Edit tour
Windows
Analysis Report
4a. RFx-4045.exe
Overview
General Information
| Sample name: | 4a. RFx-4045.exe |
| Analysis ID: | 1614889 |
| MD5: | 95ccf2bcd18e87a3386e71a5d09e75fe |
| SHA1: | 79bbd13b8222d5a548a8b3539dcec954daf5d14f |
| SHA256: | 7b676bf78d187d4d11cd10db0b8a31b908ee4d2a63556442da865d1c5aae2f22 |
| Tags: | exeRFQsigneduser-cocaman |
| Infos: |  |
 | |
Detection
GuLoader, Snake Keylogger
| Score: | 100 |
| Range: | 0 - 100 |
| Confidence: | 100% |
Signatures
Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected GuLoader
Yara detected Snake Keylogger
AI detected suspicious PE digital signature
Joe Sandbox ML detected suspicious sample
Switches to a custom stack to bypass stack traces
Tries to detect the country of the analysis system (by using the IP)
Tries to detect virtualization through RDTSC time measurements
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses the Telegram API (likely for C&C communication)
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to dynamically determine API calls
Contains functionality to shutdown / reboot the system
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected non-DNS traffic on DNS port
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
Queries the volume information (name, serial number etc) of a device
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer
Classification
- System is w10x64
4a. RFx-4045.exe (PID: 6824 cmdline:
"C:\Users\ user\Deskt op\4a. RFx -4045.exe" MD5: 95CCF2BCD18E87A3386E71A5D09E75FE) "C:\Users\ user\Deskt op\4a. RFx -4045.exe" MD5: 95CCF2BCD18E87A3386E71A5D09E75FE)
- cleanup
| Name | Description | Attribution | Blogpost URLs | Link |
|---|---|---|---|---|
| CloudEyE, GuLoader | CloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored. | No Attribution |
| Name | Description | Attribution | Blogpost URLs | Link |
|---|---|---|---|---|
| 404 Keylogger, Snake Keylogger | Snake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram. | No Attribution |
{"Exfil Mode": "SMTP", "Username": "nuno.anjos@copinsa.com", "Password": "CmA9.v9,O!~I", "Host": "mail.copinsa.com", "Port": "587", "Version": "4.4"}| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_SnakeKeylogger | Yara detected Snake Keylogger | Joe Security | ||
| JoeSecurity_GuLoader_3 | Yara detected GuLoader | Joe Security | ||
| JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security |
⊘No Sigma rule has matched
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-02-14T08:30:22.643060+0100 | 2803305 | 3 | Unknown Traffic | 192.168.2.4 | 56836 | 104.21.112.1 | 443 | TCP |
| 2025-02-14T08:30:30.509480+0100 | 2803305 | 3 | Unknown Traffic | 192.168.2.4 | 56852 | 104.21.112.1 | 443 | TCP |
| 2025-02-14T08:30:34.103456+0100 | 2803305 | 3 | Unknown Traffic | 192.168.2.4 | 56856 | 104.21.112.1 | 443 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-02-14T08:30:20.867700+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.4 | 56821 | 132.226.247.73 | 80 | TCP |
| 2025-02-14T08:30:22.055192+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.4 | 56821 | 132.226.247.73 | 80 | TCP |
| 2025-02-14T08:30:26.477168+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.4 | 56842 | 132.226.247.73 | 80 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-02-14T08:30:15.376975+0100 | 2803270 | 2 | Potentially Bad Traffic | 192.168.2.4 | 56784 | 172.217.23.110 | 443 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-02-14T08:30:36.332886+0100 | 1810007 | 1 | Potentially Bad Traffic | 192.168.2.4 | 56859 | 149.154.167.220 | 443 | TCP |
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | Malware Configuration Extractor: | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | ReversingLabs: | |||
| Source: | Integrated Neural Analysis Model: | ||
Location Tracking | |
|---|
| Source: | DNS query: | ||
| Source: | Code function: | 4_2_370C01E8 | |
| Source: | Code function: | 4_2_370C01E0 | |
| Source: | Static PE information: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 0_2_0040589C | |
| Source: | Code function: | 0_2_004063D7 | |
| Source: | Code function: | 0_2_004026FE | |
| Source: | Code function: | 4_2_004063D7 | |
| Source: | Code function: | 4_2_004026FE | |
| Source: | Code function: | 4_2_0040589C | |
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Code function: | 4_2_037CF33C | |
| Source: | Code function: | 4_2_037CF150 | |
| Source: | Code function: | 4_2_370CD680 | |
| Source: | Code function: | 4_2_370C02A0 | |
| Source: | Code function: | 4_2_370CBDA0 | |
| Source: | Code function: | 4_2_370C6F10 | |
| Source: | Code function: | 4_2_370C4F20 | |
| Source: | Code function: | 4_2_370C2F30 | |
| Source: | Code function: | 4_2_370CF330 | |
| Source: | Code function: | 4_2_370CB348 | |
| Source: | Code function: | 4_2_370CDB48 | |
| Source: | Code function: | 4_2_370C9358 | |
| Source: | Code function: | 4_2_370CCB50 | |
| Source: | Code function: | 4_2_370C1F71 | |
| Source: | Code function: | 4_2_370C73A0 | |
| Source: | Code function: | 4_2_370C53B0 | |
| Source: | Code function: | 4_2_370C33C0 | |
| Source: | Code function: | 4_2_370CB7D8 | |
| Source: | Code function: | 4_2_370C97E8 | |
| Source: | Code function: | 4_2_370CCFE0 | |
| Source: | Code function: | 4_2_370CF7F8 | |
| Source: | Code function: | 4_2_370C4600 | |
| Source: | Code function: | 4_2_370C2610 | |
| Source: | Code function: | 4_2_370CAA28 | |
| Source: | Code function: | 4_2_370CC230 | |
| Source: | Code function: | 4_2_370CEE68 | |
| Source: | Code function: | 4_2_370C8A70 | |
| Source: | Code function: | 4_2_370C6A80 | |
| Source: | Code function: | 4_2_370C4A90 | |
| Source: | Code function: | 4_2_370C2AA0 | |
| Source: | Code function: | 4_2_370CAEB8 | |
| Source: | Code function: | 4_2_370C8EC8 | |
| Source: | Code function: | 4_2_370CC6C0 | |
| Source: | Code function: | 4_2_370CA108 | |
| Source: | Code function: | 4_2_370C8150 | |
| Source: | Code function: | 4_2_370C6160 | |
| Source: | Code function: | 4_2_370C4170 | |
| Source: | Code function: | 4_2_370CA598 | |
| Source: | Code function: | 4_2_370CE9A0 | |
| Source: | Code function: | 4_2_370C85E0 | |
| Source: | Code function: | 4_2_370C65F0 | |
| Source: | Code function: | 4_2_370CE010 | |
| Source: | Code function: | 4_2_370C7830 | |
| Source: | Code function: | 4_2_370C5840 | |
| Source: | Code function: | 4_2_370C3850 | |
| Source: | Code function: | 4_2_370C9C78 | |
| Source: | Code function: | 4_2_370C7CC0 | |
| Source: | Code function: | 4_2_370CE4D8 | |
| Source: | Code function: | 4_2_370C5CD0 | |
| Source: | Code function: | 4_2_370C3CE0 | |
| Source: | Code function: | 4_2_370D23D8 | |
| Source: | Code function: | 4_2_370DF508 | |
| Source: | Code function: | 4_2_370DC990 | |
| Source: | Code function: | 4_2_370DE5A8 | |
| Source: | Code function: | 4_2_370D2838 | |
| Source: | Code function: | 4_2_370D0B30 | |
| Source: | Code function: | 4_2_370D0B30 | |
| Source: | Code function: | 4_2_370D2B7E | |
| Source: | Code function: | 4_2_370DD380 | |
| Source: | Code function: | 4_2_370DEA00 | |
| Source: | Code function: | 4_2_370DEE58 | |
| Source: | Code function: | 4_2_370D0673 | |
| Source: | Code function: | 4_2_370DCE88 | |
| Source: | Code function: | 4_2_370DE128 | |
| Source: | Code function: | 4_2_370D0040 | |
| Source: | Code function: | 4_2_370D0853 | |
| Source: | Code function: | 4_2_370DD878 | |
| Source: | Code function: | 4_2_370DDCD0 | |
| Source: | Code function: | 4_2_37358FB0 | |
| Source: | Code function: | 4_2_373547F8 | |
| Source: | Code function: | 4_2_37354330 | |
| Source: | Code function: | 4_2_37355B18 | |
| Source: | Code function: | 4_2_37357300 | |
| Source: | Code function: | 4_2_37350508 | |
| Source: | Code function: | 4_2_37356970 | |
| Source: | Code function: | 4_2_37351360 | |
| Source: | Code function: | 4_2_37358158 | |
| Source: | Code function: | 4_2_37352B48 | |
| Source: | Code function: | 4_2_373521B8 | |
| Source: | Code function: | 4_2_373539A0 | |
| Source: | Code function: | 4_2_37355188 | |
| Source: | Code function: | 4_2_37355FE0 | |
| Source: | Code function: | 4_2_373509D0 | |
| Source: | Code function: | 4_2_373577C8 | |
| Source: | Code function: | 4_2_37356E38 | |
| Source: | Code function: | 4_2_37358620 | |
| Source: | Code function: | 4_2_37351828 | |
| Source: | Code function: | 4_2_37353010 | |
| Source: | Code function: | 4_2_37353E68 | |
| Source: | Code function: | 4_2_37355650 | |
| Source: | Code function: | 4_2_37350040 | |
| Source: | Code function: | 4_2_373564A8 | |
| Source: | Code function: | 4_2_37357C90 | |
| Source: | Code function: | 4_2_37350E98 | |
| Source: | Code function: | 4_2_37352680 | |
| Source: | Code function: | 4_2_37351CF0 | |
| Source: | Code function: | 4_2_37358AE8 | |
| Source: | Code function: | 4_2_373534D8 | |
| Source: | Code function: | 4_2_37354CC0 | |
| Source: | Code function: | 4_2_37376FB8 | |
| Source: | Code function: | 4_2_37376FA9 | |
Networking | |
|---|
| Source: | Suricata IDS: | ||
| Source: | DNS query: | ||
| Source: | TCP traffic: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | JA3 fingerprint: | ||
| Source: | JA3 fingerprint: | ||
| Source: | JA3 fingerprint: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Code function: | 0_2_00405339 | |
| Source: | Process Stats: | ||
| Source: | Code function: | 0_2_00403328 | |
| Source: | Code function: | 4_2_00403328 | |
| Source: | Code function: | 0_2_00404B78 | |
| Source: | Code function: | 0_2_6F951A98 | |
| Source: | Code function: | 4_2_00404B78 | |
| Source: | Code function: | 4_2_037C5370 | |
| Source: | Code function: | 4_2_037CD2C9 | |
| Source: | Code function: | 4_2_037CC147 | |
| Source: | Code function: | 4_2_037CD599 | |
| Source: | Code function: | 4_2_037CCA58 | |
| Source: | Code function: | 4_2_037C69A0 | |
| Source: | Code function: | 4_2_037CCFF7 | |
| Source: | Code function: | 4_2_037C6FC8 | |
| Source: | Code function: | 4_2_037CCD28 | |
| Source: | Code function: | 4_2_037C9DE0 | |
| Source: | Code function: | 4_2_037CEC18 | |
| Source: | Code function: | 4_2_037C29EC | |
| Source: | Code function: | 4_2_037CEC0B | |
| Source: | Code function: | 4_2_370CD680 | |
| Source: | Code function: | 4_2_370C02A0 | |
| Source: | Code function: | 4_2_370CBDA0 | |
| Source: | Code function: | 4_2_370C6F00 | |
| Source: | Code function: | 4_2_370C6F10 | |
| Source: | Code function: | 4_2_370C4F13 | |
| Source: | Code function: | 4_2_370C4F20 | |
| Source: | Code function: | 4_2_370CF320 | |
| Source: | Code function: | 4_2_370C2F23 | |
| Source: | Code function: | 4_2_370CB339 | |
| Source: | Code function: | 4_2_370CDB39 | |
| Source: | Code function: | 4_2_370C2F30 | |
| Source: | Code function: | 4_2_370CF330 | |
| Source: | Code function: | 4_2_370CB348 | |
| Source: | Code function: | 4_2_370CDB48 | |
| Source: | Code function: | 4_2_370C9348 | |
| Source: | Code function: | 4_2_370CCB41 | |
| Source: | Code function: | 4_2_370C9358 | |
| Source: | Code function: | 4_2_370CCB50 | |
| Source: | Code function: | 4_2_370C2395 | |
| Source: | Code function: | 4_2_370C7393 | |
| Source: | Code function: | 4_2_370C33AF | |
| Source: | Code function: | 4_2_370C53AB | |
| Source: | Code function: | 4_2_370C73A0 | |
| Source: | Code function: | 4_2_370C53B0 | |
| Source: | Code function: | 4_2_370CB7C7 | |
| Source: | Code function: | 4_2_370C33C0 | |
| Source: | Code function: | 4_2_370CB7D8 | |
| Source: | Code function: | 4_2_370C97D9 | |
| Source: | Code function: | 4_2_370C07D0 | |
| Source: | Code function: | 4_2_370C97E8 | |
| Source: | Code function: | 4_2_370CF7E8 | |
| Source: | Code function: | 4_2_370CCFE0 | |
| Source: | Code function: | 4_2_370CDFFF | |
| Source: | Code function: | 4_2_370CF7F8 | |
| Source: | Code function: | 4_2_370C4600 | |
| Source: | Code function: | 4_2_370CC21F | |
| Source: | Code function: | 4_2_370CAA18 | |
| Source: | Code function: | 4_2_370C2610 | |
| Source: | Code function: | 4_2_370CAA28 | |
| Source: | Code function: | 4_2_370CC230 | |
| Source: | Code function: | 4_2_370CEE57 | |
| Source: | Code function: | 4_2_370CEE68 | |
| Source: | Code function: | 4_2_370C8A60 | |
| Source: | Code function: | 4_2_370C8A70 | |
| Source: | Code function: | 4_2_370C6A70 | |
| Source: | Code function: | 4_2_370CD671 | |
| Source: | Code function: | 4_2_370C028F | |
| Source: | Code function: | 4_2_370C6A80 | |
| Source: | Code function: | 4_2_370C4A80 | |
| Source: | Code function: | 4_2_370C4A90 | |
| Source: | Code function: | 4_2_370C2A90 | |
| Source: | Code function: | 4_2_370CAEA7 | |
| Source: | Code function: | 4_2_370C2AA0 | |
| Source: | Code function: | 4_2_370CAEB8 | |
| Source: | Code function: | 4_2_370C8EB8 | |
| Source: | Code function: | 4_2_370CC6B2 | |
| Source: | Code function: | 4_2_370C8EC8 | |
| Source: | Code function: | 4_2_370CC6C0 | |
| Source: | Code function: | 4_2_370CA108 | |
| Source: | Code function: | 4_2_370C813F | |
| Source: | Code function: | 4_2_370C8150 | |
| Source: | Code function: | 4_2_370C6150 | |
| Source: | Code function: | 4_2_370C6160 | |
| Source: | Code function: | 4_2_370C4160 | |
| Source: | Code function: | 4_2_370C4170 | |
| Source: | Code function: | 4_2_370CE98F | |
| Source: | Code function: | 4_2_370CA588 | |
| Source: | Code function: | 4_2_370CA598 | |
| Source: | Code function: | 4_2_370CBD90 | |
| Source: | Code function: | 4_2_370CE9A0 | |
| Source: | Code function: | 4_2_370C85D2 | |
| Source: | Code function: | 4_2_370C45EF | |
| Source: | Code function: | 4_2_370C65E7 | |
| Source: | Code function: | 4_2_370C85E0 | |
| Source: | Code function: | 4_2_370C65F0 | |
| Source: | Code function: | 4_2_370C781F | |
| Source: | Code function: | 4_2_370C1818 | |
| Source: | Code function: | 4_2_370CE010 | |
| Source: | Code function: | 4_2_370C582F | |
| Source: | Code function: | 4_2_370C1828 | |
| Source: | Code function: | 4_2_370C7830 | |
| Source: | Code function: | 4_2_370C384B | |
| Source: | Code function: | 4_2_370C5840 | |
| Source: | Code function: | 4_2_370C3850 | |
| Source: | Code function: | 4_2_370C9C67 | |
| Source: | Code function: | 4_2_370C9C78 | |
| Source: | Code function: | 4_2_370CFCAF | |
| Source: | Code function: | 4_2_370C7CB0 | |
| Source: | Code function: | 4_2_370CE4C7 | |
| Source: | Code function: | 4_2_370C7CC0 | |
| Source: | Code function: | 4_2_370CFCC0 | |
| Source: | Code function: | 4_2_370C5CC0 | |
| Source: | Code function: | 4_2_370CE4D8 | |
| Source: | Code function: | 4_2_370C3CD7 | |
| Source: | Code function: | 4_2_370C5CD0 | |
| Source: | Code function: | 4_2_370C3CE0 | |
| Source: | Code function: | 4_2_370CA0F9 | |
| Source: | Code function: | 4_2_370D23D8 | |
| Source: | Code function: | 4_2_370D9210 | |
| Source: | Code function: | 4_2_370DFA58 | |
| Source: | Code function: | 4_2_370DF508 | |
| Source: | Code function: | 4_2_370DC990 | |
| Source: | Code function: | 4_2_370DE5A8 | |
| Source: | Code function: | 4_2_370D1C58 | |
| Source: | Code function: | 4_2_370D4CF0 | |
| Source: | Code function: | 4_2_370D0B20 | |
| Source: | Code function: | 4_2_370D0B30 | |
| Source: | Code function: | 4_2_370DD370 | |
| Source: | Code function: | 4_2_370DD380 | |
| Source: | Code function: | 4_2_370DEA00 | |
| Source: | Code function: | 4_2_370DEE58 | |
| Source: | Code function: | 4_2_370DEE57 | |
| Source: | Code function: | 4_2_370DCE78 | |
| Source: | Code function: | 4_2_370DCE88 | |
| Source: | Code function: | 4_2_370DF507 | |
| Source: | Code function: | 4_2_370DE119 | |
| Source: | Code function: | 4_2_370DE128 | |
| Source: | Code function: | 4_2_370DC985 | |
| Source: | Code function: | 4_2_370DE598 | |
| Source: | Code function: | 4_2_370DE9FF | |
| Source: | Code function: | 4_2_370D0006 | |
| Source: | Code function: | 4_2_370D1C49 | |
| Source: | Code function: | 4_2_370D0040 | |
| Source: | Code function: | 4_2_370D8868 | |
| Source: | Code function: | 4_2_370DD868 | |
| Source: | Code function: | 4_2_370DD878 | |
| Source: | Code function: | 4_2_370DDCC1 | |
| Source: | Code function: | 4_2_370DDCD0 | |
| Source: | Code function: | 4_2_370D4CE1 | |
| Source: | Code function: | 4_2_370D98E0 | |
| Source: | Code function: | 4_2_3735F730 | |
| Source: | Code function: | 4_2_37358FB0 | |
| Source: | Code function: | 4_2_373547F8 | |
| Source: | Code function: | 4_2_37352B37 | |
| Source: | Code function: | 4_2_37354330 | |
| Source: | Code function: | 4_2_3735F721 | |
| Source: | Code function: | 4_2_37354320 | |
| Source: | Code function: | 4_2_3735D128 | |
| Source: | Code function: | 4_2_37355B18 | |
| Source: | Code function: | 4_2_37357300 | |
| Source: | Code function: | 4_2_3735ED00 | |
| Source: | Code function: | 4_2_37355B09 | |
| Source: | Code function: | 4_2_37350508 | |
| Source: | Code function: | 4_2_37356970 | |
| Source: | Code function: | 4_2_3735BF70 | |
| Source: | Code function: | 4_2_3735517A | |
| Source: | Code function: | 4_2_37351360 | |
| Source: | Code function: | 4_2_3735E568 | |
| Source: | Code function: | 4_2_37351351 | |
| Source: | Code function: | 4_2_3735695F | |
| Source: | Code function: | 4_2_37358158 | |
| Source: | Code function: | 4_2_37358147 | |
| Source: | Code function: | 4_2_37352B48 | |
| Source: | Code function: | 4_2_3735DB48 | |
| Source: | Code function: | 4_2_373577B9 | |
| Source: | Code function: | 4_2_373521B8 | |
| Source: | Code function: | 4_2_3735ADB8 | |
| Source: | Code function: | 4_2_37358FA0 | |
| Source: | Code function: | 4_2_373539A0 | |
| Source: | Code function: | 4_2_373521A9 | |
| Source: | Code function: | 4_2_37353992 | |
| Source: | Code function: | 4_2_37355188 | |
| Source: | Code function: | 4_2_3735EF88 | |
| Source: | Code function: | 4_2_3735E7F0 | |
| Source: | Code function: | 4_2_373547E7 | |
| Source: | Code function: | 4_2_37355FE0 | |
| Source: | Code function: | 4_2_373509D0 | |
| Source: | Code function: | 4_2_3735B7D8 | |
| Source: | Code function: | 4_2_373509C0 | |
| Source: | Code function: | 4_2_37355FCF | |
| Source: | Code function: | 4_2_373577C8 | |
| Source: | Code function: | 4_2_3735FA3F | |
| Source: | Code function: | 4_2_37356E38 | |
| Source: | Code function: | 4_2_3735D638 | |
| Source: | Code function: | 4_2_37358620 | |
| Source: | Code function: | 4_2_37356E28 | |
| Source: | Code function: | 4_2_37351828 | |
| Source: | Code function: | 4_2_3735F211 | |
| Source: | Code function: | 4_2_37358610 | |
| Source: | Code function: | 4_2_37353010 | |
| Source: | Code function: | 4_2_37351818 | |
| Source: | Code function: | 4_2_3735CC18 | |
| Source: | Code function: | 4_2_37350006 | |
| Source: | Code function: | 4_2_37353000 | |
| Source: | Code function: | 4_2_3735EA78 | |
| Source: | Code function: | 4_2_37359467 | |
| Source: | Code function: | 4_2_3735BA66 | |
| Source: | Code function: | 4_2_3735266F | |
| Source: | Code function: | 4_2_37353E68 | |
| Source: | Code function: | 4_2_37353E57 | |
| Source: | Code function: | 4_2_3735FA50 | |
| Source: | Code function: | 4_2_37355650 | |
| Source: | Code function: | 4_2_3735E058 | |
| Source: | Code function: | 4_2_37355641 | |
| Source: | Code function: | 4_2_37350040 | |
| Source: | Code function: | 4_2_37354CB0 | |
| Source: | Code function: | 4_2_373564A8 | |
| Source: | Code function: | 4_2_3735A8A8 | |
| Source: | Code function: | 4_2_37357C90 | |
| Source: | Code function: | 4_2_37356498 | |
| Source: | Code function: | 4_2_37350E98 | |
| Source: | Code function: | 4_2_3735F498 | |
| Source: | Code function: | 4_2_37357C81 | |
| Source: | Code function: | 4_2_37352680 | |
| Source: | Code function: | 4_2_37350E88 | |
| Source: | Code function: | 4_2_373504F7 | |
| Source: | Code function: | 4_2_37351CF0 | |
| Source: | Code function: | 4_2_373572F0 | |
| Source: | Code function: | 4_2_37351CE1 | |
| Source: | Code function: | 4_2_3735E2E0 | |
| Source: | Code function: | 4_2_37358AE8 | |
| Source: | Code function: | 4_2_37358AD8 | |
| Source: | Code function: | 4_2_373534D8 | |
| Source: | Code function: | 4_2_373534C7 | |
| Source: | Code function: | 4_2_37354CC0 | |
| Source: | Code function: | 4_2_3735D8C0 | |
| Source: | Code function: | 4_2_3735B2C8 | |
| Source: | Code function: | 4_2_37366DA0 | |
| Source: | Code function: | 4_2_3736E780 | |
| Source: | Code function: | 4_2_373670C0 | |
| Source: | Code function: | 4_2_37367D33 | |
| Source: | Code function: | 4_2_37361930 | |
| Source: | Code function: | 4_2_3736AF30 | |
| Source: | Code function: | 4_2_37362F20 | |
| Source: | Code function: | 4_2_37366120 | |
| Source: | Code function: | 4_2_37369320 | |
| Source: | Code function: | 4_2_3736C520 | |
| Source: | Code function: | 4_2_37364B2F | |
| Source: | Code function: | 4_2_3736E12F | |
| Source: | Code function: | 4_2_37362F10 | |
| Source: | Code function: | 4_2_37361300 | |
| Source: | Code function: | 4_2_37364500 | |
| Source: | Code function: | 4_2_37367700 | |
| Source: | Code function: | 4_2_3736A900 | |
| Source: | Code function: | 4_2_3736DB00 | |
| Source: | Code function: | 4_2_3736610F | |
| Source: | Code function: | 4_2_3736C50F | |
| Source: | Code function: | 4_2_37361F73 | |
| Source: | Code function: | 4_2_3736B571 | |
| Source: | Code function: | 4_2_3736E771 | |
| Source: | Code function: | 4_2_37360360 | |
| Source: | Code function: | 4_2_37363560 | |
| Source: | Code function: | 4_2_37366760 | |
| Source: | Code function: | 4_2_37369960 | |
| Source: | Code function: | 4_2_3736CB60 | |
| Source: | Code function: | 4_2_3736516F | |
| Source: | Code function: | 4_2_37360350 | |
| Source: | Code function: | 4_2_3736CB50 | |
| Source: | Code function: | 4_2_37366751 | |
| Source: | Code function: | 4_2_3736E140 | |
| Source: | Code function: | 4_2_37361940 | |
| Source: | Code function: | 4_2_37364B40 | |
| Source: | Code function: | 4_2_37367D40 | |
| Source: | Code function: | 4_2_3736AF40 | |
| Source: | Code function: | 4_2_3736354F | |
| Source: | Code function: | 4_2_3736BBB9 | |
| Source: | Code function: | 4_2_373609A0 | |
| Source: | Code function: | 4_2_37363BA0 | |
| Source: | Code function: | 4_2_37369FA0 | |
| Source: | Code function: | 4_2_3736D1A0 | |
| Source: | Code function: | 4_2_373625AF | |
| Source: | Code function: | 4_2_373657AF | |
| Source: | Code function: | 4_2_373689AF | |
| Source: | Code function: | 4_2_37366D90 | |
| Source: | Code function: | 4_2_37360990 | |
| Source: | Code function: | 4_2_3736D191 | |
| Source: | Code function: | 4_2_37361F80 | |
| Source: | Code function: | 4_2_37365180 | |
| Source: | Code function: | 4_2_37368380 | |
| Source: | Code function: | 4_2_3736B580 | |
| Source: | Code function: | 4_2_37363B8F | |
| Source: | Code function: | 4_2_37369F8F | |
| Source: | Code function: | 4_2_37365DF0 | |
| Source: | Code function: | 4_2_37362BF0 | |
| Source: | Code function: | 4_2_3736C1F0 | |
| Source: | Code function: | 4_2_37360FE0 | |
| Source: | Code function: | 4_2_373641E0 | |
| Source: | Code function: | 4_2_373673E0 | |
| Source: | Code function: | 4_2_3736A5E0 | |
| Source: | Code function: | 4_2_3736D7E0 | |
| Source: | Code function: | 4_2_3736A5D3 | |
| Source: | Code function: | 4_2_37360FD0 | |
| Source: | Code function: | 4_2_373641D0 | |
| Source: | Code function: | 4_2_373673D0 | |
| Source: | Code function: | 4_2_373625C0 | |
| Source: | Code function: | 4_2_373657C0 | |
| Source: | Code function: | 4_2_373689C0 | |
| Source: | Code function: | 4_2_3736BBC0 | |
| Source: | Code function: | 4_2_3736D7CF | |
| Source: | Code function: | 4_2_37369633 | |
| Source: | Code function: | 4_2_37363231 | |
| Source: | Code function: | 4_2_37361620 | |
| Source: | Code function: | 4_2_37364820 | |
| Source: | Code function: | 4_2_37367A20 | |
| Source: | Code function: | 4_2_3736AC20 | |
| Source: | Code function: | 4_2_3736DE20 | |
| Source: | Code function: | 4_2_3736642F | |
| Source: | Code function: | 4_2_3736C82F | |
| Source: | Code function: | 4_2_37367A10 | |
| Source: | Code function: | 4_2_37361610 | |
| Source: | Code function: | 4_2_3736DE10 | |
| Source: | Code function: | 4_2_37364811 | |
| Source: | Code function: | 4_2_3736001E | |
| Source: | Code function: | 4_2_37362C00 | |
| Source: | Code function: | 4_2_37365E00 | |
| Source: | Code function: | 4_2_37369000 | |
| Source: | Code function: | 4_2_3736C200 | |
| Source: | Code function: | 4_2_37360670 | |
| Source: | Code function: | 4_2_37363870 | |
| Source: | Code function: | 4_2_3736CE70 | |
| Source: | Code function: | 4_2_3736E460 | |
| Source: | Code function: | 4_2_37361C60 | |
| Source: | Code function: | 4_2_37364E60 | |
| Source: | Code function: | 4_2_37368060 | |
| Source: | Code function: | 4_2_3736B260 | |
| Source: | Code function: | 4_2_37369C6F | |
| Source: | Code function: | 4_2_37368050 | |
| Source: | Code function: | 4_2_3736E450 | |
| Source: | Code function: | 4_2_37360040 | |
| Source: | Code function: | 4_2_37363240 | |
| Source: | Code function: | 4_2_37366440 | |
| Source: | Code function: | 4_2_37369640 | |
| Source: | Code function: | 4_2_3736C840 | |
| Source: | Code function: | 4_2_37361C4F | |
| Source: | Code function: | 4_2_37364E4F | |
| Source: | Code function: | 4_2_3736B24F | |
| Source: | Code function: | 4_2_37360CB3 | |
| Source: | Code function: | 4_2_3736A2B3 | |
| Source: | Code function: | 4_2_3736D4B3 | |
| Source: | Code function: | 4_2_373670B1 | |
| Source: | Code function: | 4_2_373622A0 | |
| Source: | Code function: | 4_2_373654A0 | |
| Source: | Code function: | 4_2_373686A0 | |
| Source: | Code function: | 4_2_3736B8A0 | |
| Source: | Code function: | 4_2_37363EAF | |
| Source: | Code function: | 4_2_37362293 | |
| Source: | Code function: | 4_2_3736B893 | |
| Source: | Code function: | 4_2_37365490 | |
| Source: | Code function: | 4_2_37368690 | |
| Source: | Code function: | 4_2_37360680 | |
| Source: | Code function: | 4_2_37363880 | |
| Source: | Code function: | 4_2_37366A80 | |
| Source: | Code function: | 4_2_37369C80 | |
| Source: | Code function: | 4_2_3736CE80 | |
| Source: | Code function: | 4_2_373644F0 | |
| Source: | Code function: | 4_2_373628E0 | |
| Source: | Code function: | 4_2_37365AE0 | |
| Source: | Code function: | 4_2_37368CE0 | |
| Source: | Code function: | 4_2_3736BEE0 | |
| Source: | Code function: | 4_2_373612EF | |
| Source: | Code function: | 4_2_3736DAEF | |
| Source: | Code function: | 4_2_37365AD1 | |
| Source: | Code function: | 4_2_3736BED1 | |
| Source: | Code function: | 4_2_37360CC0 | |
| Source: | Code function: | 4_2_37363EC0 | |
| Source: | Code function: | 4_2_3736A2C0 | |
| Source: | Code function: | 4_2_3736D4C0 | |
| Source: | Code function: | 4_2_37376730 | |
| Source: | Code function: | 4_2_37374F30 | |
| Source: | Code function: | 4_2_37372B38 | |
| Source: | Code function: | 4_2_37374C20 | |
| Source: | Code function: | 4_2_37374F20 | |
| Source: | Code function: | 4_2_37376720 | |
| Source: | Code function: | 4_2_37372628 | |
| Source: | Code function: | 4_2_37374710 | |
| Source: | Code function: | 4_2_37374200 | |
| Source: | Code function: | 4_2_37371470 | |
| Source: | Code function: | 4_2_37373F79 | |
| Source: | Code function: | 4_2_37370F60 | |
| Source: | Code function: | 4_2_37373558 | |
| Source: | Code function: | 4_2_37371E90 | |
| Source: | Code function: | 4_2_37374998 | |
| Source: | Code function: | 4_2_37371981 | |
| Source: | Code function: | 4_2_37374488 | |
| Source: | Code function: | 4_2_37373CF0 | |
| Source: | Code function: | 4_2_373716FB | |
| Source: | Code function: | 4_2_373711E8 | |
| Source: | Code function: | 4_2_373732D0 | |
| Source: | Code function: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Classification label: | ||
| Source: | Code function: | 0_2_00403328 | |
| Source: | Code function: | 4_2_00403328 | |
| Source: | Code function: | 0_2_00404605 | |
| Source: | Code function: | 0_2_004020D1 | |
| Source: | File created: | Jump to behavior | ||
| Source: | Mutant created: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Virustotal: | ||
| Source: | ReversingLabs: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | File written: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Static file information: | ||
| Source: | Static PE information: | ||
Data Obfuscation | |
|---|
| Source: | File source: | ||
| Source: | Code function: | 0_2_6F951A98 | |
| Source: | Code function: | 0_2_6F952F4E | |
| Source: | Code function: | 4_2_037C9D55 | |
| Source: | Code function: | 4_2_370D3B59 | |
| Source: | Code function: | 4_2_37370CD9 | |
Persistence and Installation Behavior | |
|---|
| Source: | Joe Sandbox AI: | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
Malware Analysis System Evasion | |
|---|
| Source: | API/Special instruction interceptor: | ||
| Source: | API/Special instruction interceptor: | ||
| Source: | RDTSC instruction interceptor: | ||
| Source: | RDTSC instruction interceptor: | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Code function: | 4_2_3736001E | |
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | API coverage: | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Code function: | 0_2_0040589C | |
| Source: | Code function: | 0_2_004063D7 | |
| Source: | Code function: | 0_2_004026FE | |
| Source: | Code function: | 4_2_004063D7 | |
| Source: | Code function: | 4_2_004026FE | |
| Source: | Code function: | 4_2_0040589C | |
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | API call chain: | graph_0-4262 | ||
| Source: | API call chain: | graph_0-4267 | ||
| Source: | Code function: | 4_2_3736001E | |
| Source: | Code function: | 0_2_6F951A98 | |
| Source: | Process token adjusted: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Code function: | 0_2_00403328 | |
| Source: | Key value queried: | Jump to behavior | ||
Stealing of Sensitive Information | |
|---|
| Source: | File source: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | File source: | ||
Remote Access Functionality | |
|---|
| Source: | File source: | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Native API | 1 DLL Side-Loading | 1 Access Token Manipulation | 1 Masquerading | 1 OS Credential Dumping | 211 Security Software Discovery | Remote Services | 1 Email Collection | 1 Web Service | Exfiltration Over Other Network Medium | 1 System Shutdown/Reboot |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 11 Process Injection | 1 Disable or Modify Tools | LSASS Memory | 31 Virtualization/Sandbox Evasion | Remote Desktop Protocol | 1 Archive Collected Data | 21 Encrypted Channel | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 1 DLL Side-Loading | 31 Virtualization/Sandbox Evasion | Security Account Manager | 1 Application Window Discovery | SMB/Windows Admin Shares | 1 Data from Local System | 3 Ingress Tool Transfer | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Access Token Manipulation | NTDS | 1 System Network Configuration Discovery | Distributed Component Object Model | 1 Clipboard Data | 3 Non-Application Layer Protocol | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 11 Process Injection | LSA Secrets | 4 File and Directory Discovery | SSH | Keylogging | 14 Application Layer Protocol | Scheduled Transfer | Data Encrypted for Impact |
| Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 Deobfuscate/Decode Files or Information | Cached Domain Credentials | 215 System Information Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
| DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 3 Obfuscated Files or Information | DCSync | Remote System Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
| Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 1 DLL Side-Loading | Proc Filesystem | System Owner/User Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 13% | Virustotal | Browse | ||
| 14% | ReversingLabs | Win32.Trojan.Generic |
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 3% | ReversingLabs | |||
| 0% | Virustotal | Browse |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| drive.google.com | 172.217.23.110 | true | false | high | |
| drive.usercontent.google.com | 142.250.181.225 | true | false | high | |
| reallyfreegeoip.org | 104.21.112.1 | true | false | high | |
| api.telegram.org | 149.154.167.220 | true | false | high | |
| checkip.dyndns.com | 132.226.247.73 | true | false | high | |
| checkip.dyndns.org | unknown | unknown | false | high |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| false | high | ||
| false | high | ||
| false | high |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 172.217.23.110 | drive.google.com | United States | 15169 | GOOGLEUS | false | |
| 149.154.167.220 | api.telegram.org | United Kingdom | 62041 | TELEGRAMRU | false | |
| 104.21.112.1 | reallyfreegeoip.org | United States | 13335 | CLOUDFLARENETUS | false | |
| 142.250.181.225 | drive.usercontent.google.com | United States | 15169 | GOOGLEUS | false | |
| 132.226.247.73 | checkip.dyndns.com | United States | 16989 | UTMEMUS | false |
| Joe Sandbox version: | 42.0.0 Malachite |
| Analysis ID: | 1614889 |
| Start date and time: | 2025-02-14 08:27:50 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 7m 15s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 6 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | 4a. RFx-4045.exe |
| Detection: | MAL |
| Classification: | mal100.troj.spyw.evad.winEXE@3/31@5/5 |
| EGA Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
- Excluded IPs from analysis (whitelisted): 52.149.20.212, 13.107.246.45
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, dns.msftncsi.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing disassembly code.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
- Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
| Time | Type | Description |
|---|---|---|
| 02:30:21 | API Interceptor |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 149.154.167.220 | Get hash | malicious | GuLoader, Snake Keylogger | Browse | ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse | |||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse | |||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse | |||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse | |||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse | |||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse | |||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse | |||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse | |||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse | |||
| 104.21.112.1 | Get hash | malicious | FormBook | Browse |
| |
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | DarkTortilla, Lokibot | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| 132.226.247.73 | Get hash | malicious | DBatLoader, MassLogger RAT, PureLog Stealer | Browse |
| |
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| checkip.dyndns.com | Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| |
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | DBatLoader, MassLogger RAT, PureLog Stealer | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| reallyfreegeoip.org | Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| |
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | DBatLoader, MassLogger RAT, PureLog Stealer | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| api.telegram.org | Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| |
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| TELEGRAMRU | Get hash | malicious | Vidar | Browse |
| |
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| UTMEMUS | Get hash | malicious | DBatLoader, MassLogger RAT, PureLog Stealer | Browse |
| |
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| CLOUDFLARENETUS | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Kdot Stealer | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | DBatLoader, MassLogger RAT, PureLog Stealer | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 54328bd36c14bd82ddaa0c04b25ed9ad | Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| |
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | DBatLoader, MassLogger RAT, PureLog Stealer | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| 3b5074b1b5d032e5620f69f9f700ff0e | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Kdot Stealer | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Remcos, PureLog Stealer, zgRAT | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| 37f463bf4616ecd445d4a1937da06e19 | Get hash | malicious | Kdot Stealer | Browse |
| |
| Get hash | malicious | Vidar | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| C:\Users\user\AppData\Local\Temp\nsm1926.tmp\System.dll | Get hash | malicious | GuLoader, Snake Keylogger | Browse | ||
| Get hash | malicious | GuLoader | Browse | |||
| Get hash | malicious | GuLoader | Browse | |||
| Get hash | malicious | GuLoader | Browse | |||
| Get hash | malicious | GuLoader | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | GuLoader, Remcos | Browse | |||
| Get hash | malicious | GuLoader | Browse | |||
| Get hash | malicious | Remcos, GuLoader | Browse |
| Process: | C:\Users\user\Desktop\4a. RFx-4045.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 47 |
| Entropy (8bit): | 4.628848957968553 |
| Encrypted: | false |
| SSDEEP: | 3:YOm45GXQLQIfLBJXmgxv:5TGXQkIP2I |
| MD5: | B895D576D6637A778B387B2FCA0F56EC |
| SHA1: | E78D2BE4D94673D612C16D29C330BB0C78778429 |
| SHA-256: | BFEC1E97ED5D34825521D60B98986D1564CD159B4D1F9569EAE4C3464D2F5C47 |
| SHA-512: | B4A771D1B517A2776BA440F79F168306C244DF1A6DE1966313157154D8D52BEAD8131B95F846C2F55C15382E04284FFFC6CF6ABF3F6FCFCB259DF2EA58D769E5 |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
| Process: | C:\Users\user\Desktop\4a. RFx-4045.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 15984273 |
| Entropy (8bit): | 1.2057475191641773 |
| Encrypted: | false |
| SSDEEP: | 49152:eB/EM///Fcc6ChZqIq4qNqzqOq0qQMPqBq:eB/EM//5bLRO4Z1YS |
| MD5: | 241996D3CEEEFAED7E7FE7B7073FC4DB |
| SHA1: | 62B5E14BF0848A0DE68FD425C30AE63DCA69F134 |
| SHA-256: | C1008BD39C188E2ACB8EA4330323F293682979347E7F1B65D21DB77EF937A5AB |
| SHA-512: | 856FEFEDD9F0381BE5FE3FAB72F3F98D0AD7B8A8C512982E2940DDE5946737D1FB71A51F0A59C231E3D5BFC9B681B5E8719108A5B29499BD1B60D7EF7A6EC349 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\4a. RFx-4045.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 74 |
| Entropy (8bit): | 3.9637832956585757 |
| Encrypted: | false |
| SSDEEP: | 3:sRQE1wFEt/ijNJyI3dj2+n:aQEGiwh3D |
| MD5: | 16D513397F3C1F8334E8F3E4FC49828F |
| SHA1: | 4EE15AFCA81CA6A13AF4E38240099B730D6931F0 |
| SHA-256: | D3C781A1855C8A70F5ACA88D9E2C92AFFFA80541334731F62CAA9494AA8A0C36 |
| SHA-512: | 4A350B790FDD2FE957E9AB48D5969B217AB19FC7F93F3774F1121A5F140FF9A9EAAA8FA30E06A9EF40AD776E698C2E65A05323C3ADF84271DA1716E75F5183C3 |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
| Process: | C:\Users\user\Desktop\4a. RFx-4045.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 56 |
| Entropy (8bit): | 4.128497557218257 |
| Encrypted: | false |
| SSDEEP: | 3:sAAEVvjsghW5j84n:fL5A |
| MD5: | C85BCFE29111D0162A9D9A12508B7650 |
| SHA1: | 411234E75233D6CB9C7490356685022294A57AC4 |
| SHA-256: | 6109EB387C1152BA8A7674A25B3282628A708602D95AFE63C4D709F2C786467B |
| SHA-512: | D721253DD5847B36F124C7A3DA644E2EAE8CAC51F392DC8E611097459152A30BC2670688AB64D6DCE8DADD9E9B1D8B60F1579BDB9DDF97A37C851B75F263735E |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\4a. RFx-4045.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 11776 |
| Entropy (8bit): | 5.825582780706362 |
| Encrypted: | false |
| SSDEEP: | 192:yPtkiQJr7V9r3Ftr87NfwXQ6whlgi62V7i77blbTc4DI:N7Vxr8IgLgi3sVc4 |
| MD5: | FBE295E5A1ACFBD0A6271898F885FE6A |
| SHA1: | D6D205922E61635472EFB13C2BB92C9AC6CB96DA |
| SHA-256: | A1390A78533C47E55CC364E97AF431117126D04A7FAED49390210EA3E89DD0E1 |
| SHA-512: | 2CB596971E504EAF1CE8E3F09719EBFB3F6234CEA5CA7B0D33EC7500832FF4B97EC2BBE15A1FBF7E6A5B02C59DB824092B9562CD8991F4D027FEAB6FD3177B06 |
| Malicious: | false |
| Antivirus: |
|
| Joe Sandbox View: |
|
| Reputation: | moderate, very likely benign file |
| Preview: |
| Process: | C:\Users\user\Desktop\4a. RFx-4045.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 52 |
| Entropy (8bit): | 4.0914493934217315 |
| Encrypted: | false |
| SSDEEP: | 3:sBa99k1NoCFOn:KankVg |
| MD5: | 5D04A35D3950677049C7A0CF17E37125 |
| SHA1: | CAFDD49A953864F83D387774B39B2657A253470F |
| SHA-256: | A9493973DD293917F3EBB932AB255F8CAC40121707548DE100D5969956BB1266 |
| SHA-512: | C7B1AFD95299C0712BDBC67F9D2714926D6EC9F71909AF615AFFC400D8D2216AB76F6AC35057088836435DE36E919507E1B25BE87B07C911083F964EB67E003B |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
| Process: | C:\Users\user\Desktop\4a. RFx-4045.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 60 |
| Entropy (8bit): | 4.442052005409673 |
| Encrypted: | false |
| SSDEEP: | 3:sEMBQEJkJVEjeeWsxQoXUn:be/xvUn |
| MD5: | 49578952E394631F91A1BA055BAB4366 |
| SHA1: | FD279681BFAD6F1E478F26C5D32642CFB1D59779 |
| SHA-256: | 308B6385D90F5C25AE9580D291EA0001D25B1261DBEFEBE55809AA0A1D3DE9B0 |
| SHA-512: | 39FD3D2EA366EDA721FAEF1316304F7B2831A7F9B56D2B310EB7EADD05D16764322CF93BDE98CDA20B864D813E28A22AA0A02B7BCD0F22A6930BDFCB4DC72B6A |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\4a. RFx-4045.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 30 |
| Entropy (8bit): | 4.256564762130954 |
| Encrypted: | false |
| SSDEEP: | 3:DyWgLQIfLBJXmgU:mkIP25 |
| MD5: | F15BFDEBB2DF02D02C8491BDE1B4E9BD |
| SHA1: | 93BD46F57C3316C27CAD2605DDF81D6C0BDE9301 |
| SHA-256: | C87F2FF45BB530577FB8856DF1760EDAF1060AE4EE2934B17FDD21B7D116F043 |
| SHA-512: | 1757ED4AE4D47D0C839511C18BE5D75796224D4A3049E2D8853650ACE2C5057C42040DE6450BF90DD4969862E9EBB420CD8A34F8DD9C970779ED2E5459E8F2F1 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\4a. RFx-4045.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 70338 |
| Entropy (8bit): | 7.971282892297884 |
| Encrypted: | false |
| SSDEEP: | 1536:tOBLZbRkWSQZkvGOeY5S0o3Cbnsi/XZcb+DObCnXNpP8NG9Q:MBNbRfqui84s0XZccObsJQ |
| MD5: | BC2D376C84AAA3DDFFED7983341DC0CF |
| SHA1: | 3D6B74697F04B235E31702004941A3AE80A3A1A8 |
| SHA-256: | E8F4CA40F578BAC96D66EA2FD51C3BB3629140EA8CC0B006C96385E19D4F9137 |
| SHA-512: | E26DBB4359BCFBDB962D7E52B83844D547220FFC5A08407F4D1F7A1075A17452C4B42EEF1ED58F61A83DF4330706C14276E7790B660B4E934CBF33928059C939 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Undularly163\Associeringerne.gaf
Download File
| Process: | C:\Users\user\Desktop\4a. RFx-4045.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 473717 |
| Entropy (8bit): | 7.117995881768696 |
| Encrypted: | false |
| SSDEEP: | 12288:T0akQ/E3Nsne8/pJkWph8UHbg9c6uCpMc/G++:IakQ/E3N+///FH8c6H8 |
| MD5: | F8ADD1D40883DCFD928B2D2F1A63EFEF |
| SHA1: | ADBEDCA746258B6106873CC2DFE1C6F5B00A2C4F |
| SHA-256: | C11B542C745E411A516882C4785F580227983782866CDD3A769BF7BF4CAC9C83 |
| SHA-512: | E7C143D534C4EA4E47E137358DB667A62B51F974E272F25AEF398216839A3F7BAB1A779AA24C3BF8D4B2DB0E1CB3486C287BF12D6A5C840C05D8141DDB5B83B5 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Undularly163\Counterdiscipline\Ovening\tendrilous.ini
Download File
| Process: | C:\Users\user\Desktop\4a. RFx-4045.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 55406 |
| Entropy (8bit): | 7.954825763288269 |
| Encrypted: | false |
| SSDEEP: | 1536:RzrrmDbQ72zevB1xnt95y7tN28xr+dr6Mufz0WA:RmDkKivjFtjy7FAWMub0WA |
| MD5: | BE132A3C167FA453FA6701A4EDC1C260 |
| SHA1: | BDA970354B6BE365210490FE69AD6EDA77B2EEF6 |
| SHA-256: | BC805F28B875933C8B078E2BA1276251A44717DE2D40010A22D3B5CF8806B249 |
| SHA-512: | 8FFE42622043A68193DD0CC121E8DE9D9BA386160221DEAD4944C2B88AF71801E28433EA35E76EABDE8C4F7153AAFA2095A19323C6BE4228D07ECD1FE0951DF4 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Undularly163\Counterdiscipline\Ovening\unbesotted.jpg
Download File
| Process: | C:\Users\user\Desktop\4a. RFx-4045.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 18492 |
| Entropy (8bit): | 7.872864503549539 |
| Encrypted: | false |
| SSDEEP: | 384:QTTS15c6avxFdLPCa274s6lNGI8BvL0PyEVRe+BRHwlqwyEsUhF5:QCRIxTLPCa27alNi5Lce8FRWP5 |
| MD5: | 494DF2334398DEDFE0C5BD0B7F4EB714 |
| SHA1: | 4E26AFBF24669D290AC6272F82045467D95D9CCE |
| SHA-256: | D44C7156D885935D27D585549DCC5D8DC69126BE5A579538766CF41CCD3C2D90 |
| SHA-512: | C9561979607C0E77285630A6DDF6D8FDD1EAAC64A7CA75A9C79C30D611E2CDB17902ABB917FC7F2E19BF8816EF0134AED51F2666658A5B4EB8E53ECE639E0566 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Undularly163\Counterdiscipline\Ovening\volutiform.jpg
Download File
| Process: | C:\Users\user\Desktop\4a. RFx-4045.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 54022 |
| Entropy (8bit): | 7.973400223333002 |
| Encrypted: | false |
| SSDEEP: | 1536:6lk4b2iQgWvml7qJX2doPEKQ9NYy1wGaTgLGC:+k4iJgWxB2NKQ9NJ1Xmgn |
| MD5: | BA261BE646CBCB751376C251A24FFED8 |
| SHA1: | A861B40EFDFFF21CC71BE96246428189A250D8EC |
| SHA-256: | A167005B32BB7C8C7C267DB9107A5EC1ECFA1F991047EEF7F00F2D7D6113D7C9 |
| SHA-512: | 9B07DE921394A0C5D10E41915D892BC2FC4BEAA3987D9974296AB51AEBEA8FCB74E17D7CBD7F897F9B974074A734C6EA479E13EB143FA9614DB48741C1508A35 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Undularly163\Counterdiscipline\Ovening\whitmanesque.til
Download File
| Process: | C:\Users\user\Desktop\4a. RFx-4045.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1133076 |
| Entropy (8bit): | 0.1587030267442814 |
| Encrypted: | false |
| SSDEEP: | 3072:9AxU4v61quAiMmhj7kKSN4BSv3g5BnECjvqDWJXygI00gWto9P1d:Nj/ |
| MD5: | CEB0FFF243EDF97AEBDE59F2B3815B33 |
| SHA1: | FF08B9DCF774DC95B16AA7F0F40BC57CE1EEFA13 |
| SHA-256: | 61716828D6E56E86F4AEDF352FDE53E7F83C3E0293DED086BB05DA3AB8A905C3 |
| SHA-512: | 43D2B1C315D6FC20FC845C4FB55640C8D4BCA7AAB905EEB59935C5D28536C7A31CADF80B1C39B6291DA41623B3512911979C3C185FEA8DC658CB6B61170B3876 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Undularly163\Counterdiscipline\Politistaters.txt
Download File
| Process: | C:\Users\user\Desktop\4a. RFx-4045.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1823 |
| Entropy (8bit): | 7.179632284500361 |
| Encrypted: | false |
| SSDEEP: | 24:D9YMWvo0XxDuLHeOWXG4OZ7DAJuLHenX3vsxZB5ueacXa73ceBimeWTpi0iwzGfG:D9YMPuERAQZ6l3ctW9grfOgc |
| MD5: | F21A683B933A56A612F032E293891DEA |
| SHA1: | B769D490991D9C1E3929B9EE95B45827F71BD289 |
| SHA-256: | 73E0E6A1FC0C09E80B0D57F9607CB699C63B1D3C6E9E4B5B728D8069A0A0833C |
| SHA-512: | C918E2DFDF598BFCAE3C72F9465F738ABC968A10305E5EAD98B4DFC3F46C480A6624C56945415FB97023D282C94A74F7FEFA958768BE32AC721C4517B137D606 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Undularly163\Counterdiscipline\Talefrdighedens.gel
Download File
| Process: | C:\Users\user\Desktop\4a. RFx-4045.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1719528 |
| Entropy (8bit): | 0.1570389935767657 |
| Encrypted: | false |
| SSDEEP: | 3072:SYiVDfuk9CjZrX4CcDJBopByFgALDkVqx/tQyF1to1AG59PlQkjzVAeu+MSf6W:v |
| MD5: | A082A396A2102E3D083E2D2CA96AC591 |
| SHA1: | 6B6B14F111E907778DF61AB4BC0827D8D30BB57C |
| SHA-256: | 7FC9B2ACE350880A5C56AF01E231C7F294A73939E75A2900B0B07E9642FBD558 |
| SHA-512: | 38073A9E97F9A4507259E5FDCD06EBA07AC68A81A68239EC57A21533DD2AF830F9E25191596A4DB0CC8ECD1B9ABF398F6DE971351347FA5EDA1E877EF4C0D81F |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Undularly163\Counterdiscipline\anpartsredernes.ini
Download File
| Process: | C:\Users\user\Desktop\4a. RFx-4045.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 53361 |
| Entropy (8bit): | 7.971625349200023 |
| Encrypted: | false |
| SSDEEP: | 1536:RzrrmDbQ72zevB1xnt95y7tN28xr+dr6Mufz0M:RmDkKivjFtjy7FAWMub0M |
| MD5: | 852E5D784F2F90D8BC8316423BB419BC |
| SHA1: | 6F408BFAA9C5E71003C07000F74F61EEC5613E66 |
| SHA-256: | 2D746E9B04B61B2B24E8C7AD46A9E24247E9CE804B5CEA013ED54C286C5C61CE |
| SHA-512: | 4445E329F501D6741007074B080D6C838F3B6B46C48BD412336B1AB6997E42E2A6F1272454C5FEA0772292691E820A9731559BF575FA227D7021CFD9D1D81C18 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Undularly163\Counterdiscipline\combmaking.ner
Download File
| Process: | C:\Users\user\Desktop\4a. RFx-4045.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 6152045 |
| Entropy (8bit): | 0.15824152730847785 |
| Encrypted: | false |
| SSDEEP: | 3072:1K3uFd74NnS0eEgxU18b3tFsU6nh6e3UtlYfU7tUmfUh/cAHXKzoMDgWzLzITT+K:QWW |
| MD5: | 69B60D9BAC97FA357568191E17DAE395 |
| SHA1: | C022752B176BD6DA12ACB2DCEC71615B98BB5F15 |
| SHA-256: | 381858C058EB3E7847989656075FE172935FA1545FAA596FBD6131B17FB26F3F |
| SHA-512: | 34B96F69D56D7E85F459D9B259FE68ED2BB2E0C84FACAB1374D10A10FDAEBBC05E5026BC40652C894D300658A3E5F47442723AF50DB9B401F5F76F058B726EB9 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Undularly163\Counterdiscipline\farisisme.jpg
Download File
| Process: | C:\Users\user\Desktop\4a. RFx-4045.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 52818 |
| Entropy (8bit): | 7.972835100733444 |
| Encrypted: | false |
| SSDEEP: | 1536:RzrrmDbQ72zevB1xnt95y7tN28xr+dr6Mufz1:RmDkKivjFtjy7FAWMub1 |
| MD5: | F9D854ADDECA5D758A1CC0A1A0011762 |
| SHA1: | 3A2003A886BA6C6C177BA64FAB8D200C65D559D8 |
| SHA-256: | AC110328F29CD54CFD00BEBE8665E8F988C30DB905D568288D5D23A59D37E776 |
| SHA-512: | 69622E99DF431EE1DBE5BC05337C330D01921D2ACD7E487A25F6BE699DD45A5C99E491F419CDA2D7847D4AFDF37B02A2F93CEEDE9247033BC12A571BDDD7F5BA |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Undularly163\Counterdiscipline\flankens.txt
Download File
| Process: | C:\Users\user\Desktop\4a. RFx-4045.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 53954 |
| Entropy (8bit): | 7.968698136893044 |
| Encrypted: | false |
| SSDEEP: | 1536:RzrrmDbQ72zevB1xnt95y7tN28xr+dr6Mufz0M:RmDkKivjFtjy7FAWMub0M |
| MD5: | 990FAE344087CB2DDE31A3BE2A22932B |
| SHA1: | 6716B7B10411710573F0DE910D0AFCD854C234E3 |
| SHA-256: | 263D609E6005C688F6B781E5BCEABB770F38AE2D4C6249466AC60183E20ECEB5 |
| SHA-512: | 124113AD55EDC3447FEA6C96EB584EF81E32290351D9923D0DE98B6D5C72D3F00A16ACBBDCFA09551B10836C1FA2FFFAAB4C7D2EF6B4221DD32C66219703A29E |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Undularly163\Counterdiscipline\fortolkningsreglernes.jpg
Download File
| Process: | C:\Users\user\Desktop\4a. RFx-4045.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1220 |
| Entropy (8bit): | 7.498846333407108 |
| Encrypted: | false |
| SSDEEP: | 24:D9YMWvo0XxDuLHeOWXG4OZ7DAJuLHenX3vsxZB5ueacXa73ceBimeW3:D9YMPuERAQZ6l3ctW3 |
| MD5: | 1C29EB984F256495AB5340694C644235 |
| SHA1: | 819B87E05E56C7533B60AAA724D64883D6E643D6 |
| SHA-256: | 85E28013641DC7A844E89FF895FC848FE733D4719DB8CB53FA89D464AA3E34D0 |
| SHA-512: | C40D5BADD9A87B0A09770BE1D07B671FBD6CB4ECA0120917F46A7CC87936CD91727DEF87E4B30607361CF84347EFA25C711B8BE19DE72BE25590AF0E3493D489 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Undularly163\Counterdiscipline\giften.txt
Download File
| Process: | C:\Users\user\Desktop\4a. RFx-4045.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 55791 |
| Entropy (8bit): | 7.950408861254537 |
| Encrypted: | false |
| SSDEEP: | 1536:RzrrmDbQ72zevB1xnt95y7tN28xr+dr6Mufz0WH:RmDkKivjFtjy7FAWMub0WH |
| MD5: | 4DA0E4AE865CC00D76EDABDE63695EFB |
| SHA1: | BCDA534F7BA33C790F7AC600A9776396EA710128 |
| SHA-256: | 6E22BFF9A85888FB8201021AAC493D296B7FB078B5EDADF0B5BF473F903915DD |
| SHA-512: | 77B9159F78FFA05CEBA92642A506FCBF6A2AA99D305BE7BB45F4B3F706CC700CB292B5EE8BFDD019ED7ADBA5A14ADF04F542CDF88E3F5B7603A32C2DB6470109 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Undularly163\Counterdiscipline\mesosporic.ini
Download File
| Process: | C:\Users\user\Desktop\4a. RFx-4045.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 54305 |
| Entropy (8bit): | 7.966066768833664 |
| Encrypted: | false |
| SSDEEP: | 1536:RzrrmDbQ72zevB1xnt95y7tN28xr+dr6Mufz0L:RmDkKivjFtjy7FAWMub0L |
| MD5: | 305F9CF36765580066A713B9B57F6D9E |
| SHA1: | 282FDD5411EEE1F712F4BB84217D65549DABC5A2 |
| SHA-256: | 8B39D1C1B521528D0FD38E22F7BCD2ED66C23DC8C8BFE3D273690D6AB7ACE81F |
| SHA-512: | 6B2C852298D3E544EDBE01C61D1B42E900700AEA3E2F249B0D3B9C3669E9A4911C95A3A7C84842867B442FBA319C99993A0427FAB9128FFF2DB37CEE41911367 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Undularly163\Counterdiscipline\modenese.jpg
Download File
| Process: | C:\Users\user\Desktop\4a. RFx-4045.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 68985 |
| Entropy (8bit): | 7.973399367007446 |
| Encrypted: | false |
| SSDEEP: | 1536:tOBLZbRkWSQZkvGOeY5S0o3Cbnsi/XZcb+DObCnXNpP8NG9B:MBNbRfqui84s0XZccObsJB |
| MD5: | B847C8A122DC3EA9AB1DD071DB622727 |
| SHA1: | 7F86098A2F9F2777524174E0B7545CF4EDCF17CC |
| SHA-256: | B9A6BF8B70A17ABD992E0223E3EBC185B925A0DCABA50150F377B3089519B7C8 |
| SHA-512: | 06D89109A558E60579D1A5580DAF61347CF7D7A9F657E2FAE7B89554106D7E041E6C607F63700C861363C6976891CE26E826BD13381DDFADC832CD5915BAD87B |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Undularly163\Counterdiscipline\pinge.txt
Download File
| Process: | C:\Users\user\Desktop\4a. RFx-4045.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 18696 |
| Entropy (8bit): | 7.874991769362884 |
| Encrypted: | false |
| SSDEEP: | 384:QTTS15c6avxFdLPCa274s6lNGI8BvL0PyEVRe+BRHwlqwyEsUhFD:QCRIxTLPCa27alNi5Lce8FRWPD |
| MD5: | A5D89A2F1B5D2773D2BB01F73B51AA00 |
| SHA1: | 541651CC495A51D55523750452B01B3AFBB18F93 |
| SHA-256: | DA0CD28E977CCB55EDF2DABDDE3A6FDCE250472F2223E9E6CF4C9533DFE68860 |
| SHA-512: | 55E6F361B5C6074972897E4CCD3F9973F3C926CDBDA8ADEFF5A72A5F2201EC63A6EB65870EFEB1A0FD4D44ED5E65C88767AC24B2B213E56021608DDEDE51C660 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Undularly163\Counterdiscipline\recreant.ini
Download File
| Process: | C:\Users\user\Desktop\4a. RFx-4045.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 69767 |
| Entropy (8bit): | 7.973082268971384 |
| Encrypted: | false |
| SSDEEP: | 1536:tOBLZbRkWSQZkvGOeY5S0o3Cbnsi/XZcb+DObCnXNpP8NG9F:MBNbRfqui84s0XZccObsJF |
| MD5: | 1CEA33FFAE1DF809562A56A08CFFB5A3 |
| SHA1: | 7F0720A1BB5F810351BCD0D644361A6CC7FF0369 |
| SHA-256: | AC286E5EB9530427F7C46976C790679E5205AA566F450FCAAAA1E623FED4725A |
| SHA-512: | 568925959BEDAEC65ADA7EF2DFBEB5130ED2E3AFC7B9A66874BD9E2D5A2C0C11D0A1CE93273C3B490AE649526D65CC87C09D839DBD08E2A0D43DA70979610108 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Undularly163\Counterdiscipline\strikkestrmper.ini
Download File
| Process: | C:\Users\user\Desktop\4a. RFx-4045.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 53594 |
| Entropy (8bit): | 7.970707960464042 |
| Encrypted: | false |
| SSDEEP: | 1536:RzrrmDbQ72zevB1xnt95y7tN28xr+dr6Mufz0Y:RmDkKivjFtjy7FAWMub0Y |
| MD5: | 3D6F37758C7501B82AF9455AFE5979FC |
| SHA1: | B87C7F868A86F76B331682C0022947C548344557 |
| SHA-256: | 1EA847A4AA5D2C31B5FD254F3A215C491703C22B7A35A2A8383DFCE6CE0AE529 |
| SHA-512: | 2CF63C0D80E75F2F923B9DA9D8C321FBE47565450857C5F4FFD4E62596ACEDD94EEA346FDF53E13E698CD8993AB157AA2F8F77F9D9A01A37490BC244E3299B50 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Undularly163\Dusinmennesket\Boblegummiets14.ide
Download File
| Process: | C:\Users\user\Desktop\4a. RFx-4045.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 5565917 |
| Entropy (8bit): | 0.15834554184776928 |
| Encrypted: | false |
| SSDEEP: | 3072:Z1T8WGSzPtEBvBPzrrcBWjD30i8yN6bQSy6tvqdGwcwpRFmzQTN2qr9bCtL/vJi1:ra |
| MD5: | A7AF217CEC45E9AB001D765B43F96FEB |
| SHA1: | 6E7BFAF85435CC352215A17426B06AEB0238F6E0 |
| SHA-256: | 77785858324DD4C332C4DE5B172D0DF229F7BBE62F7673B99FF28555B9F8675F |
| SHA-512: | 008CC596E18BB6EE1E9D7B56E35B67A8ABEE71DD38C62233F94D7962502BC60E5CA782089F54ACA3BB42A46AE3EAEFBEEAD0F4ACBFEEEC717852A8044786F5C8 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Undularly163\Dusinmennesket\Brookiest237.txt
Download File
| Process: | C:\Users\user\Desktop\4a. RFx-4045.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 53092 |
| Entropy (8bit): | 7.972427101500634 |
| Encrypted: | false |
| SSDEEP: | 1536:RzrrmDbQ72zevB1xnt95y7tN28xr+dr6Mufz0a:RmDkKivjFtjy7FAWMub0a |
| MD5: | 8D4EB147914AB316534A9C284ACEB988 |
| SHA1: | CF773AC44933E043ADC6661A02FAAEE759D43E4C |
| SHA-256: | FEE317ECC1350250E7A629AB48F22CFDBC2348230D0BF79128842ACD81A8B091 |
| SHA-512: | 4249F0CD9BA8F65C19CEA68DA276E1CADDAF8D6D98D50D01C7E1F5A7B58442761FD2A7D3CC5172C2FA83439D0A8EDC193FA9848DBE105EA858660AC74E8DCAAA |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Undularly163\Dusinmennesket\Konomigruppernes.ini
Download File
| Process: | C:\Users\user\Desktop\4a. RFx-4045.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 55046 |
| Entropy (8bit): | 7.958778732871921 |
| Encrypted: | false |
| SSDEEP: | 1536:RzrrmDbQ72zevB1xnt95y7tN28xr+dr6Mufz0WM:RmDkKivjFtjy7FAWMub0WM |
| MD5: | 7C2F6CA3A455CC5B2A9359210048A6C0 |
| SHA1: | 22CC746B361E309C4DB883DBDF8E32104EEFE25E |
| SHA-256: | B1AC5F3A96A58BE44E53A313990237E9D3EAC81D3979FC1FA644027B704B51DD |
| SHA-512: | 0C009CFF075D2896978D547810ACFEFD2E88D190C3253579ADABEABD126DB38C5A25217DB62A7BF618B66E9CACEAAD5C8644B1CBA76B744F71021F37B38868E4 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Undularly163\Dusinmennesket\rebutter.Sti
Download File
| Process: | C:\Users\user\Desktop\4a. RFx-4045.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 121733 |
| Entropy (8bit): | 4.610262474532146 |
| Encrypted: | false |
| SSDEEP: | 1536:RyAo+4sNx2Y2Umjmt0u0ykqA/Z/36SKYyrESMF:i+v3mjKkqA/J3fqeF |
| MD5: | 35538DC9F89A2A050E45F6A247F340CD |
| SHA1: | 4E03B2E6D176914F5C2A7AB11C7F30C498C4B022 |
| SHA-256: | B361B3F77E7E8F0D56CA17B72375E4516665F5CC174D1B98BB336FDA0C2225CD |
| SHA-512: | 2DDE7095232270C81584DCFDBAC468EE592815F2EB39586B263AE2D27BDDFC5B0AD39D43D4390740F45569D30F84CEB028BE66FF34F8BB5DB61EE16B90BF6AAB |
| Malicious: | false |
| Preview: |
| File type: | |
| Entropy (8bit): | 7.867629389110918 |
| TrID: |
|
| File name: | 4a. RFx-4045.exe |
| File size: | 1'468'848 bytes |
| MD5: | 95ccf2bcd18e87a3386e71a5d09e75fe |
| SHA1: | 79bbd13b8222d5a548a8b3539dcec954daf5d14f |
| SHA256: | 7b676bf78d187d4d11cd10db0b8a31b908ee4d2a63556442da865d1c5aae2f22 |
| SHA512: | 88c5f95595d09a20752ff7f5aed8ab40be8dad92247ba5dd67e10c1b807a2e51c5d33bb408fa8ff6538f7a6fed4557dfee8e26a9d98411b5085dc902505b2ffe |
| SSDEEP: | 24576:rtCtMYqSjjyxp8TehWCT2ldnvBw9mnAsrGMht2jLJ9Ks1y0dpvPccfZrpqXAYkJ2:rtCtJBKm7CKTvCZyGMht83Ks00LffeA8 |
| TLSH: | F66523812B459D57C13587B3C723F3390624AEE87E405E0762C43BAF67393D6AA79316 |
| File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(...F...F...F.*.....F...G.v.F.*.....F...v...F...@...F.Rich..F.........................PE..L... ..\.................b......... |
 | |
| Icon Hash: | 0f254c9a9a462907 |
| Entrypoint: | 0x403328 |
| Entrypoint Section: | .text |
| Digitally signed: | true |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
| DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
| Time Stamp: | 0x5C157F20 [Sat Dec 15 22:24:32 2018 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 4 |
| OS Version Minor: | 0 |
| File Version Major: | 4 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 4 |
| Subsystem Version Minor: | 0 |
| Import Hash: | 57e98d9a5a72c8d7ad8fb7a6a58b3daf |
| Signature Valid: | false |
| Signature Issuer: | CN=Utilities, E=Sendemandsmdet@Banegaardens.Hav, O=Utilities, L=Tracyton, OU="Kippage extraduction Eroder ", S=Washington, C=US |
| Signature Validation Error: | A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider |
| Error Number: | -2146762487 |
| Not Before, Not After |
|
| Subject Chain |
|
| Version: | 3 |
| Thumbprint MD5: | 95F60592D35D30E98A434B16C7C15F3D |
| Thumbprint SHA-1: | ED04DD0BB43FB56CD0451D3902F1D6E030F750D8 |
| Thumbprint SHA-256: | 7E2AF87E5D7F278E694AEF205EA790E37D350D24DE2D78C475D0C0871B855402 |
| Serial: | 0EE63584A0A7BA5DE6F7B90352268C2F091DA4B3 |
| Instruction |
|---|
| sub esp, 00000184h |
| push ebx |
| push esi |
| push edi |
| xor ebx, ebx |
| push 00008001h |
| mov dword ptr [esp+18h], ebx |
| mov dword ptr [esp+10h], 0040A130h |
| mov dword ptr [esp+20h], ebx |
| mov byte ptr [esp+14h], 00000020h |
| call dword ptr [004080A8h] |
| call dword ptr [004080A4h] |
| and eax, BFFFFFFFh |
| cmp ax, 00000006h |
| mov dword ptr [0042472Ch], eax |
| je 00007FDB3C826593h |
| push ebx |
| call 00007FDB3C829682h |
| cmp eax, ebx |
| je 00007FDB3C826589h |
| push 00000C00h |
| call eax |
| mov esi, 00408298h |
| push esi |
| call 00007FDB3C8295FEh |
| push esi |
| call dword ptr [004080A0h] |
| lea esi, dword ptr [esi+eax+01h] |
| cmp byte ptr [esi], bl |
| jne 00007FDB3C82656Dh |
| push 0000000Ah |
| call 00007FDB3C829656h |
| push 00000008h |
| call 00007FDB3C82964Fh |
| push 00000006h |
| mov dword ptr [00424724h], eax |
| call 00007FDB3C829643h |
| cmp eax, ebx |
| je 00007FDB3C826591h |
| push 0000001Eh |
| call eax |
| test eax, eax |
| je 00007FDB3C826589h |
| or byte ptr [0042472Fh], 00000040h |
| push ebp |
| call dword ptr [00408044h] |
| push ebx |
| call dword ptr [00408288h] |
| mov dword ptr [004247F8h], eax |
| push ebx |
| lea eax, dword ptr [esp+38h] |
| push 00000160h |
| push eax |
| push ebx |
| push 0041FCF0h |
| call dword ptr [00408178h] |
| push 0040A1ECh |
| Programming Language: |
|
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0x8430 | 0xa0 | .rdata |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x48000 | 0x4aa48 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x165b28 | 0xe88 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x8000 | 0x298 | .rdata |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0x6077 | 0x6200 | 0311bcb2ead177b380555800a8e6e6ee | False | 0.6595583545918368 | data | 6.403859519216241 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .rdata | 0x8000 | 0x1250 | 0x1400 | 926b1e688f085d737343e22bcf628243 | False | 0.4298828125 | data | 5.044807654453153 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .data | 0xa000 | 0x1a838 | 0x400 | 9b72314b8d9ad5c72778b00cdf336ee2 | False | 0.646484375 | data | 5.2244513108529995 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .ndata | 0x25000 | 0x23000 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .rsrc | 0x48000 | 0x4aa48 | 0x4ac00 | 4ee0ecdd5121578754dbb217a078afce | False | 0.768365253971572 | data | 6.881646089200794 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
|---|---|---|---|---|---|---|
| RT_ICON | 0x483b8 | 0x1c57c | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States | 1.000267029597216 |
| RT_ICON | 0x64938 | 0x10828 | Device independent bitmap graphic, 128 x 256 x 32, image size 67584 | English | United States | 0.6015615757719153 |
| RT_ICON | 0x75160 | 0x94a8 | Device independent bitmap graphic, 96 x 192 x 32, image size 38016 | English | United States | 0.6402144208534791 |
| RT_ICON | 0x7e608 | 0x67e8 | Device independent bitmap graphic, 80 x 160 x 32, image size 26560 | English | United States | 0.641203007518797 |
| RT_ICON | 0x84df0 | 0x5488 | Device independent bitmap graphic, 72 x 144 x 32, image size 21600 | English | United States | 0.6469500924214417 |
| RT_ICON | 0x8a278 | 0x4228 | Device independent bitmap graphic, 64 x 128 x 32, image size 16896 | English | United States | 0.636927255550307 |
| RT_ICON | 0x8e4a0 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | English | United States | 0.6787344398340249 |
| RT_ICON | 0x90a48 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | English | United States | 0.7061444652908068 |
| RT_ICON | 0x91af0 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | English | United States | 0.8129432624113475 |
| RT_DIALOG | 0x91f58 | 0x144 | data | English | United States | 0.5216049382716049 |
| RT_DIALOG | 0x920a0 | 0x100 | data | English | United States | 0.5234375 |
| RT_DIALOG | 0x921a0 | 0x11c | data | English | United States | 0.6056338028169014 |
| RT_DIALOG | 0x922c0 | 0xc4 | data | English | United States | 0.5918367346938775 |
| RT_DIALOG | 0x92388 | 0x60 | data | English | United States | 0.7291666666666666 |
| RT_GROUP_ICON | 0x923e8 | 0x84 | Targa image data - Map 32 x 50556 x 1 +1 | English | United States | 0.75 |
| RT_VERSION | 0x92470 | 0x298 | OpenPGP Public Key | English | United States | 0.516566265060241 |
| RT_MANIFEST | 0x92708 | 0x33e | XML 1.0 document, ASCII text, with very long lines (830), with no line terminators | English | United States | 0.5542168674698795 |
| DLL | Import |
|---|---|
| KERNEL32.dll | SetEnvironmentVariableA, CreateFileA, GetFileSize, GetModuleFileNameA, ReadFile, GetCurrentProcess, CopyFileA, Sleep, GetTickCount, GetWindowsDirectoryA, GetTempPathA, GetCommandLineA, lstrlenA, GetVersion, SetErrorMode, lstrcpynA, ExitProcess, SetCurrentDirectoryA, GlobalLock, CreateThread, GetLastError, CreateDirectoryA, CreateProcessA, RemoveDirectoryA, GetTempFileNameA, WriteFile, lstrcpyA, MoveFileExA, lstrcatA, GetSystemDirectoryA, GetProcAddress, GetExitCodeProcess, WaitForSingleObject, CompareFileTime, SetFileAttributesA, GetFileAttributesA, GetShortPathNameA, MoveFileA, GetFullPathNameA, SetFileTime, SearchPathA, CloseHandle, lstrcmpiA, GlobalUnlock, GetDiskFreeSpaceA, lstrcmpA, FindFirstFileA, FindNextFileA, DeleteFileA, SetFilePointer, GetPrivateProfileStringA, FindClose, MultiByteToWideChar, FreeLibrary, MulDiv, WritePrivateProfileStringA, LoadLibraryExA, GetModuleHandleA, GlobalAlloc, GlobalFree, ExpandEnvironmentStringsA |
| USER32.dll | ScreenToClient, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, PostQuitMessage, GetWindowRect, EnableMenuItem, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, ReleaseDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndDialog, RegisterClassA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, ExitWindowsEx, GetDC, CreateDialogParamA, SetTimer, GetDlgItem, SetWindowLongA, SetForegroundWindow, LoadImageA, IsWindow, SendMessageTimeoutA, FindWindowExA, OpenClipboard, TrackPopupMenu, AppendMenuA, EndPaint, DestroyWindow, wsprintfA, ShowWindow, SetWindowTextA |
| GDI32.dll | SelectObject, SetBkMode, CreateFontIndirectA, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor |
| SHELL32.dll | SHGetSpecialFolderLocation, ShellExecuteExA, SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, SHFileOperationA |
| ADVAPI32.dll | AdjustTokenPrivileges, RegCreateKeyExA, RegOpenKeyExA, SetFileSecurityA, OpenProcessToken, LookupPrivilegeValueA, RegEnumValueA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegSetValueExA, RegQueryValueExA, RegEnumKeyA |
| COMCTL32.dll | ImageList_Create, ImageList_AddMasked, ImageList_Destroy |
| ole32.dll | OleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance |
| Description | Data |
|---|---|
| Comments | rodebutikkerne |
| CompanyName | thorwalds fortolkningsopgaverne partantesniveauer |
| FileDescription | mocambiquisk pinjers |
| InternalName | engulf.exe |
| ProductName | tempestuousness |
| ProductVersion | 1.2.0.0 |
| Translation | 0x0409 0x04e4 |
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| English | United States |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-02-14T08:30:15.376975+0100 | 2803270 | ETPRO MALWARE Common Downloader Header Pattern UHCa | 2 | 192.168.2.4 | 56784 | 172.217.23.110 | 443 | TCP |
| 2025-02-14T08:30:20.867700+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.4 | 56821 | 132.226.247.73 | 80 | TCP |
| 2025-02-14T08:30:22.055192+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.4 | 56821 | 132.226.247.73 | 80 | TCP |
| 2025-02-14T08:30:22.643060+0100 | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 192.168.2.4 | 56836 | 104.21.112.1 | 443 | TCP |
| 2025-02-14T08:30:26.477168+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.4 | 56842 | 132.226.247.73 | 80 | TCP |
| 2025-02-14T08:30:30.509480+0100 | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 192.168.2.4 | 56852 | 104.21.112.1 | 443 | TCP |
| 2025-02-14T08:30:34.103456+0100 | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 192.168.2.4 | 56856 | 104.21.112.1 | 443 | TCP |
| 2025-02-14T08:30:36.332886+0100 | 1810007 | Joe Security ANOMALY Telegram Send Message | 1 | 192.168.2.4 | 56859 | 149.154.167.220 | 443 | TCP |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Feb 14, 2025 08:29:11.751341105 CET | 56574 | 53 | 192.168.2.4 | 1.1.1.1 |
| Feb 14, 2025 08:29:11.756107092 CET | 53 | 56574 | 1.1.1.1 | 192.168.2.4 |
| Feb 14, 2025 08:29:11.756217957 CET | 56574 | 53 | 192.168.2.4 | 1.1.1.1 |
| Feb 14, 2025 08:29:11.762324095 CET | 53 | 56574 | 1.1.1.1 | 192.168.2.4 |
| Feb 14, 2025 08:29:12.208879948 CET | 56574 | 53 | 192.168.2.4 | 1.1.1.1 |
| Feb 14, 2025 08:29:12.214076996 CET | 53 | 56574 | 1.1.1.1 | 192.168.2.4 |
| Feb 14, 2025 08:29:12.214160919 CET | 56574 | 53 | 192.168.2.4 | 1.1.1.1 |
| Feb 14, 2025 08:30:14.336000919 CET | 56784 | 443 | 192.168.2.4 | 172.217.23.110 |
| Feb 14, 2025 08:30:14.336029053 CET | 443 | 56784 | 172.217.23.110 | 192.168.2.4 |
| Feb 14, 2025 08:30:14.336127043 CET | 56784 | 443 | 192.168.2.4 | 172.217.23.110 |
| Feb 14, 2025 08:30:14.351125956 CET | 56784 | 443 | 192.168.2.4 | 172.217.23.110 |
| Feb 14, 2025 08:30:14.351151943 CET | 443 | 56784 | 172.217.23.110 | 192.168.2.4 |
| Feb 14, 2025 08:30:15.003365993 CET | 443 | 56784 | 172.217.23.110 | 192.168.2.4 |
| Feb 14, 2025 08:30:15.003448963 CET | 56784 | 443 | 192.168.2.4 | 172.217.23.110 |
| Feb 14, 2025 08:30:15.004148960 CET | 443 | 56784 | 172.217.23.110 | 192.168.2.4 |
| Feb 14, 2025 08:30:15.004211903 CET | 56784 | 443 | 192.168.2.4 | 172.217.23.110 |
| Feb 14, 2025 08:30:15.061783075 CET | 56784 | 443 | 192.168.2.4 | 172.217.23.110 |
| Feb 14, 2025 08:30:15.061810970 CET | 443 | 56784 | 172.217.23.110 | 192.168.2.4 |
| Feb 14, 2025 08:30:15.062129974 CET | 443 | 56784 | 172.217.23.110 | 192.168.2.4 |
| Feb 14, 2025 08:30:15.062192917 CET | 56784 | 443 | 192.168.2.4 | 172.217.23.110 |
| Feb 14, 2025 08:30:15.067109108 CET | 56784 | 443 | 192.168.2.4 | 172.217.23.110 |
| Feb 14, 2025 08:30:15.111335039 CET | 443 | 56784 | 172.217.23.110 | 192.168.2.4 |
| Feb 14, 2025 08:30:15.377019882 CET | 443 | 56784 | 172.217.23.110 | 192.168.2.4 |
| Feb 14, 2025 08:30:15.377314091 CET | 56784 | 443 | 192.168.2.4 | 172.217.23.110 |
| Feb 14, 2025 08:30:15.377330065 CET | 443 | 56784 | 172.217.23.110 | 192.168.2.4 |
| Feb 14, 2025 08:30:15.377444029 CET | 56784 | 443 | 192.168.2.4 | 172.217.23.110 |
| Feb 14, 2025 08:30:15.377444983 CET | 56784 | 443 | 192.168.2.4 | 172.217.23.110 |
| Feb 14, 2025 08:30:15.377522945 CET | 443 | 56784 | 172.217.23.110 | 192.168.2.4 |
| Feb 14, 2025 08:30:15.377906084 CET | 443 | 56784 | 172.217.23.110 | 192.168.2.4 |
| Feb 14, 2025 08:30:15.377955914 CET | 56784 | 443 | 192.168.2.4 | 172.217.23.110 |
| Feb 14, 2025 08:30:15.378057003 CET | 56784 | 443 | 192.168.2.4 | 172.217.23.110 |
| Feb 14, 2025 08:30:15.437308073 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:15.437335014 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:15.437733889 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:15.437733889 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:15.437774897 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:16.097213984 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:16.100522041 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:16.226686954 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:16.226702929 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:16.227042913 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:16.227144957 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:16.228693962 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:16.275330067 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:18.809304953 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:18.809406042 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:18.809509039 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:18.809571028 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:18.823997974 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:18.824110985 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:18.824126005 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:18.824168921 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:18.899777889 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:18.899966002 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:18.900018930 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:18.900018930 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:18.900031090 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:18.900078058 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:18.900084019 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:18.900132895 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:18.900139093 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:18.900180101 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:18.904143095 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:18.904203892 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:18.904217958 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:18.904259920 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:18.910373926 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:18.910451889 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:18.910490036 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:18.910592079 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:18.916445971 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:18.916508913 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:18.916553020 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:18.916603088 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:18.922733068 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:18.922810078 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:18.922842026 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:18.922888041 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:18.928378105 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:18.928433895 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:18.928462982 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:18.928508043 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:18.933994055 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:18.934051037 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:18.934123993 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:18.934166908 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:18.939795017 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:18.939846039 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:18.939866066 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:18.939913034 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:18.945389032 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:18.945441008 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:18.945518017 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:18.945573092 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:18.951215982 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:18.951265097 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:18.951298952 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:18.951351881 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:18.956803083 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:18.956862926 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:18.990005016 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:18.990061998 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:18.990099907 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:18.990132093 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:18.990145922 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:18.990174055 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:18.990303040 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:18.990344048 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:18.990400076 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:18.990446091 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:18.990453005 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:18.990490913 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:18.990497112 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:18.990530968 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:18.991214037 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:18.991261005 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:18.991270065 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:18.991303921 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:18.994674921 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:18.994729042 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:18.994736910 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:18.994772911 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.000399113 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.000469923 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.000483990 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.000538111 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.000544071 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.000587940 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.006093979 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.006145954 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.006520033 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.006580114 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.013187885 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.013253927 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.013263941 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.013309956 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.017293930 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.017360926 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.017420053 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.017471075 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.023066998 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.023123980 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.023134947 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.023230076 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.028664112 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.028723001 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.028737068 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.028812885 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.034286022 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.034356117 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.034364939 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.034403086 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.039113998 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.039196968 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.039205074 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.039249897 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.043802023 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.043870926 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.043880939 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.043926954 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.048309088 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.048366070 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.048373938 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.048414946 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.052546978 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.052602053 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.052609921 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.052653074 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.056555986 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.056605101 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.056607962 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.056619883 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.056643009 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.056675911 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.056679964 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.056720972 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.060375929 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.060426950 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.060434103 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.060475111 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.064275026 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.064328909 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.064337015 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.064378023 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.068104982 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.068197966 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.068206072 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.068244934 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.071989059 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.072129011 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.072141886 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.072197914 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.075892925 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.075938940 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.075948954 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.075989962 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.080400944 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.080450058 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.080461025 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.080511093 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.080632925 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.080679893 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.080687046 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.080725908 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.082861900 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.082910061 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.082974911 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.083030939 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.085258961 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.085562944 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.085572004 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.085619926 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.087501049 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.087558985 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.087574959 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.087620974 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.089880943 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.089936972 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.089945078 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.089993000 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.092139959 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.092202902 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.092230082 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.092272997 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.094496965 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.094553947 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.094563007 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.094609022 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.096725941 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.096769094 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.096831083 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.096875906 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.099055052 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.099220991 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.099230051 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.099286079 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.101397991 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.101461887 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.101469994 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.101516008 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.103591919 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.103655100 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.103764057 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.103812933 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.106014013 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.106070995 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.106080055 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.106117010 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.108355999 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.108416080 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.108424902 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.108464003 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.110671997 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.110745907 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.110754967 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.110794067 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.113488913 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.113709927 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.113722086 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.113786936 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.115214109 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.115267992 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.115278959 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.115331888 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.119411945 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.119637966 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.119677067 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.119734049 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.119743109 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.119792938 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.119836092 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.119890928 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.124913931 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.124957085 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.124979019 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.124989986 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.125000000 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.125032902 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.125058889 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.129637957 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.129710913 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.129730940 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.129781008 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.129808903 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.129862070 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.129878044 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.129942894 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.134288073 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.134339094 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.134377003 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.134424925 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.134449959 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.134496927 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.134504080 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.134552002 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.138751984 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.138809919 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.138919115 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.138966084 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.138967037 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.138974905 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.139007092 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.139033079 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.142987013 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.143039942 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.143066883 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.143075943 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.143085003 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.143096924 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.143115997 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.143135071 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.147069931 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.147128105 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.147138119 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.147182941 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.147257090 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.147294998 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.147304058 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.147313118 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.147336960 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.147362947 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.150947094 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.150996923 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.151021957 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.151068926 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.151074886 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.151084900 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.151125908 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.154732943 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.154803038 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.154869080 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.154917002 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.155077934 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.155124903 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.155133009 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.155174017 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.158669949 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.158741951 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.158751011 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.158799887 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.161884069 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.161935091 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.161942959 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.161983967 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.162692070 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.162740946 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.162754059 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.162806988 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.164382935 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.164429903 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.164438009 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.164486885 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.166342020 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.166393042 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.166400909 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.166450024 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.167963028 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.168016911 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.168025017 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.168071985 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.170839071 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.170907021 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.170965910 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.171011925 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.171164036 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.171209097 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.171216011 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.171273947 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.172775030 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.172826052 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.172884941 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.172930956 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.174475908 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.174529076 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.174539089 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.174582958 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.175976992 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.176027060 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.176038027 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.176084042 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.177534103 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.177591085 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.177639961 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.177700043 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.179039001 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.179089069 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.179140091 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.179187059 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.180690050 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.180798054 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.180805922 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.180876970 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.182440042 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.182517052 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.182524920 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.182571888 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.183646917 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.183700085 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.183708906 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.183753014 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.184986115 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.185039043 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.185055971 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.185096025 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.185103893 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.185141087 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.185142994 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.185153008 CET | 443 | 56794 | 142.250.181.225 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.185157061 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.185183048 CET | 56794 | 443 | 192.168.2.4 | 142.250.181.225 |
| Feb 14, 2025 08:30:19.931129932 CET | 56821 | 80 | 192.168.2.4 | 132.226.247.73 |
| Feb 14, 2025 08:30:19.935910940 CET | 80 | 56821 | 132.226.247.73 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.938932896 CET | 56821 | 80 | 192.168.2.4 | 132.226.247.73 |
| Feb 14, 2025 08:30:19.941034079 CET | 56821 | 80 | 192.168.2.4 | 132.226.247.73 |
| Feb 14, 2025 08:30:19.945804119 CET | 80 | 56821 | 132.226.247.73 | 192.168.2.4 |
| Feb 14, 2025 08:30:20.605664015 CET | 80 | 56821 | 132.226.247.73 | 192.168.2.4 |
| Feb 14, 2025 08:30:20.611269951 CET | 56821 | 80 | 192.168.2.4 | 132.226.247.73 |
| Feb 14, 2025 08:30:20.616121054 CET | 80 | 56821 | 132.226.247.73 | 192.168.2.4 |
| Feb 14, 2025 08:30:20.815062046 CET | 80 | 56821 | 132.226.247.73 | 192.168.2.4 |
| Feb 14, 2025 08:30:20.867700100 CET | 56821 | 80 | 192.168.2.4 | 132.226.247.73 |
| Feb 14, 2025 08:30:21.186722040 CET | 56830 | 443 | 192.168.2.4 | 104.21.112.1 |
| Feb 14, 2025 08:30:21.186765909 CET | 443 | 56830 | 104.21.112.1 | 192.168.2.4 |
| Feb 14, 2025 08:30:21.186837912 CET | 56830 | 443 | 192.168.2.4 | 104.21.112.1 |
| Feb 14, 2025 08:30:21.191437960 CET | 56830 | 443 | 192.168.2.4 | 104.21.112.1 |
| Feb 14, 2025 08:30:21.191463947 CET | 443 | 56830 | 104.21.112.1 | 192.168.2.4 |
| Feb 14, 2025 08:30:21.651598930 CET | 443 | 56830 | 104.21.112.1 | 192.168.2.4 |
| Feb 14, 2025 08:30:21.651706934 CET | 56830 | 443 | 192.168.2.4 | 104.21.112.1 |
| Feb 14, 2025 08:30:21.662367105 CET | 56830 | 443 | 192.168.2.4 | 104.21.112.1 |
| Feb 14, 2025 08:30:21.662390947 CET | 443 | 56830 | 104.21.112.1 | 192.168.2.4 |
| Feb 14, 2025 08:30:21.664504051 CET | 443 | 56830 | 104.21.112.1 | 192.168.2.4 |
| Feb 14, 2025 08:30:21.668899059 CET | 56830 | 443 | 192.168.2.4 | 104.21.112.1 |
| Feb 14, 2025 08:30:21.715332031 CET | 443 | 56830 | 104.21.112.1 | 192.168.2.4 |
| Feb 14, 2025 08:30:21.781466961 CET | 443 | 56830 | 104.21.112.1 | 192.168.2.4 |
| Feb 14, 2025 08:30:21.781543016 CET | 443 | 56830 | 104.21.112.1 | 192.168.2.4 |
| Feb 14, 2025 08:30:21.781694889 CET | 56830 | 443 | 192.168.2.4 | 104.21.112.1 |
| Feb 14, 2025 08:30:21.787729979 CET | 56830 | 443 | 192.168.2.4 | 104.21.112.1 |
| Feb 14, 2025 08:30:21.798661947 CET | 56821 | 80 | 192.168.2.4 | 132.226.247.73 |
| Feb 14, 2025 08:30:21.803762913 CET | 80 | 56821 | 132.226.247.73 | 192.168.2.4 |
| Feb 14, 2025 08:30:22.002763033 CET | 80 | 56821 | 132.226.247.73 | 192.168.2.4 |
| Feb 14, 2025 08:30:22.005532980 CET | 56836 | 443 | 192.168.2.4 | 104.21.112.1 |
| Feb 14, 2025 08:30:22.005572081 CET | 443 | 56836 | 104.21.112.1 | 192.168.2.4 |
| Feb 14, 2025 08:30:22.005712032 CET | 56836 | 443 | 192.168.2.4 | 104.21.112.1 |
| Feb 14, 2025 08:30:22.006227970 CET | 56836 | 443 | 192.168.2.4 | 104.21.112.1 |
| Feb 14, 2025 08:30:22.006246090 CET | 443 | 56836 | 104.21.112.1 | 192.168.2.4 |
| Feb 14, 2025 08:30:22.055191994 CET | 56821 | 80 | 192.168.2.4 | 132.226.247.73 |
| Feb 14, 2025 08:30:22.493554115 CET | 443 | 56836 | 104.21.112.1 | 192.168.2.4 |
| Feb 14, 2025 08:30:22.495225906 CET | 56836 | 443 | 192.168.2.4 | 104.21.112.1 |
| Feb 14, 2025 08:30:22.495244980 CET | 443 | 56836 | 104.21.112.1 | 192.168.2.4 |
| Feb 14, 2025 08:30:22.643065929 CET | 443 | 56836 | 104.21.112.1 | 192.168.2.4 |
| Feb 14, 2025 08:30:22.643131971 CET | 443 | 56836 | 104.21.112.1 | 192.168.2.4 |
| Feb 14, 2025 08:30:22.643220901 CET | 56836 | 443 | 192.168.2.4 | 104.21.112.1 |
| Feb 14, 2025 08:30:22.643862963 CET | 56836 | 443 | 192.168.2.4 | 104.21.112.1 |
| Feb 14, 2025 08:30:22.647880077 CET | 56821 | 80 | 192.168.2.4 | 132.226.247.73 |
| Feb 14, 2025 08:30:22.649260998 CET | 56842 | 80 | 192.168.2.4 | 132.226.247.73 |
| Feb 14, 2025 08:30:22.652935982 CET | 80 | 56821 | 132.226.247.73 | 192.168.2.4 |
| Feb 14, 2025 08:30:22.653012037 CET | 56821 | 80 | 192.168.2.4 | 132.226.247.73 |
| Feb 14, 2025 08:30:22.654125929 CET | 80 | 56842 | 132.226.247.73 | 192.168.2.4 |
| Feb 14, 2025 08:30:22.654203892 CET | 56842 | 80 | 192.168.2.4 | 132.226.247.73 |
| Feb 14, 2025 08:30:22.654345989 CET | 56842 | 80 | 192.168.2.4 | 132.226.247.73 |
| Feb 14, 2025 08:30:22.659048080 CET | 80 | 56842 | 132.226.247.73 | 192.168.2.4 |
| Feb 14, 2025 08:30:26.421569109 CET | 80 | 56842 | 132.226.247.73 | 192.168.2.4 |
| Feb 14, 2025 08:30:26.449166059 CET | 56847 | 80 | 192.168.2.4 | 132.226.247.73 |
| Feb 14, 2025 08:30:26.454001904 CET | 80 | 56847 | 132.226.247.73 | 192.168.2.4 |
| Feb 14, 2025 08:30:26.454129934 CET | 56847 | 80 | 192.168.2.4 | 132.226.247.73 |
| Feb 14, 2025 08:30:26.454287052 CET | 56847 | 80 | 192.168.2.4 | 132.226.247.73 |
| Feb 14, 2025 08:30:26.459553957 CET | 80 | 56847 | 132.226.247.73 | 192.168.2.4 |
| Feb 14, 2025 08:30:26.477168083 CET | 56842 | 80 | 192.168.2.4 | 132.226.247.73 |
| Feb 14, 2025 08:30:27.308330059 CET | 80 | 56847 | 132.226.247.73 | 192.168.2.4 |
| Feb 14, 2025 08:30:27.310581923 CET | 56848 | 443 | 192.168.2.4 | 104.21.112.1 |
| Feb 14, 2025 08:30:27.310622931 CET | 443 | 56848 | 104.21.112.1 | 192.168.2.4 |
| Feb 14, 2025 08:30:27.311192036 CET | 56848 | 443 | 192.168.2.4 | 104.21.112.1 |
| Feb 14, 2025 08:30:27.311192036 CET | 56848 | 443 | 192.168.2.4 | 104.21.112.1 |
| Feb 14, 2025 08:30:27.311223984 CET | 443 | 56848 | 104.21.112.1 | 192.168.2.4 |
| Feb 14, 2025 08:30:27.352423906 CET | 56847 | 80 | 192.168.2.4 | 132.226.247.73 |
| Feb 14, 2025 08:30:27.821424961 CET | 443 | 56848 | 104.21.112.1 | 192.168.2.4 |
| Feb 14, 2025 08:30:27.824356079 CET | 56848 | 443 | 192.168.2.4 | 104.21.112.1 |
| Feb 14, 2025 08:30:27.824378014 CET | 443 | 56848 | 104.21.112.1 | 192.168.2.4 |
| Feb 14, 2025 08:30:27.952881098 CET | 443 | 56848 | 104.21.112.1 | 192.168.2.4 |
| Feb 14, 2025 08:30:27.952965021 CET | 443 | 56848 | 104.21.112.1 | 192.168.2.4 |
| Feb 14, 2025 08:30:27.953061104 CET | 56848 | 443 | 192.168.2.4 | 104.21.112.1 |
| Feb 14, 2025 08:30:27.953607082 CET | 56848 | 443 | 192.168.2.4 | 104.21.112.1 |
| Feb 14, 2025 08:30:27.957478046 CET | 56847 | 80 | 192.168.2.4 | 132.226.247.73 |
| Feb 14, 2025 08:30:27.958434105 CET | 56849 | 80 | 192.168.2.4 | 132.226.247.73 |
| Feb 14, 2025 08:30:27.962558031 CET | 80 | 56847 | 132.226.247.73 | 192.168.2.4 |
| Feb 14, 2025 08:30:27.962635994 CET | 56847 | 80 | 192.168.2.4 | 132.226.247.73 |
| Feb 14, 2025 08:30:27.963361025 CET | 80 | 56849 | 132.226.247.73 | 192.168.2.4 |
| Feb 14, 2025 08:30:27.963428974 CET | 56849 | 80 | 192.168.2.4 | 132.226.247.73 |
| Feb 14, 2025 08:30:27.963551998 CET | 56849 | 80 | 192.168.2.4 | 132.226.247.73 |
| Feb 14, 2025 08:30:27.968343019 CET | 80 | 56849 | 132.226.247.73 | 192.168.2.4 |
| Feb 14, 2025 08:30:28.635436058 CET | 80 | 56849 | 132.226.247.73 | 192.168.2.4 |
| Feb 14, 2025 08:30:28.637099981 CET | 56850 | 443 | 192.168.2.4 | 104.21.112.1 |
| Feb 14, 2025 08:30:28.637137890 CET | 443 | 56850 | 104.21.112.1 | 192.168.2.4 |
| Feb 14, 2025 08:30:28.637228012 CET | 56850 | 443 | 192.168.2.4 | 104.21.112.1 |
| Feb 14, 2025 08:30:28.637588024 CET | 56850 | 443 | 192.168.2.4 | 104.21.112.1 |
| Feb 14, 2025 08:30:28.637614965 CET | 443 | 56850 | 104.21.112.1 | 192.168.2.4 |
| Feb 14, 2025 08:30:28.680259943 CET | 56849 | 80 | 192.168.2.4 | 132.226.247.73 |
| Feb 14, 2025 08:30:29.100656033 CET | 443 | 56850 | 104.21.112.1 | 192.168.2.4 |
| Feb 14, 2025 08:30:29.103195906 CET | 56850 | 443 | 192.168.2.4 | 104.21.112.1 |
| Feb 14, 2025 08:30:29.103218079 CET | 443 | 56850 | 104.21.112.1 | 192.168.2.4 |
| Feb 14, 2025 08:30:29.231652975 CET | 443 | 56850 | 104.21.112.1 | 192.168.2.4 |
| Feb 14, 2025 08:30:29.231751919 CET | 443 | 56850 | 104.21.112.1 | 192.168.2.4 |
| Feb 14, 2025 08:30:29.232058048 CET | 56850 | 443 | 192.168.2.4 | 104.21.112.1 |
| Feb 14, 2025 08:30:29.233356953 CET | 56850 | 443 | 192.168.2.4 | 104.21.112.1 |
| Feb 14, 2025 08:30:29.242513895 CET | 56849 | 80 | 192.168.2.4 | 132.226.247.73 |
| Feb 14, 2025 08:30:29.243923903 CET | 56851 | 80 | 192.168.2.4 | 132.226.247.73 |
| Feb 14, 2025 08:30:29.247586012 CET | 80 | 56849 | 132.226.247.73 | 192.168.2.4 |
| Feb 14, 2025 08:30:29.247674942 CET | 56849 | 80 | 192.168.2.4 | 132.226.247.73 |
| Feb 14, 2025 08:30:29.248739004 CET | 80 | 56851 | 132.226.247.73 | 192.168.2.4 |
| Feb 14, 2025 08:30:29.248922110 CET | 56851 | 80 | 192.168.2.4 | 132.226.247.73 |
| Feb 14, 2025 08:30:29.249140978 CET | 56851 | 80 | 192.168.2.4 | 132.226.247.73 |
| Feb 14, 2025 08:30:29.253956079 CET | 80 | 56851 | 132.226.247.73 | 192.168.2.4 |
| Feb 14, 2025 08:30:29.913862944 CET | 80 | 56851 | 132.226.247.73 | 192.168.2.4 |
| Feb 14, 2025 08:30:29.915503979 CET | 56852 | 443 | 192.168.2.4 | 104.21.112.1 |
| Feb 14, 2025 08:30:29.915555954 CET | 443 | 56852 | 104.21.112.1 | 192.168.2.4 |
| Feb 14, 2025 08:30:29.915623903 CET | 56852 | 443 | 192.168.2.4 | 104.21.112.1 |
| Feb 14, 2025 08:30:29.916132927 CET | 56852 | 443 | 192.168.2.4 | 104.21.112.1 |
| Feb 14, 2025 08:30:29.916143894 CET | 443 | 56852 | 104.21.112.1 | 192.168.2.4 |
| Feb 14, 2025 08:30:29.961424112 CET | 56851 | 80 | 192.168.2.4 | 132.226.247.73 |
| Feb 14, 2025 08:30:30.377633095 CET | 443 | 56852 | 104.21.112.1 | 192.168.2.4 |
| Feb 14, 2025 08:30:30.379595041 CET | 56852 | 443 | 192.168.2.4 | 104.21.112.1 |
| Feb 14, 2025 08:30:30.379615068 CET | 443 | 56852 | 104.21.112.1 | 192.168.2.4 |
| Feb 14, 2025 08:30:30.509452105 CET | 443 | 56852 | 104.21.112.1 | 192.168.2.4 |
| Feb 14, 2025 08:30:30.509521008 CET | 443 | 56852 | 104.21.112.1 | 192.168.2.4 |
| Feb 14, 2025 08:30:30.509605885 CET | 56852 | 443 | 192.168.2.4 | 104.21.112.1 |
| Feb 14, 2025 08:30:30.510128975 CET | 56852 | 443 | 192.168.2.4 | 104.21.112.1 |
| Feb 14, 2025 08:30:30.515218973 CET | 56851 | 80 | 192.168.2.4 | 132.226.247.73 |
| Feb 14, 2025 08:30:30.515872002 CET | 56853 | 80 | 192.168.2.4 | 132.226.247.73 |
| Feb 14, 2025 08:30:30.520203114 CET | 80 | 56851 | 132.226.247.73 | 192.168.2.4 |
| Feb 14, 2025 08:30:30.520262003 CET | 56851 | 80 | 192.168.2.4 | 132.226.247.73 |
| Feb 14, 2025 08:30:30.520735025 CET | 80 | 56853 | 132.226.247.73 | 192.168.2.4 |
| Feb 14, 2025 08:30:30.520802975 CET | 56853 | 80 | 192.168.2.4 | 132.226.247.73 |
| Feb 14, 2025 08:30:30.520921946 CET | 56853 | 80 | 192.168.2.4 | 132.226.247.73 |
| Feb 14, 2025 08:30:30.525698900 CET | 80 | 56853 | 132.226.247.73 | 192.168.2.4 |
| Feb 14, 2025 08:30:31.211620092 CET | 80 | 56853 | 132.226.247.73 | 192.168.2.4 |
| Feb 14, 2025 08:30:31.213365078 CET | 56854 | 443 | 192.168.2.4 | 104.21.112.1 |
| Feb 14, 2025 08:30:31.213406086 CET | 443 | 56854 | 104.21.112.1 | 192.168.2.4 |
| Feb 14, 2025 08:30:31.213514090 CET | 56854 | 443 | 192.168.2.4 | 104.21.112.1 |
| Feb 14, 2025 08:30:31.213807106 CET | 56854 | 443 | 192.168.2.4 | 104.21.112.1 |
| Feb 14, 2025 08:30:31.213818073 CET | 443 | 56854 | 104.21.112.1 | 192.168.2.4 |
| Feb 14, 2025 08:30:31.258388042 CET | 56853 | 80 | 192.168.2.4 | 132.226.247.73 |
| Feb 14, 2025 08:30:31.667294979 CET | 443 | 56854 | 104.21.112.1 | 192.168.2.4 |
| Feb 14, 2025 08:30:31.670785904 CET | 56854 | 443 | 192.168.2.4 | 104.21.112.1 |
| Feb 14, 2025 08:30:31.670802116 CET | 443 | 56854 | 104.21.112.1 | 192.168.2.4 |
| Feb 14, 2025 08:30:31.812796116 CET | 443 | 56854 | 104.21.112.1 | 192.168.2.4 |
| Feb 14, 2025 08:30:31.812865019 CET | 443 | 56854 | 104.21.112.1 | 192.168.2.4 |
| Feb 14, 2025 08:30:31.812930107 CET | 56854 | 443 | 192.168.2.4 | 104.21.112.1 |
| Feb 14, 2025 08:30:31.813630104 CET | 56854 | 443 | 192.168.2.4 | 104.21.112.1 |
| Feb 14, 2025 08:30:31.817667961 CET | 56853 | 80 | 192.168.2.4 | 132.226.247.73 |
| Feb 14, 2025 08:30:31.818766117 CET | 56855 | 80 | 192.168.2.4 | 132.226.247.73 |
| Feb 14, 2025 08:30:31.822607994 CET | 80 | 56853 | 132.226.247.73 | 192.168.2.4 |
| Feb 14, 2025 08:30:31.822720051 CET | 56853 | 80 | 192.168.2.4 | 132.226.247.73 |
| Feb 14, 2025 08:30:31.823532104 CET | 80 | 56855 | 132.226.247.73 | 192.168.2.4 |
| Feb 14, 2025 08:30:31.823602915 CET | 56855 | 80 | 192.168.2.4 | 132.226.247.73 |
| Feb 14, 2025 08:30:31.823808908 CET | 56855 | 80 | 192.168.2.4 | 132.226.247.73 |
| Feb 14, 2025 08:30:31.828567028 CET | 80 | 56855 | 132.226.247.73 | 192.168.2.4 |
| Feb 14, 2025 08:30:33.490895987 CET | 80 | 56855 | 132.226.247.73 | 192.168.2.4 |
| Feb 14, 2025 08:30:33.492952108 CET | 56856 | 443 | 192.168.2.4 | 104.21.112.1 |
| Feb 14, 2025 08:30:33.492995024 CET | 443 | 56856 | 104.21.112.1 | 192.168.2.4 |
| Feb 14, 2025 08:30:33.493141890 CET | 56856 | 443 | 192.168.2.4 | 104.21.112.1 |
| Feb 14, 2025 08:30:33.493418932 CET | 56856 | 443 | 192.168.2.4 | 104.21.112.1 |
| Feb 14, 2025 08:30:33.493433952 CET | 443 | 56856 | 104.21.112.1 | 192.168.2.4 |
| Feb 14, 2025 08:30:33.539679050 CET | 56855 | 80 | 192.168.2.4 | 132.226.247.73 |
| Feb 14, 2025 08:30:33.955904961 CET | 443 | 56856 | 104.21.112.1 | 192.168.2.4 |
| Feb 14, 2025 08:30:33.957650900 CET | 56856 | 443 | 192.168.2.4 | 104.21.112.1 |
| Feb 14, 2025 08:30:33.957688093 CET | 443 | 56856 | 104.21.112.1 | 192.168.2.4 |
| Feb 14, 2025 08:30:34.103473902 CET | 443 | 56856 | 104.21.112.1 | 192.168.2.4 |
| Feb 14, 2025 08:30:34.103540897 CET | 443 | 56856 | 104.21.112.1 | 192.168.2.4 |
| Feb 14, 2025 08:30:34.103596926 CET | 56856 | 443 | 192.168.2.4 | 104.21.112.1 |
| Feb 14, 2025 08:30:34.104202986 CET | 56856 | 443 | 192.168.2.4 | 104.21.112.1 |
| Feb 14, 2025 08:30:34.107867002 CET | 56855 | 80 | 192.168.2.4 | 132.226.247.73 |
| Feb 14, 2025 08:30:34.108928919 CET | 56857 | 80 | 192.168.2.4 | 132.226.247.73 |
| Feb 14, 2025 08:30:34.112832069 CET | 80 | 56855 | 132.226.247.73 | 192.168.2.4 |
| Feb 14, 2025 08:30:34.112910032 CET | 56855 | 80 | 192.168.2.4 | 132.226.247.73 |
| Feb 14, 2025 08:30:34.113724947 CET | 80 | 56857 | 132.226.247.73 | 192.168.2.4 |
| Feb 14, 2025 08:30:34.113790989 CET | 56857 | 80 | 192.168.2.4 | 132.226.247.73 |
| Feb 14, 2025 08:30:34.113938093 CET | 56857 | 80 | 192.168.2.4 | 132.226.247.73 |
| Feb 14, 2025 08:30:34.118756056 CET | 80 | 56857 | 132.226.247.73 | 192.168.2.4 |
| Feb 14, 2025 08:30:34.783020973 CET | 80 | 56857 | 132.226.247.73 | 192.168.2.4 |
| Feb 14, 2025 08:30:34.784852028 CET | 56858 | 443 | 192.168.2.4 | 104.21.112.1 |
| Feb 14, 2025 08:30:34.784899950 CET | 443 | 56858 | 104.21.112.1 | 192.168.2.4 |
| Feb 14, 2025 08:30:34.784992933 CET | 56858 | 443 | 192.168.2.4 | 104.21.112.1 |
| Feb 14, 2025 08:30:34.785336018 CET | 56858 | 443 | 192.168.2.4 | 104.21.112.1 |
| Feb 14, 2025 08:30:34.785351992 CET | 443 | 56858 | 104.21.112.1 | 192.168.2.4 |
| Feb 14, 2025 08:30:34.836500883 CET | 56857 | 80 | 192.168.2.4 | 132.226.247.73 |
| Feb 14, 2025 08:30:35.239376068 CET | 443 | 56858 | 104.21.112.1 | 192.168.2.4 |
| Feb 14, 2025 08:30:35.241617918 CET | 56858 | 443 | 192.168.2.4 | 104.21.112.1 |
| Feb 14, 2025 08:30:35.241669893 CET | 443 | 56858 | 104.21.112.1 | 192.168.2.4 |
| Feb 14, 2025 08:30:35.387212038 CET | 443 | 56858 | 104.21.112.1 | 192.168.2.4 |
| Feb 14, 2025 08:30:35.387299061 CET | 443 | 56858 | 104.21.112.1 | 192.168.2.4 |
| Feb 14, 2025 08:30:35.387356997 CET | 56858 | 443 | 192.168.2.4 | 104.21.112.1 |
| Feb 14, 2025 08:30:35.387995005 CET | 56858 | 443 | 192.168.2.4 | 104.21.112.1 |
| Feb 14, 2025 08:30:35.407419920 CET | 56857 | 80 | 192.168.2.4 | 132.226.247.73 |
| Feb 14, 2025 08:30:35.412383080 CET | 80 | 56857 | 132.226.247.73 | 192.168.2.4 |
| Feb 14, 2025 08:30:35.412477970 CET | 56857 | 80 | 192.168.2.4 | 132.226.247.73 |
| Feb 14, 2025 08:30:35.415551901 CET | 56859 | 443 | 192.168.2.4 | 149.154.167.220 |
| Feb 14, 2025 08:30:35.415604115 CET | 443 | 56859 | 149.154.167.220 | 192.168.2.4 |
| Feb 14, 2025 08:30:35.415672064 CET | 56859 | 443 | 192.168.2.4 | 149.154.167.220 |
| Feb 14, 2025 08:30:35.416241884 CET | 56859 | 443 | 192.168.2.4 | 149.154.167.220 |
| Feb 14, 2025 08:30:35.416258097 CET | 443 | 56859 | 149.154.167.220 | 192.168.2.4 |
| Feb 14, 2025 08:30:36.037153006 CET | 443 | 56859 | 149.154.167.220 | 192.168.2.4 |
| Feb 14, 2025 08:30:36.037311077 CET | 56859 | 443 | 192.168.2.4 | 149.154.167.220 |
| Feb 14, 2025 08:30:36.039343119 CET | 56859 | 443 | 192.168.2.4 | 149.154.167.220 |
| Feb 14, 2025 08:30:36.039351940 CET | 443 | 56859 | 149.154.167.220 | 192.168.2.4 |
| Feb 14, 2025 08:30:36.039674997 CET | 443 | 56859 | 149.154.167.220 | 192.168.2.4 |
| Feb 14, 2025 08:30:36.041369915 CET | 56859 | 443 | 192.168.2.4 | 149.154.167.220 |
| Feb 14, 2025 08:30:36.083347082 CET | 443 | 56859 | 149.154.167.220 | 192.168.2.4 |
| Feb 14, 2025 08:30:36.332904100 CET | 443 | 56859 | 149.154.167.220 | 192.168.2.4 |
| Feb 14, 2025 08:30:36.333005905 CET | 443 | 56859 | 149.154.167.220 | 192.168.2.4 |
| Feb 14, 2025 08:30:36.333355904 CET | 56859 | 443 | 192.168.2.4 | 149.154.167.220 |
| Feb 14, 2025 08:30:36.333775043 CET | 56859 | 443 | 192.168.2.4 | 149.154.167.220 |
| Feb 14, 2025 08:30:42.819060087 CET | 56842 | 80 | 192.168.2.4 | 132.226.247.73 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Feb 14, 2025 08:29:11.749643087 CET | 53 | 53435 | 1.1.1.1 | 192.168.2.4 |
| Feb 14, 2025 08:30:14.322674036 CET | 60958 | 53 | 192.168.2.4 | 1.1.1.1 |
| Feb 14, 2025 08:30:14.329492092 CET | 53 | 60958 | 1.1.1.1 | 192.168.2.4 |
| Feb 14, 2025 08:30:15.428579092 CET | 49897 | 53 | 192.168.2.4 | 1.1.1.1 |
| Feb 14, 2025 08:30:15.435981035 CET | 53 | 49897 | 1.1.1.1 | 192.168.2.4 |
| Feb 14, 2025 08:30:19.918581963 CET | 61201 | 53 | 192.168.2.4 | 1.1.1.1 |
| Feb 14, 2025 08:30:19.925506115 CET | 53 | 61201 | 1.1.1.1 | 192.168.2.4 |
| Feb 14, 2025 08:30:21.176479101 CET | 49730 | 53 | 192.168.2.4 | 1.1.1.1 |
| Feb 14, 2025 08:30:21.185801983 CET | 53 | 49730 | 1.1.1.1 | 192.168.2.4 |
| Feb 14, 2025 08:30:35.407320976 CET | 55784 | 53 | 192.168.2.4 | 1.1.1.1 |
| Feb 14, 2025 08:30:35.414267063 CET | 53 | 55784 | 1.1.1.1 | 192.168.2.4 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Feb 14, 2025 08:30:14.322674036 CET | 192.168.2.4 | 1.1.1.1 | 0x49a9 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Feb 14, 2025 08:30:15.428579092 CET | 192.168.2.4 | 1.1.1.1 | 0x7366 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Feb 14, 2025 08:30:19.918581963 CET | 192.168.2.4 | 1.1.1.1 | 0x85b4 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Feb 14, 2025 08:30:21.176479101 CET | 192.168.2.4 | 1.1.1.1 | 0xcf0c | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Feb 14, 2025 08:30:35.407320976 CET | 192.168.2.4 | 1.1.1.1 | 0xd679 | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Feb 14, 2025 08:30:14.329492092 CET | 1.1.1.1 | 192.168.2.4 | 0x49a9 | No error (0) | 172.217.23.110 | A (IP address) | IN (0x0001) | false | ||
| Feb 14, 2025 08:30:15.435981035 CET | 1.1.1.1 | 192.168.2.4 | 0x7366 | No error (0) | 142.250.181.225 | A (IP address) | IN (0x0001) | false | ||
| Feb 14, 2025 08:30:19.925506115 CET | 1.1.1.1 | 192.168.2.4 | 0x85b4 | No error (0) | checkip.dyndns.com | CNAME (Canonical name) | IN (0x0001) | false | ||
| Feb 14, 2025 08:30:19.925506115 CET | 1.1.1.1 | 192.168.2.4 | 0x85b4 | No error (0) | 132.226.247.73 | A (IP address) | IN (0x0001) | false | ||
| Feb 14, 2025 08:30:19.925506115 CET | 1.1.1.1 | 192.168.2.4 | 0x85b4 | No error (0) | 193.122.130.0 | A (IP address) | IN (0x0001) | false | ||
| Feb 14, 2025 08:30:19.925506115 CET | 1.1.1.1 | 192.168.2.4 | 0x85b4 | No error (0) | 158.101.44.242 | A (IP address) | IN (0x0001) | false | ||
| Feb 14, 2025 08:30:19.925506115 CET | 1.1.1.1 | 192.168.2.4 | 0x85b4 | No error (0) | 193.122.6.168 | A (IP address) | IN (0x0001) | false | ||
| Feb 14, 2025 08:30:19.925506115 CET | 1.1.1.1 | 192.168.2.4 | 0x85b4 | No error (0) | 132.226.8.169 | A (IP address) | IN (0x0001) | false | ||
| Feb 14, 2025 08:30:21.185801983 CET | 1.1.1.1 | 192.168.2.4 | 0xcf0c | No error (0) | 104.21.112.1 | A (IP address) | IN (0x0001) | false | ||
| Feb 14, 2025 08:30:21.185801983 CET | 1.1.1.1 | 192.168.2.4 | 0xcf0c | No error (0) | 104.21.64.1 | A (IP address) | IN (0x0001) | false | ||
| Feb 14, 2025 08:30:21.185801983 CET | 1.1.1.1 | 192.168.2.4 | 0xcf0c | No error (0) | 104.21.80.1 | A (IP address) | IN (0x0001) | false | ||
| Feb 14, 2025 08:30:21.185801983 CET | 1.1.1.1 | 192.168.2.4 | 0xcf0c | No error (0) | 104.21.32.1 | A (IP address) | IN (0x0001) | false | ||
| Feb 14, 2025 08:30:21.185801983 CET | 1.1.1.1 | 192.168.2.4 | 0xcf0c | No error (0) | 104.21.48.1 | A (IP address) | IN (0x0001) | false | ||
| Feb 14, 2025 08:30:21.185801983 CET | 1.1.1.1 | 192.168.2.4 | 0xcf0c | No error (0) | 104.21.96.1 | A (IP address) | IN (0x0001) | false | ||
| Feb 14, 2025 08:30:21.185801983 CET | 1.1.1.1 | 192.168.2.4 | 0xcf0c | No error (0) | 104.21.16.1 | A (IP address) | IN (0x0001) | false | ||
| Feb 14, 2025 08:30:35.414267063 CET | 1.1.1.1 | 192.168.2.4 | 0xd679 | No error (0) | 149.154.167.220 | A (IP address) | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.4 | 56821 | 132.226.247.73 | 80 | 1216 | C:\Users\user\Desktop\4a. RFx-4045.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Feb 14, 2025 08:30:19.941034079 CET | 151 | OUT | |
| Feb 14, 2025 08:30:20.605664015 CET | 273 | IN | |
| Feb 14, 2025 08:30:20.611269951 CET | 127 | OUT | |
| Feb 14, 2025 08:30:20.815062046 CET | 273 | IN | |
| Feb 14, 2025 08:30:21.798661947 CET | 127 | OUT | |
| Feb 14, 2025 08:30:22.002763033 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.4 | 56842 | 132.226.247.73 | 80 | 1216 | C:\Users\user\Desktop\4a. RFx-4045.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Feb 14, 2025 08:30:22.654345989 CET | 127 | OUT | |
| Feb 14, 2025 08:30:26.421569109 CET | 697 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 2 | 192.168.2.4 | 56847 | 132.226.247.73 | 80 | 1216 | C:\Users\user\Desktop\4a. RFx-4045.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Feb 14, 2025 08:30:26.454287052 CET | 151 | OUT | |
| Feb 14, 2025 08:30:27.308330059 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 3 | 192.168.2.4 | 56849 | 132.226.247.73 | 80 | 1216 | C:\Users\user\Desktop\4a. RFx-4045.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Feb 14, 2025 08:30:27.963551998 CET | 151 | OUT | |
| Feb 14, 2025 08:30:28.635436058 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 4 | 192.168.2.4 | 56851 | 132.226.247.73 | 80 | 1216 | C:\Users\user\Desktop\4a. RFx-4045.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Feb 14, 2025 08:30:29.249140978 CET | 151 | OUT | |
| Feb 14, 2025 08:30:29.913862944 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 5 | 192.168.2.4 | 56853 | 132.226.247.73 | 80 | 1216 | C:\Users\user\Desktop\4a. RFx-4045.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Feb 14, 2025 08:30:30.520921946 CET | 151 | OUT | |
| Feb 14, 2025 08:30:31.211620092 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 6 | 192.168.2.4 | 56855 | 132.226.247.73 | 80 | 1216 | C:\Users\user\Desktop\4a. RFx-4045.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Feb 14, 2025 08:30:31.823808908 CET | 151 | OUT | |
| Feb 14, 2025 08:30:33.490895987 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 7 | 192.168.2.4 | 56857 | 132.226.247.73 | 80 | 1216 | C:\Users\user\Desktop\4a. RFx-4045.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Feb 14, 2025 08:30:34.113938093 CET | 151 | OUT | |
| Feb 14, 2025 08:30:34.783020973 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.4 | 56784 | 172.217.23.110 | 443 | 1216 | C:\Users\user\Desktop\4a. RFx-4045.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-02-14 07:30:15 UTC | 216 | OUT | |
| 2025-02-14 07:30:15 UTC | 1610 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.4 | 56794 | 142.250.181.225 | 443 | 1216 | C:\Users\user\Desktop\4a. RFx-4045.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-02-14 07:30:16 UTC | 258 | OUT | |
| 2025-02-14 07:30:18 UTC | 5015 | IN | |
| 2025-02-14 07:30:18 UTC | 5015 | IN | |
| 2025-02-14 07:30:18 UTC | 4668 | IN | |
| 2025-02-14 07:30:18 UTC | 1323 | IN | |
| 2025-02-14 07:30:18 UTC | 1390 | IN | |
| 2025-02-14 07:30:18 UTC | 1390 | IN | |
| 2025-02-14 07:30:18 UTC | 1390 | IN | |
| 2025-02-14 07:30:18 UTC | 1390 | IN | |
| 2025-02-14 07:30:18 UTC | 1390 | IN | |
| 2025-02-14 07:30:18 UTC | 1390 | IN | |
| 2025-02-14 07:30:18 UTC | 1390 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 2 | 192.168.2.4 | 56830 | 104.21.112.1 | 443 | 1216 | C:\Users\user\Desktop\4a. RFx-4045.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-02-14 07:30:21 UTC | 85 | OUT | |
| 2025-02-14 07:30:21 UTC | 859 | IN | |
| 2025-02-14 07:30:21 UTC | 362 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 3 | 192.168.2.4 | 56836 | 104.21.112.1 | 443 | 1216 | C:\Users\user\Desktop\4a. RFx-4045.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-02-14 07:30:22 UTC | 61 | OUT | |
| 2025-02-14 07:30:22 UTC | 863 | IN | |
| 2025-02-14 07:30:22 UTC | 362 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 4 | 192.168.2.4 | 56848 | 104.21.112.1 | 443 | 1216 | C:\Users\user\Desktop\4a. RFx-4045.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-02-14 07:30:27 UTC | 85 | OUT | |
| 2025-02-14 07:30:27 UTC | 863 | IN | |
| 2025-02-14 07:30:27 UTC | 362 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 5 | 192.168.2.4 | 56850 | 104.21.112.1 | 443 | 1216 | C:\Users\user\Desktop\4a. RFx-4045.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-02-14 07:30:29 UTC | 85 | OUT | |
| 2025-02-14 07:30:29 UTC | 853 | IN | |
| 2025-02-14 07:30:29 UTC | 362 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 6 | 192.168.2.4 | 56852 | 104.21.112.1 | 443 | 1216 | C:\Users\user\Desktop\4a. RFx-4045.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-02-14 07:30:30 UTC | 61 | OUT | |
| 2025-02-14 07:30:30 UTC | 857 | IN | |
| 2025-02-14 07:30:30 UTC | 362 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 7 | 192.168.2.4 | 56854 | 104.21.112.1 | 443 | 1216 | C:\Users\user\Desktop\4a. RFx-4045.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-02-14 07:30:31 UTC | 85 | OUT | |
| 2025-02-14 07:30:31 UTC | 855 | IN | |
| 2025-02-14 07:30:31 UTC | 362 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 8 | 192.168.2.4 | 56856 | 104.21.112.1 | 443 | 1216 | C:\Users\user\Desktop\4a. RFx-4045.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-02-14 07:30:33 UTC | 61 | OUT | |
| 2025-02-14 07:30:34 UTC | 857 | IN | |
| 2025-02-14 07:30:34 UTC | 362 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 9 | 192.168.2.4 | 56858 | 104.21.112.1 | 443 | 1216 | C:\Users\user\Desktop\4a. RFx-4045.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-02-14 07:30:35 UTC | 85 | OUT | |
| 2025-02-14 07:30:35 UTC | 857 | IN | |
| 2025-02-14 07:30:35 UTC | 362 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 10 | 192.168.2.4 | 56859 | 149.154.167.220 | 443 | 1216 | C:\Users\user\Desktop\4a. RFx-4045.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-02-14 07:30:36 UTC | 349 | OUT | |
| 2025-02-14 07:30:36 UTC | 344 | IN | |
| 2025-02-14 07:30:36 UTC | 55 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 02:28:45 |
| Start date: | 14/02/2025 |
| Path: | C:\Users\user\Desktop\4a. RFx-4045.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 1'468'848 bytes |
| MD5 hash: | 95CCF2BCD18E87A3386E71A5D09E75FE |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | low |
| Has exited: | true |
| Target ID: | 4 |
| Start time: | 02:29:58 |
| Start date: | 14/02/2025 |
| Path: | C:\Users\user\Desktop\4a. RFx-4045.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 1'468'848 bytes |
| MD5 hash: | 95CCF2BCD18E87A3386E71A5D09E75FE |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
| Has exited: | false |