.67.206.204 | 192.168.2.9 |
| Oct 8, 2024 03:24:09.977888107 CEST | 443 | 49709 | 172.67.206.204 | 192.168.2.9 |
| Oct 8, 2024 03:24:11.824582100 CEST | 49676 | 443 | 192.168.2.9 | 23.206.229.209 |
| Oct 8, 2024 03:24:11.824609995 CEST | 49675 | 443 | 192.168.2.9 | 23.206.229.209 |
| Oct 8, 2024 03:24:12.012049913 CEST | 49674 | 443 | 192.168.2.9 | 23.206.229.209 |
| Oct 8, 2024 03:24:13.746798992 CEST | 443 | 49704 | 23.206.229.209 | 192.168.2.9 |
| Oct 8, 2024 03:24:13.748315096 CEST | 49704 | 443 | 192.168.2.9 | 23.206.229.209 |
| Oct 8, 2024 03:24:15.012093067 CEST | 49677 | 443 | 192.168.2.9 | 20.189.173.11 |
| Oct 8, 2024 03:24:37.894644022 CEST | 60019 | 53 | 192.168.2.9 | 162.159.36.2 |
| Oct 8, 2024 03:24:37.899524927 CEST | 53 | 60019 | 162.159.36.2 | 192.168.2.9 |
| Oct 8, 2024 03:24:37.899612904 CEST | 60019 | 53 | 192.168.2.9 | 162.159.36.2 |
| Oct 8, 2024 03:24:37.899645090 CEST | 60019 | 53 | 192.168.2.9 | 162.159.36.2 |
| Oct 8, 2024 03:24:37.904473066 CEST | 53 | 60019 | 162.159.36.2 | 192.168.2.9 |
| Oct 8, 2024 03:24:38.362998009 CEST | 53 | 60019 | 162.159.36.2 | 192.168.2.9 |
| Oct 8, 2024 03:24:38.363842964 CEST | 60019 | 53 | 192.168.2.9 | 162.159.36.2 |
| Oct 8, 2024 03:24:38.369229078 CEST | 53 | 60019 | 162.159.36.2 | 192.168.2.9 |
| Oct 8, 2024 03:24:38.369281054 CEST | 60019 | 53 | 192.168.2.9 | 162.159.36.2 |
| Oct 8, 2024 03:24:55.293761969 CEST | 49705 | 80 | 192.168.2.9 | 199.232.214.172 |
| Oct 8, 2024 03:24:55.299968004 CEST | 80 | 49705 | 199.232.214.172 | 192.168.2.9 |
| Oct 8, 2024 03:24:55.300079107 CEST | 49705 | 80 | 192.168.2.9 | 199.232.214.172 |
| Oct 8, 2024 03:25:37.654953003 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:25:37.655036926 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Oct 8, 2024 03:25:37.655107021 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:25:37.656219006 CEST | 49706 | 443 | 192.168.2.9 | 13.107.246.45 |
| Oct 8, 2024 03:25:37.661041021 CEST | 443 | 49706 | 13.107.246.45 | 192.168.2.9 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Oct 8, 2024 03:24:07.131654024 CEST | 54523 | 53 | 192.168.2.9 | 1.1.1.1 |
| Oct 8, 2024 03:24:07.139781952 CEST | 53 | 54523 | 1.1.1.1 | 192.168.2.9 |
| Oct 8, 2024 03:24:07.144799948 CEST | 50328 | 53 | 192.168.2.9 | 1.1.1.1 |
| Oct 8, 2024 03:24:07.154370070 CEST | 53 | 50328 | 1.1.1.1 | 192.168.2.9 |
| Oct 8, 2024 03:24:07.157243967 CEST | 56643 | 53 | 192.168.2.9 | 1.1.1.1 |
| Oct 8, 2024 03:24:07.165565014 CEST | 53 | 56643 | 1.1.1.1 | 192.168.2.9 |
| Oct 8, 2024 03:24:07.167903900 CEST | 52751 | 53 | 192.168.2.9 | 1.1.1.1 |
| Oct 8, 2024 03:24:07.177496910 CEST | 53 | 52751 | 1.1.1.1 | 192.168.2.9 |
| Oct 8, 2024 03:24:07.181487083 CEST | 62124 | 53 | 192.168.2.9 | 1.1.1.1 |
| Oct 8, 2024 03:24:07.195004940 CEST | 53 | 62124 | 1.1.1.1 | 192.168.2.9 |
| Oct 8, 2024 03:24:07.197542906 CEST | 64771 | 53 | 192.168.2.9 | 1.1.1.1 |
| Oct 8, 2024 03:24:07.205498934 CEST | 53 | 64771 | 1.1.1.1 | 192.168.2.9 |
| Oct 8, 2024 03:24:07.212174892 CEST | 50182 | 53 | 192.168.2.9 | 1.1.1.1 |
| Oct 8, 2024 03:24:07.227091074 CEST | 53 | 50182 | 1.1.1.1 | 192.168.2.9 |
| Oct 8, 2024 03:24:07.229782104 CEST | 60561 | 53 | 192.168.2.9 | 1.1.1.1 |
| Oct 8, 2024 03:24:07.239342928 CEST | 53 | 60561 | 1.1.1.1 | 192.168.2.9 |
| Oct 8, 2024 03:24:07.245456934 CEST | 64724 | 53 | 192.168.2.9 | 1.1.1.1 |
| Oct 8, 2024 03:24:07.255074978 CEST | 53 | 64724 | 1.1.1.1 | 192.168.2.9 |
| Oct 8, 2024 03:24:07.256771088 CEST | 52386 | 53 | 192.168.2.9 | 1.1.1.1 |
| Oct 8, 2024 03:24:07.264539003 CEST | 53 | 52386 | 1.1.1.1 | 192.168.2.9 |
| Oct 8, 2024 03:24:08.872163057 CEST | 52476 | 53 | 192.168.2.9 | 1.1.1.1 |
| Oct 8, 2024 03:24:09.060667992 CEST | 53 | 52476 | 1.1.1.1 | 192.168.2.9 |
| Oct 8, 2024 03:24:37.894084930 CEST | 53 | 53269 | 162.159.36.2 | 192.168.2.9 |
| Oct 8, 2024 03:24:38.375227928 CEST | 50887 | 53 | 192.168.2.9 | 1.1.1.1 |
| Oct 8, 2024 03:24:38.382101059 CEST | 53 | 50887 | 1.1.1.1 | 192.168.2.9 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Oct 8, 2024 03:24:07.131654024 CEST | 192.168.2.9 | 1.1.1.1 | 0x91ee | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Oct 8, 2024 03:24:07.144799948 CEST | 192.168.2.9 | 1.1.1.1 | 0x79 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Oct 8, 2024 03:24:07.157243967 CEST | 192.168.2.9 | 1.1.1.1 | 0x22f | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Oct 8, 2024 03:24:07.167903900 CEST | 192.168.2.9 | 1.1.1.1 | 0x2b5e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Oct 8, 2024 03:24:07.181487083 CEST | 192.168.2.9 | 1.1.1.1 | 0xf461 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Oct 8, 2024 03:24:07.197542906 CEST | 192.168.2.9 | 1.1.1.1 | 0x76bd | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Oct 8, 2024 03:24:07.212174892 CEST | 192.168.2.9 | 1.1.1.1 | 0x1915 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Oct 8, 2024 03:24:07.229782104 CEST | 192.168.2.9 | 1.1.1.1 | 0x59dc | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Oct 8, 2024 03:24:07.245456934 CEST | 192.168.2.9 | 1.1.1.1 | 0x2213 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Oct 8, 2024 03:24:07.256771088 CEST | 192.168.2.9 | 1.1.1.1 | 0x3023 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Oct 8, 2024 03:24:08.872163057 CEST | 192.168.2.9 | 1.1.1.1 | 0x1edb | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Oct 8, 2024 03:24:38.375227928 CEST | 192.168.2.9 | 1.1.1.1 | 0x9b63 | Standard query (0) | PTR (Pointer record) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Oct 8, 2024 03:24:07.139781952 CEST | 1.1.1.1 | 192.168.2.9 | 0x91ee | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
| Oct 8, 2024 03:24:07.154370070 CEST | 1.1.1.1 | 192.168.2.9 | 0x79 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
| Oct 8, 2024 03:24:07.165565014 CEST | 1.1.1.1 | 192.168.2.9 | 0x22f | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
| Oct 8, 2024 03:24:07.177496910 CEST | 1.1.1.1 | 192.168.2.9 | 0x2b5e | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
| Oct 8, 2024 03:24:07.195004940 CEST | 1.1.1.1 | 192.168.2.9 | 0xf461 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
| Oct 8, 2024 03:24:07.205498934 CEST | 1.1.1.1 | 192.168.2.9 | 0x76bd | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
| Oct 8, 2024 03:24:07.227091074 CEST | 1.1.1.1 | 192.168.2.9 | 0x1915 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
| Oct 8, 2024 03:24:07.239342928 CEST | 1.1.1.1 | 192.168.2.9 | 0x59dc | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
| Oct 8, 2024 03:24:07.255074978 CEST | 1.1.1.1 | 192.168.2.9 | 0x2213 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
| Oct 8, 2024 03:24:07.264539003 CEST | 1.1.1.1 | 192.168.2.9 | 0x3023 | No error (0) | 104.102.49.254 | A (IP address) | IN (0x0001) | false | ||
| Oct 8, 2024 03:24:09.060667992 CEST | 1.1.1.1 | 192.168.2.9 | 0x1edb | No error (0) | 172.67.206.204 | A (IP address) | IN (0x0001) | false | ||
| Oct 8, 2024 03:24:09.060667992 CEST | 1.1.1.1 | 192.168.2.9 | 0x1edb | No error (0) | 104.21.53.8 | A (IP address) | IN (0x0001) | false | ||
| Oct 8, 2024 03:24:22.992244959 CEST | 1.1.1.1 | 192.168.2.9 | 0x21e0 | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Oct 8, 2024 03:24:22.992244959 CEST | 1.1.1.1 | 192.168.2.9 | 0x21e0 | No error (0) | 192.229.221.95 | A (IP address) | IN (0x0001) | false | ||
| Oct 8, 2024 03:24:35.879281044 CEST | 1.1.1.1 | 192.168.2.9 | 0xe865 | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Oct 8, 2024 03:24:35.879281044 CEST | 1.1.1.1 | 192.168.2.9 | 0xe865 | No error (0) | 192.229.221.95 | A (IP address) | IN (0x0001) | false | ||
| Oct 8, 2024 03:24:38.382101059 CEST | 1.1.1.1 | 192.168.2.9 | 0x9b63 | Name error (3) | none | none | PTR (Pointer record) | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.9 | 49707 | 104.102.49.254 | 443 | 6396 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-10-08 01:24:08 UTC | 219 | OUT | |
| 2024-10-08 01:24:08 UTC | 1870 | IN | |
| 2024-10-08 01:24:08 UTC | 14514 | IN | |
| 2024-10-08 01:24:08 UTC | 16384 | IN | |
| 2024-10-08 01:24:08 UTC | 3768 | IN | |
| 2024-10-08 01:24:08 UTC | 171 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.9 | 49709 | 172.67.206.204 | 443 | 6396 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-10-08 01:24:09 UTC | 264 | OUT | |
| 2024-10-08 01:24:09 UTC | 8 | OUT | |
| 2024-10-08 01:24:09 UTC | 772 | IN | |
| 2024-10-08 01:24:09 UTC | 15 | IN | |
| 2024-10-08 01:24:09 UTC | 5 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 21:24:05 |
| Start date: | 07/10/2024 |
| Path: | C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader47.43340.27469.30352.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xe30000 |
| File size: | 550'912 bytes |
| MD5 hash: | 7DA5B29A33CDAB4E5A1DCA996EC33A21 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | low |
| Has exited: | true |
| Target ID: | 2 |
| Start time: | 21:24:06 |
| Start date: | 07/10/2024 |
| Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0xe0000 |
| File size: | 262'432 bytes |
| MD5 hash: | 8FDF47E0FF70C40ED3A17014AEEA4232 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 3 |
| Start time: | 21:24:06 |
| Start date: | 07/10/2024 |
| Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xec0000 |
| File size: | 262'432 bytes |
| MD5 hash: | 8FDF47E0FF70C40ED3A17014AEEA4232 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 6 |
| Start time: | 21:24:06 |
| Start date: | 07/10/2024 |
| Path: | C:\Windows\SysWOW64\WerFault.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xc60000 |
| File size: | 483'680 bytes |
| MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
Execution Graph
| Execution Coverage: | 0.7% |
| Dynamic/Decrypted Code Coverage: | 0% |
| Signature Coverage: | 6.1% |
| Total number of Nodes: | 229 |
| Total number of Limit Nodes: | 3 |
Graph
Function 00E32021 Relevance: 9.4, APIs: 1, Strings: 4, Instructions: 631memoryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E46368 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMONLIBRARYCODE
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E48E2E Relevance: 4.7, APIs: 3, Instructions: 202COMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E4A3A6 Relevance: 3.2, APIs: 2, Instructions: 177COMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E49FAA Relevance: 1.6, APIs: 1, Instructions: 147COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E7CB98 Relevance: 20.7, Strings: 15, Instructions: 1988COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E8C568 Relevance: 11.5, Strings: 9, Instructions: 256COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E4C9E9 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 183COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E4D39B Relevance: 10.2, APIs: 1, Strings: 4, Instructions: 1436COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E4C085 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 251COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E4C814 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E3FEF0 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 449COMMONLIBRARYCODE
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E5E175 Relevance: 7.2, Strings: 5, Instructions: 909COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E5E2D5 Relevance: 6.7, Strings: 5, Instructions: 453COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E6C938 Relevance: 6.7, Strings: 5, Instructions: 409COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E7EF70 Relevance: 6.5, Strings: 5, Instructions: 258COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E37922 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00EA5288 Relevance: 5.3, Strings: 4, Instructions: 348COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E7FAE2 Relevance: 5.2, Strings: 4, Instructions: 209COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00EA3642 Relevance: 5.1, Strings: 4, Instructions: 142COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E4C498 Relevance: 4.7, APIs: 3, Instructions: 205COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E65618 Relevance: 4.1, Strings: 3, Instructions: 379COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00EA36EE Relevance: 3.9, Strings: 3, Instructions: 122COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E8C224 Relevance: 3.8, Strings: 3, Instructions: 38COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E4622B Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00EA49F8 Relevance: 2.8, Strings: 2, Instructions: 288COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00EA6FD8 Relevance: 2.7, Strings: 2, Instructions: 228COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E85EC3 Relevance: 2.6, Strings: 2, Instructions: 140COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00EA6EA8 Relevance: 2.6, Strings: 2, Instructions: 98COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E6BB58 Relevance: 2.6, Strings: 2, Instructions: 82COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E66C29 Relevance: 2.6, Strings: 2, Instructions: 71COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E5DED8 Relevance: 2.5, Strings: 1, Instructions: 1296COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00EA1798 Relevance: 1.9, Strings: 1, Instructions: 618COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E3729C Relevance: 1.7, APIs: 1, Instructions: 242COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E605B8 Relevance: 1.7, Strings: 1, Instructions: 448COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E85368 Relevance: 1.7, Strings: 1, Instructions: 415COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E49ABF Relevance: 1.6, APIs: 1, Instructions: 108COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E9074E Relevance: 1.6, Strings: 1, Instructions: 336COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E4C6EB Relevance: 1.6, APIs: 1, Instructions: 83COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E4C91A Relevance: 1.5, APIs: 1, Instructions: 45COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E8A059 Relevance: 1.5, Strings: 1, Instructions: 267COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E67908 Relevance: 1.5, Strings: 1, Instructions: 265COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E5E212 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E37AAF Relevance: 1.5, APIs: 1, Instructions: 3COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00EA74F8 Relevance: 1.5, Strings: 1, Instructions: 247COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E8E388 Relevance: 1.5, Strings: 1, Instructions: 237COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00EA47F8 Relevance: 1.4, Strings: 1, Instructions: 183COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E90AD4 Relevance: 1.4, Strings: 1, Instructions: 161COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E6FA44 Relevance: 1.4, Strings: 1, Instructions: 160COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E6FCD4 Relevance: 1.4, Strings: 1, Instructions: 156COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E31D79 Relevance: 1.4, Strings: 1, Instructions: 156COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E91327 Relevance: 1.4, Strings: 1, Instructions: 141COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00EA6B98 Relevance: 1.4, Strings: 1, Instructions: 131COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00EA6D28 Relevance: 1.4, Strings: 1, Instructions: 128COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E7AF2D Relevance: 1.4, Strings: 1, Instructions: 108COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00EA38E2 Relevance: 1.3, Strings: 1, Instructions: 81COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E4CC4B Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E68F38 Relevance: .8, Instructions: 789COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E81908 Relevance: .7, Instructions: 700COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E68428 Relevance: .7, Instructions: 670COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E64278 Relevance: .7, Instructions: 657COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E64C78 Relevance: .6, Instructions: 592COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E67338 Relevance: .5, Instructions: 504COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E8A438 Relevance: .4, Instructions: 380COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E9143A Relevance: .4, Instructions: 358COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00EA4DA8 Relevance: .3, Instructions: 330COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E4BB36 Relevance: .3, Instructions: 327COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E734A4 Relevance: .3, Instructions: 284COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E96078 Relevance: .3, Instructions: 277COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E62302 Relevance: .3, Instructions: 271COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E8BADA Relevance: .3, Instructions: 256COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E94A88 Relevance: .3, Instructions: 254COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E85108 Relevance: .2, Instructions: 242COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E62268 Relevance: .2, Instructions: 223COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00EA22A8 Relevance: .2, Instructions: 220COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E918D8 Relevance: .2, Instructions: 215COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E6B2D8 Relevance: .2, Instructions: 214COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E5E3F7 Relevance: .2, Instructions: 213COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E94858 Relevance: .2, Instructions: 198COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E9BCB8 Relevance: .2, Instructions: 189COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E6BCB9 Relevance: .2, Instructions: 189COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E96378 Relevance: .2, Instructions: 180COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00EA1048 Relevance: .2, Instructions: 167COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E6A268 Relevance: .2, Instructions: 164COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E62B08 Relevance: .2, Instructions: 163COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E6E3F3 Relevance: .1, Instructions: 135COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E6E768 Relevance: .1, Instructions: 125COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E8ABBB Relevance: .1, Instructions: 119COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00EA5EE8 Relevance: .1, Instructions: 118COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E91FF9 Relevance: .1, Instructions: 116COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E9D598 Relevance: .1, Instructions: 108COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E69AE8 Relevance: .1, Instructions: 106COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00EA0C08 Relevance: .1, Instructions: 97COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E61A58 Relevance: .1, Instructions: 95COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E72702 Relevance: .1, Instructions: 91COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E8B175 Relevance: .1, Instructions: 91COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00EA3F68 Relevance: .1, Instructions: 83COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E69BF8 Relevance: .1, Instructions: 80COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E88278 Relevance: .1, Instructions: 79COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E866E6 Relevance: .1, Instructions: 75COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E8C198 Relevance: .1, Instructions: 74COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E71920 Relevance: .1, Instructions: 73COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E98B78 Relevance: .1, Instructions: 64COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E8E2E8 Relevance: .1, Instructions: 63COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E86410 Relevance: .1, Instructions: 57COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E6C81B Relevance: .1, Instructions: 57COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E8C3AC Relevance: .1, Instructions: 56COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E6F058 Relevance: .0, Instructions: 47COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E78948 Relevance: .0, Instructions: 38COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00EA3A08 Relevance: .0, Instructions: 29COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00EA6140 Relevance: .0, Instructions: 28COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E4A64C Relevance: .0, Instructions: 22COMMONLIBRARYCODE
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E9EC08 Relevance: .0, Instructions: 21COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E32003 Relevance: .0, Instructions: 12COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E40F2E Relevance: .0, Instructions: 12COMMONLIBRARYCODE
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E72D4B Relevance: .0, Instructions: 11COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E8D75B Relevance: .0, Instructions: 11COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00EA6343 Relevance: .0, Instructions: 9COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00EA604C Relevance: .0, Instructions: 7COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E7338E Relevance: .0, Instructions: 6COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E7165F Relevance: .0, Instructions: 6COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E3A5C8 Relevance: 10.8, APIs: 3, Strings: 3, Instructions: 303COMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E45F4A Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E3507A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 44COMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E40F50 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 42libraryloaderCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E4F356 Relevance: 9.3, APIs: 6, Instructions: 298COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E47747 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 338fileCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E3A371 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 168COMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E34436 Relevance: 7.5, APIs: 5, Instructions: 48COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E33DB1 Relevance: 7.5, APIs: 5, Instructions: 48COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E34308 Relevance: 7.5, APIs: 5, Instructions: 47COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E3B3A2 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E51093 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 147COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E3A96D Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E35107 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E4612C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22memoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Execution Graph
| Execution Coverage: | 1% |
| Dynamic/Decrypted Code Coverage: | 0% |
| Signature Coverage: | 2.3% |
| Total number of Nodes: | 43 |
| Total number of Limit Nodes: | 6 |
Graph
Function 0040D390 Relevance: 6.2, APIs: 4, Instructions: 154threadCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004464F0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 14libraryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00446040 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 72memoryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00446709 Relevance: 3.0, APIs: 2, Instructions: 22COMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00445C4A Relevance: 1.6, APIs: 1, Instructions: 71libraryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00443A20 Relevance: 1.5, APIs: 1, Instructions: 36memoryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00443AA0 Relevance: 1.5, APIs: 1, Instructions: 36memoryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004396A0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 99clipboardCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00428230 Relevance: 1.7, APIs: 1, Instructions: 242comCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0043FDBB Relevance: 31.9, APIs: 11, Strings: 7, Instructions: 425memorycomCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|