Edit tour
Windows
Analysis Report
NDCNDvC27F.exe
Overview
General Information
| Sample name: | NDCNDvC27F.exerenamed because original name is a hash value |
| Original sample name: | f244e767138599c4a0c605431d2be543d45da2adfb9ce4a2dcb499704febf381.exe |
| Analysis ID: | 1632239 |
| MD5: | 429e48d78bf4bf8403c99c46e6514840 |
| SHA1: | 378bad9d0c769087eee0159da95bf216b1ed7f56 |
| SHA256: | f244e767138599c4a0c605431d2be543d45da2adfb9ce4a2dcb499704febf381 |
| Tags: | exenjratsigneduser-adrian__luca |
| Infos: |  |
 | |
Detection
GuLoader, Snake Keylogger
| Score: | 92 |
| Range: | 0 - 100 |
| Confidence: | 100% |
Signatures
Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected GuLoader
Yara detected Snake Keylogger
AI detected suspicious PE digital signature
Joe Sandbox ML detected suspicious sample
Switches to a custom stack to bypass stack traces
Tries to detect the country of the analysis system (by using the IP)
Tries to detect virtualization through RDTSC time measurements
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality for read data from the clipboard
Contains functionality to dynamically determine API calls
Contains functionality to shutdown / reboot the system
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Shows file infection / information gathering behavior (enumerates multiple directory for files)
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Classification
- System is w10x64
NDCNDvC27F.exe (PID: 6696 cmdline: "C:\Users\ user\Deskt op\NDCNDvC 27F.exe" MD5: 429E48D78BF4BF8403C99C46E6514840) - NDCNDvC27F.exe (PID: 6284 cmdline:
"C:\Users\ user\Deskt op\NDCNDvC 27F.exe" MD5: 429E48D78BF4BF8403C99C46E6514840)
- cleanup
| Name | Description | Attribution | Blogpost URLs | Link |
|---|---|---|---|---|
| CloudEyE, GuLoader | CloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored. | No Attribution |
| Name | Description | Attribution | Blogpost URLs | Link |
|---|---|---|---|---|
| 404 Keylogger, Snake Keylogger | Snake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram. | No Attribution |
{"Exfil Mode": "Telegram", "Token": "8099931947:AAE1ESweRA82yXTxOE-G8GWsPBJDgGqE32Y", "Chat_id": "5898096617\n", "Version": "4.4"}| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_SnakeKeylogger | Yara detected Snake Keylogger | Joe Security | ||
| JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security |
⊘No Sigma rule has matched
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-03-07T21:25:01.952682+0100 | 2803305 | 3 | Unknown Traffic | 192.168.2.6 | 49696 | 104.21.48.1 | 443 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-03-07T21:24:56.138287+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.6 | 49694 | 193.122.6.168 | 80 | TCP |
| 2025-03-07T21:24:59.528970+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.6 | 49694 | 193.122.6.168 | 80 | TCP |
| 2025-03-07T21:25:05.833937+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.6 | 49697 | 193.122.6.168 | 80 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-03-07T21:24:48.792130+0100 | 2803270 | 2 | Potentially Bad Traffic | 192.168.2.6 | 49692 | 142.250.185.142 | 443 | TCP |
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | Malware Configuration Extractor: | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | ReversingLabs: | |||
| Source: | Integrated Neural Analysis Model: | ||
Location Tracking | |
|---|
| Source: | DNS query: | ||
| Source: | Static PE information: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Directory queried: | ||
| Source: | Code function: | 0_2_00402706 | |
| Source: | Code function: | 0_2_00405731 | |
| Source: | Code function: | 0_2_004061E5 | |
| Source: | Code function: | 9_2_00402706 | |
| Source: | Code function: | 9_2_00405731 | |
| Source: | Code function: | 9_2_004061E5 | |
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | JA3 fingerprint: | ||
| Source: | JA3 fingerprint: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Code function: | 0_2_00405295 | |
| Source: | Process Stats: | ||
| Source: | Code function: | 0_2_0040331C | |
| Source: | Code function: | 9_2_0040331C | |
| Source: | File created: | Jump to behavior | ||
| Source: | Code function: | 0_2_00404AD2 | |
| Source: | Code function: | 0_2_004064F7 | |
| Source: | Code function: | 9_2_00404AD2 | |
| Source: | Code function: | 9_2_004064F7 | |
| Source: | Code function: | 9_2_03645370 | |
| Source: | Code function: | 9_2_0364C146 | |
| Source: | Code function: | 9_2_036469A0 | |
| Source: | Code function: | 9_2_03646FC8 | |
| Source: | Code function: | 9_2_03643E09 | |
| Source: | Code function: | 9_2_03649DE0 | |
| Source: | Code function: | 9_2_036429E0 | |
| Source: | Code function: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Classification label: | ||
| Source: | Code function: | 0_2_0040458C | |
| Source: | Code function: | 0_2_0040206A | |
| Source: | File created: | Jump to behavior | ||
| Source: | Mutant created: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Virustotal: | ||
| Source: | ReversingLabs: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | LNK file: | ||
| Source: | LNK file: | ||
Data Obfuscation | |
|---|
| Source: | File source: | ||
| Source: | Code function: | 0_2_0040620C | |
| Source: | Code function: | 0_2_10002D7E | |
| Source: | Code function: | 9_2_03649D55 | |
Persistence and Installation Behavior | |
|---|
| Source: | Joe Sandbox AI: | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
Malware Analysis System Evasion | |
|---|
| Source: | API/Special instruction interceptor: | ||
| Source: | API/Special instruction interceptor: | ||
| Source: | RDTSC instruction interceptor: | ||
| Source: | RDTSC instruction interceptor: | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Last function: | ||
| Source: | Last function: | ||
| Source: | Code function: | 0_2_00402706 | |
| Source: | Code function: | 0_2_00405731 | |
| Source: | Code function: | 0_2_004061E5 | |
| Source: | Code function: | 9_2_00402706 | |
| Source: | Code function: | 9_2_00405731 | |
| Source: | Code function: | 9_2_004061E5 | |
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | API call chain: | graph_0-4669 | ||
| Source: | API call chain: | graph_0-4671 | ||
| Source: | Code function: | 0_2_0040620C | |
| Source: | Process token adjusted: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Code function: | 0_2_00405EC4 | |
| Source: | Key value queried: | Jump to behavior | ||
Stealing of Sensitive Information | |
|---|
| Source: | File source: | ||
| Source: | Directory queried: | ||
Remote Access Functionality | |
|---|
| Source: | File source: | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Native API | 1 DLL Side-Loading | 11 Process Injection | 11 Masquerading | OS Credential Dumping | 21 Security Software Discovery | Remote Services | 1 Archive Collected Data | 11 Encrypted Channel | Exfiltration Over Other Network Medium | 1 System Shutdown/Reboot |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 1 Disable or Modify Tools | LSASS Memory | 31 Virtualization/Sandbox Evasion | Remote Desktop Protocol | 1 Clipboard Data | 1 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 31 Virtualization/Sandbox Evasion | Security Account Manager | 1 Application Window Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 2 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 11 Process Injection | NTDS | 1 System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 13 Application Layer Protocol | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Deobfuscate/Decode Files or Information | LSA Secrets | 12 File and Directory Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
| Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 2 Obfuscated Files or Information | Cached Domain Credentials | 214 System Information Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
| DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 1 DLL Side-Loading | DCSync | Remote System Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 66% | Virustotal | Browse | ||
| 58% | ReversingLabs | Win32.Trojan.Leonem |
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | ReversingLabs | |||
| 0% | Virustotal | Browse |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| drive.google.com | 142.250.185.142 | true | false | high | |
| drive.usercontent.google.com | 216.58.206.33 | true | false | high | |
| reallyfreegeoip.org | 104.21.48.1 | true | false | high | |
| checkip.dyndns.com | 193.122.6.168 | true | false | high | |
| checkip.dyndns.org | unknown | unknown | false | high |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| false | high | ||
| false | high |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 104.21.48.1 | reallyfreegeoip.org | United States | 13335 | CLOUDFLARENETUS | false | |
| 142.250.185.142 | drive.google.com | United States | 15169 | GOOGLEUS | false | |
| 193.122.6.168 | checkip.dyndns.com | United States | 31898 | ORACLE-BMC-31898US | false | |
| 216.58.206.33 | drive.usercontent.google.com | United States | 15169 | GOOGLEUS | false |
| Joe Sandbox version: | 42.0.0 Malachite |
| Analysis ID: | 1632239 |
| Start date and time: | 2025-03-07 21:21:58 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 6m 49s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 11 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | NDCNDvC27F.exerenamed because original name is a hash value |
| Original Sample Name: | f244e767138599c4a0c605431d2be543d45da2adfb9ce4a2dcb499704febf381.exe |
| Detection: | MAL |
| Classification: | mal92.troj.evad.winEXE@3/17@4/4 |
| EGA Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SgrmBroker.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 23.60.203.209
- Excluded domains from analysis (whitelisted): fs.microsoft.com, ctldl.windowsupdate.com, c.pki.goog
- Execution Graph export aborted for target NDCNDvC27F.exe, PID 6284 because it is empty
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryDirectoryFile calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
- Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
| Time | Type | Description |
|---|---|---|
| 15:24:59 | API Interceptor |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 104.21.48.1 | Get hash | malicious | FormBook | Browse |
| |
| Get hash | malicious | Lokibot | Browse |
| ||
| Get hash | malicious | Lokibot | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Babadeda | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| 193.122.6.168 | Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| |
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| checkip.dyndns.com | Get hash | malicious | GuLoader | Browse |
| |
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| reallyfreegeoip.org | Get hash | malicious | GuLoader | Browse |
| |
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| ORACLE-BMC-31898US | Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| |
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
| Get hash | malicious | GuLoader | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| ||
| CLOUDFLARENETUS | Get hash | malicious | GuLoader | Browse |
| |
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Growtopia, Phoenix Stealer | Browse |
| ||
| Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Growtopia | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 54328bd36c14bd82ddaa0c04b25ed9ad | Get hash | malicious | GuLoader | Browse |
| |
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| 37f463bf4616ecd445d4a1937da06e19 | Get hash | malicious | FormBook, GuLoader | Browse |
| |
| Get hash | malicious | GuLoader | Browse |
| ||
| Get hash | malicious | GuLoader | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | Vidar | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| C:\Users\user\AppData\Local\Temp\nsv7365.tmp\System.dll | Get hash | malicious | GuLoader, Snake Keylogger | Browse | ||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse | |||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse | |||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse | |||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse | |||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse | |||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse | |||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse | |||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| Process: | C:\Users\user\Desktop\NDCNDvC27F.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1088 |
| Entropy (8bit): | 3.3597400945309137 |
| Encrypted: | false |
| SSDEEP: | 12:8wl0/sXUd9CjXffJ1AM4YqicoRQ9mAYlficoRQ9OOQ1olfW+kjcmAwACBMmLIEAD:8gffJ1zqojlforPizZiACnLXUnRqy |
| MD5: | 8A812C9FF2A19E40F73D0FD3401E4EF9 |
| SHA1: | AFC8445D2671E1B9E198CE730CA35EB8DBE5A8AB |
| SHA-256: | C67873AC45F2C5519547E436D176A04C6EFD6FADFE520008E3E68E309B3135F3 |
| SHA-512: | 3D7C42106C4E0ED56B8F79A07A3DA72CA32CA40F8629296C0DDACE17696126D9870EF7DEA9147001159F398B5FCC3E1800C3995A324BC02F5F07201A9F5C482B |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\NDCNDvC27F.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1096 |
| Entropy (8bit): | 3.277925352125452 |
| Encrypted: | false |
| SSDEEP: | 12:8wl0Y0sXUd9CjXffJegKLkpNqgwfQ1olfW+kjcmAwACBMmLIEAZqFUgMNhvN4t2D:80XffJwLhgdizZiACnLXUnRqy |
| MD5: | AF9E03D1C0A38053A0CD05D9A0E77864 |
| SHA1: | FFE817D6165A54732C9C79A9374FBD4DB118C97B |
| SHA-256: | 6DE5D85302907CBB97ECBF14F6461E0526B132C8803306CE078628F17A80FAAD |
| SHA-512: | E18162440BACC65019C5D2D1B34C6AD2D185FBF3052D3A09AE44A593F11B14243938190B3B2DC53922F497CAE6E322FA220067D181AE7A6EB2F239D7A1581651 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\premierminister\raastofindvindinger\pulpitical\Afguderiets150.txt
Download File
| Process: | C:\Users\user\Desktop\NDCNDvC27F.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 420 |
| Entropy (8bit): | 4.702803069676154 |
| Encrypted: | false |
| SSDEEP: | 12:XgpLd7MRUs+VRKdHOdx/fzVH17PwhGxMXvChUmy:XZGs+VRKFixXztFpMfZ |
| MD5: | 6E29BCEB9974EE689D56F5005BB7202D |
| SHA1: | 6D5B9D63D6D719E2DFE25F4E6B297CA81E2F2FDC |
| SHA-256: | 7007387B5476A98D8A424A65E192D3D9482F81A71C4A6F6A6514599B22815CBB |
| SHA-512: | D735445B88A04B231FA39280675F140F1146B458217DDF0639917C7DEEB0FF325D34FB17350CC20FC23764C58EDB53346EC06CAF814E496389419FA8AA0B5F49 |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\premierminister\raastofindvindinger\pulpitical\Quadrinominal\Catadicrotic.txt
Download File
| Process: | C:\Users\user\Desktop\NDCNDvC27F.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 418 |
| Entropy (8bit): | 4.6190663646477175 |
| Encrypted: | false |
| SSDEEP: | 12:u114MOHT3MUxK9P8pl/3A1nP6uzRS2SqT:u0Pz3Lk9olfOloC |
| MD5: | 050C9A234AB7B30322C3EFFE05E023FE |
| SHA1: | 57E9C9878F84EDBC84DDA6BBA597449682045E3F |
| SHA-256: | F44BE9C8ED64349D20B20078D75F0B3EAB694C3D461A6A8D9E9A4A2D69B7F4D7 |
| SHA-512: | 342C6957AAD2DD2DF6A0ABEAFAB9172507424958A380FCC9653885D250E34EAFAFD97B7369AFD99F4536FE32B1CF173F87871B0B8178FCA17CB27D6E8796F806 |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\premierminister\raastofindvindinger\pulpitical\Quadrinominal\Nonrival.The
Download File
| Process: | C:\Users\user\Desktop\NDCNDvC27F.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 436966 |
| Entropy (8bit): | 2.64936996519318 |
| Encrypted: | false |
| SSDEEP: | 3072:bQHs8nel1jwNIyVMX606w11hwgu+0WqzmeAN01F8Qz:es8nel1sNISMX606wzhnF0vm/NYF8c |
| MD5: | F94A1BDA99B32C039431B6F7FA40371E |
| SHA1: | 5093DE682AECB9836706A4EA2A04EBF0C4AE0C7D |
| SHA-256: | C4F70780821EF9DC5FCCFAB11A3DC088707DF9DB273B3F606F00B74FB230A0D2 |
| SHA-512: | 65A8CA3B2EF9043CFB6929E986A33344C820E838A73054534746C03485CC0C02B0243F50348283D27523F27EE45DD0398B7F36266B446833A0770A6C3965A75C |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\premierminister\raastofindvindinger\pulpitical\Smalningen.Ran
Download File
| Process: | C:\Users\user\Desktop\NDCNDvC27F.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 209674 |
| Entropy (8bit): | 7.530508658009605 |
| Encrypted: | false |
| SSDEEP: | 6144:pQUPivzQ6YqERomqB5ZWq/uxGOiD+vR4Y:pQZP8oJ5ZeGD+vL |
| MD5: | 265A0FA01D7481F38FFCA6889B7B272F |
| SHA1: | 6279F3C341C31C6EA979F2ECAC6A680CAD00285C |
| SHA-256: | 27EE7DE2E23999C09C910FC08E86A18F014D9806D9D101CD1694A298515098BD |
| SHA-512: | 2625EEF8B9977A0C490460E5F236E0294F2760854207C7A1D41DFB8DC3763AC04B0C21AFA237391905156B869AC4ECB84FBCE36B808EC4B91135E91DA9541536 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\premierminister\raastofindvindinger\pulpitical\tofrontskrige\Devoutnesses.txt
Download File
| Process: | C:\Users\user\Desktop\NDCNDvC27F.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 475 |
| Entropy (8bit): | 4.3542790265833675 |
| Encrypted: | false |
| SSDEEP: | 12:t+AKS2bg+3+/Ll3mRoOqd+IAm4YCOCu/JvdXfVEuTBt:t+AiM+3+/+oORLnybXNjt |
| MD5: | 1D33156EB1A1B99FB42DCFAAD5F8507B |
| SHA1: | BC3E09CC2EED6BB0E6CC18734DBD56741A69E898 |
| SHA-256: | C17B44134663E4FD3E807D38EFD54AD9363529C998BDD1808972B877D9868740 |
| SHA-512: | A0D564FE70EC3107A9B97D95D941D1715D3B9400A98F7B25802912FD6C9DDC0E726AEBD7448D2ACF092458C2D27B95E3B4D07853CF64CE78EC21DD817A765D03 |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\premierminister\raastofindvindinger\pulpitical\tofrontskrige\Fibrocartilaginous.eut
Download File
| Process: | C:\Users\user\Desktop\NDCNDvC27F.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 3668281 |
| Entropy (8bit): | 0.1586482976623458 |
| Encrypted: | false |
| SSDEEP: | 24576:paHSA30j7GUTTN1qfdIyGXJayR6KfVBbsMJAL5YvXYRvc6am967q2Ha5v6pHlrER:8 |
| MD5: | 5B59BC89F150197449CC6BA8EDFB5BE2 |
| SHA1: | 14F50AD3A09D0382F786DA023DC041B41CEB9DEA |
| SHA-256: | 7B102E5DF1828D5A268943C19947A74C085FFE85CD9A3CC4DA915794506C5772 |
| SHA-512: | 0372B74E4B3542A784ED8B274584F2FE6203D4F5B36896438F6405D14789BBDDFD6104C27877B9885F6A42D0E6628AC45AB6689304CD93AB4DF809299D27E486 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\premierminister\raastofindvindinger\pulpitical\tofrontskrige\Flugtningerne.con
Download File
| Process: | C:\Users\user\Desktop\NDCNDvC27F.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 6483488 |
| Entropy (8bit): | 0.15918176319715002 |
| Encrypted: | false |
| SSDEEP: | 12288:yd3Q3QCvvJpDXwJqKikWvCQs2wmmZqdOZukbo2PKnO4dxpDzJ9JBtJ1u/08N4IvL:+ |
| MD5: | 88649EB8E8169913A0384E0BF6C57097 |
| SHA1: | 0C9510E755AD46A2EC51511D6057A54ADE9FB876 |
| SHA-256: | 79940BE88674AB93E8B4571D07FF6961A7C3186C5A264156F8E3EE43074A03FC |
| SHA-512: | 53E1161ABDC7B16CBCD78D6F3222F7B3DF97273847AC28415CE851D30443FD3C5683D338F469BA2808B9D15A0A6C4092473B83AECF4FE5DCD90500E5B3424938 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\premierminister\raastofindvindinger\pulpitical\tofrontskrige\Parkgsterne.jpg
Download File
| Process: | C:\Users\user\Desktop\NDCNDvC27F.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 5105 |
| Entropy (8bit): | 7.707469411628028 |
| Encrypted: | false |
| SSDEEP: | 96:Rh2EA0orehnK1NOHhv2qMgU0NbA9I2l26s7v7aqIJuE5X6E:L2h0QyyOHcEU0N0lds7v7aqIJFl6E |
| MD5: | 9D1B62DD46FDA6AD61CCB778EF066AAA |
| SHA1: | BCC9D2C609F6C21373F19D0352B66940F501FDF7 |
| SHA-256: | 04BBB2A1F5AA03C71FDF84159661069150AE1A748687DE2E1A079AF3FA46C2E9 |
| SHA-512: | E1C76B9FA9A947ADCC25F20EBA39E74447487357EE724B29CBF58F61DE9FFC46637B6ED8627C2427DD5961F7F01A096FF821701DD0C7637BE3D7D53414FCD020 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\premierminister\raastofindvindinger\pulpitical\tofrontskrige\Unhealthfully.fet
Download File
| Process: | C:\Users\user\Desktop\NDCNDvC27F.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 3546314 |
| Entropy (8bit): | 0.15902781497317262 |
| Encrypted: | false |
| SSDEEP: | 3072:DU6ggwMAubnOrQTAzAU0YUfpUsQ0iqiHKGeWPKlEk7fO7Xye1AQK3AIfXnxqCp/D:U4 |
| MD5: | F94EBBF3A7C671FC942B917794CBEF99 |
| SHA1: | 3B758A6369077F26BE0F6CD9D4850BEF7B1D9360 |
| SHA-256: | D99A359F39C97D7B0CC4D1BF25DB5D408102DD9C8620798AE7D13A203CF5E9DC |
| SHA-512: | 34E66715AA81F5DFE93638BB82B4867F3A7FC95B7C3906789E17DEC4389FFF56B867207246A5F1E42FE895D734FE7932A8B6629C3448465AAFC8E9870F807E40 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\premierminister\raastofindvindinger\pulpitical\tofrontskrige\hf.udp
Download File
| Process: | C:\Users\user\Desktop\NDCNDvC27F.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 353647 |
| Entropy (8bit): | 0.15907710403027892 |
| Encrypted: | false |
| SSDEEP: | 768:4yIQ3t0qOqAIuSwA+ulme7ikqfZBNlmMGJT:4yndASyjfFmMGJT |
| MD5: | 2C97E07B2BE199BF59EBC17FB69E93F9 |
| SHA1: | 9842B8BFB262F98BE3040F3DFD668D98EDD4B705 |
| SHA-256: | 985B6B12A0B902F3EB7A050B2A6D300C286760DF2C6B0BFDABD58BC4814E691E |
| SHA-512: | FD157D798D3CFFF1997950467C936D3F0252619549CD35C05369ECFFB6AA586A5DB994C26FB108FE582BACB8335537F3117B55431D49A4F91965E6561BA0B599 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\premierminister\raastofindvindinger\pulpitical\tofrontskrige\indberegne.ini
Download File
| Process: | C:\Users\user\Desktop\NDCNDvC27F.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 444 |
| Entropy (8bit): | 4.525295088742093 |
| Encrypted: | false |
| SSDEEP: | 6:73KgcLQdvIPtvg6FV0pRQAdAlBGZMbG/rNp8ct3zLXAkLkLn+ZGMXQBBvn:7xqhtvruRQAKlgZMb0Jp8AAKs+ZGMAb |
| MD5: | 9607A2F26574486A7800BF4604216BA4 |
| SHA1: | 660407EE407DE38306C2B87A08836484FEF365A0 |
| SHA-256: | D2D0B4E5D2B15B838AB70CB57F619B6DFF45693C1D0BA85AB3EF424F9137F263 |
| SHA-512: | 806C04FBD565E0D825D45321963474327DEE514346C720728B1AFD0C496466FE5EF41F85B05A0D7BED2BDD6B86D35D6979B1D12E27DE4EF800BEFDE50EBB84BE |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\premierminister\raastofindvindinger\pulpitical\tofrontskrige\stepmotherly.txt
Download File
| Process: | C:\Users\user\Desktop\NDCNDvC27F.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 559 |
| Entropy (8bit): | 4.296102616189727 |
| Encrypted: | false |
| SSDEEP: | 12:bXtqNUBZnHnk/6QXWygj1S4j2d9CE1IfxlrV7wm1n4IF39CO3:RqCgRu1L2xIfPVwml39C8 |
| MD5: | A50C62B18088D107A85C8702BE38A5AC |
| SHA1: | 17B0A71D87A1DF657749095527DFFC4DD549F793 |
| SHA-256: | A57AF19FF1A065F7B813EE1C8D356EF3C199E3A1F49BB045BDD8391C6E3F185D |
| SHA-512: | 6935DD9D8F8FBE121A7E675A2D82C36B7369B2E661AE04866D8A916EE7B907FB04200C0D68F7F93863CF2AB77125F1C93FFB6CBA38D9344D9BA9EAFFA0E1596B |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\premierminister\raastofindvindinger\pulpitical\tofrontskrige\vejenes.dre
Download File
| Process: | C:\Users\user\Desktop\NDCNDvC27F.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 6308819 |
| Entropy (8bit): | 0.15925830676764186 |
| Encrypted: | false |
| SSDEEP: | 384:+DzGyAR9UEKIy6duRb8D9y8+uW7uJdrYtTefHy49heYmVlrseXxGVaVPcGuceLNp:kzoRBsuhf/uBhy |
| MD5: | 0EA793EA873153FB0A67ADFD9F9451C1 |
| SHA1: | F2449BB27F6DA973F48F8DBC9E0DBF7F87675F19 |
| SHA-256: | C49049BB1D44B45C17EC4314E5F51BD883519682F80F424DAC4C1DAE4AF2DDF5 |
| SHA-512: | 46A1B9741E0D01A209D18F0DF9818C727C0F4814C9643B138A354AADAE7F3E0AB70EEB600C7045243312B583DE230F550500106026861A1EE25EAE356E674B99 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\NDCNDvC27F.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 21049600 |
| Entropy (8bit): | 2.454734154743895 |
| Encrypted: | false |
| SSDEEP: | 24576:C3bP8oJ5gC+vOlAcm6aHSA30j7GUTTN1qfdIyGXJayR6KfVBbsMJAL5YvXYRvc6b:C3bTyCQfl |
| MD5: | 9F2868031C64E1DB06A0AD7D8BA0A4F0 |
| SHA1: | F3ADD444793D4D5684FED7496144647EF6FD8EA9 |
| SHA-256: | 58F1F527F3D85D81797C45465E56A9495FB02B8F36A31B4DC44A985FCB5B3325 |
| SHA-512: | 88FD72BFF594D5D22D49BACCB57ED12CEE671F488BC39FAEDD0FE1F808DB0CC529ED6A569DFE9C725428FD24890C3D9285E209294A46C459B6D3358E6C3FDF5E |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\NDCNDvC27F.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 11264 |
| Entropy (8bit): | 5.775131082799803 |
| Encrypted: | false |
| SSDEEP: | 192:eA2HS+ihg200uWz947Wzvxu6v0MI7JOde+Ij5Z77dslFsEf:mS62Gw947ExuGDI7J8EF7KIE |
| MD5: | B853D5D2361ADE731E33E882707EFC34 |
| SHA1: | C58B1AEABDF1CBB8334EF8797E7ACEAA7A1CB6BE |
| SHA-256: | F0CD96E0B6E40F92AD1AA0EFACDE833BAE807B92FCA19BF062C1CF8ACF29484B |
| SHA-512: | 8EA31D82FFA6F58DAB5632FE72690D3A6DB0BE65AEC85FC8A1F71626773C0974DCEBEFAE17BCF67C4C56EF442545E985EEA0B348FF6E4FC36740640092B08D69 |
| Malicious: | false |
| Antivirus: |
|
| Joe Sandbox View: |
|
| Preview: |
| File type: | |
| Entropy (8bit): | 7.907164294550819 |
| TrID: |
|
| File name: | NDCNDvC27F.exe |
| File size: | 1'016'632 bytes |
| MD5: | 429e48d78bf4bf8403c99c46e6514840 |
| SHA1: | 378bad9d0c769087eee0159da95bf216b1ed7f56 |
| SHA256: | f244e767138599c4a0c605431d2be543d45da2adfb9ce4a2dcb499704febf381 |
| SHA512: | 972bcb45aca7744f98f2e176c23cf700e04c0632c0ec533080eacd68cdeeaea347ffd6d1dbc78f29300f8af4e2662569cafbd4cae8941876ae85f2b6015dce27 |
| SSDEEP: | 24576:WGLX2vjhI4UFdPV2BMZfGdpfl/gmZgxVDOeBaNjAx:r2WAeOpfBcSFhAx |
| TLSH: | 3D252392F784C89BD3838BB64676D2769ED6ED110520020A37DCFEB77976682D422F07 |
| File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1.D9u.*ju.*ju.*j..ujw.*ju.+j..*j..wjd.*j!..j..*j..,jt.*jRichu.*j........PE..L......Q.................`...*.......3.......p....@ |
 | |
| Icon Hash: | bac6b2aeaaaeb6b2 |
| Entrypoint: | 0x40331c |
| Entrypoint Section: | .text |
| Digitally signed: | true |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
| DLL Characteristics: | TERMINAL_SERVER_AWARE |
| Time Stamp: | 0x51E3058B [Sun Jul 14 20:09:47 2013 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 4 |
| OS Version Minor: | 0 |
| File Version Major: | 4 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 4 |
| Subsystem Version Minor: | 0 |
| Import Hash: | 17b7d61bda0f7478e36d9ce3d4170680 |
| Signature Valid: | false |
| Signature Issuer: | CN=Gungrede, E=Taleinput@Talrigeste.tj, O=Gungrede, L=Vauxc\xe9r\xe9, OU="Mediateker Ideliste Nonlevel ", S=Hauts-de-France, C=FR |
| Signature Validation Error: | A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider |
| Error Number: | -2146762487 |
| Not Before, Not After |
|
| Subject Chain |
|
| Version: | 3 |
| Thumbprint MD5: | CFBAA03A88055D4F165500AA4CC8A174 |
| Thumbprint SHA-1: | 4752CD0984CDADFDB8585E6563559F0910FFD0DA |
| Thumbprint SHA-256: | B1F1E6E1E3E1F3003FCE84CF18CC30D16D8E040D7B7F614A69D543DAE7847842 |
| Serial: | 1EAB7A444947AF9F8035A80661EF7DD3F92C8C8A |
| Instruction |
|---|
| sub esp, 000002D4h |
| push ebx |
| push ebp |
| push esi |
| push edi |
| push 00000020h |
| xor ebp, ebp |
| pop esi |
| mov dword ptr [esp+14h], ebp |
| mov dword ptr [esp+10h], 00409230h |
| mov dword ptr [esp+1Ch], ebp |
| call dword ptr [00407034h] |
| push 00008001h |
| call dword ptr [004070BCh] |
| push ebp |
| call dword ptr [004072ACh] |
| push 00000008h |
| mov dword ptr [00429298h], eax |
| call 00007F30648E0C22h |
| mov dword ptr [004291E4h], eax |
| push ebp |
| lea eax, dword ptr [esp+34h] |
| push 000002B4h |
| push eax |
| push ebp |
| push 00420690h |
| call dword ptr [0040717Ch] |
| push 0040937Ch |
| push 004281E0h |
| call 00007F30648E088Dh |
| call dword ptr [00407134h] |
| mov ebx, 00434000h |
| push eax |
| push ebx |
| call 00007F30648E087Bh |
| push ebp |
| call dword ptr [0040710Ch] |
| cmp word ptr [00434000h], 0022h |
| mov dword ptr [004291E0h], eax |
| mov eax, ebx |
| jne 00007F30648DDD7Ah |
| push 00000022h |
| mov eax, 00434002h |
| pop esi |
| push esi |
| push eax |
| call 00007F30648E02E9h |
| push eax |
| call dword ptr [00407240h] |
| mov dword ptr [esp+18h], eax |
| jmp 00007F30648DDE3Eh |
| push 00000020h |
| pop edx |
| cmp cx, dx |
| jne 00007F30648DDD79h |
| inc eax |
| inc eax |
| cmp word ptr [eax], dx |
| je 00007F30648DDD6Bh |
| add word ptr [eax], 0000h |
| Programming Language: |
|
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0x7494 | 0xb4 | .rdata |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x72000 | 0xd698 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0xf74c0 | 0xe78 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x7000 | 0x2b8 | .rdata |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0x5e20 | 0x6000 | dd493ae9ebfb948f2a612edd72200a78 | False | 0.6545003255208334 | data | 6.407301589030798 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .rdata | 0x7000 | 0x1354 | 0x1400 | 8a134e15423272c853e24b49bfc8707f | False | 0.43046875 | data | 5.037834422880877 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .data | 0x9000 | 0x202d8 | 0x600 | baf389fb3ef48369d3c1f90021fcff8b | False | 0.4733072916666667 | data | 3.7606720362000137 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .ndata | 0x2a000 | 0x48000 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .rsrc | 0x72000 | 0xd698 | 0xd800 | 9bac6fbf076b462d9856d662ef171efb | False | 0.19165943287037038 | data | 3.6185917239970986 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
|---|---|---|---|---|---|---|
| RT_ICON | 0x72268 | 0x94a8 | Device independent bitmap graphic, 96 x 192 x 32, image size 38016 | English | United States | 0.1762402774858104 |
| RT_ICON | 0x7b710 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | English | United States | 0.17064315352697096 |
| RT_ICON | 0x7dcb8 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | English | United States | 0.20684803001876173 |
| RT_DIALOG | 0x7ed60 | 0x100 | data | English | United States | 0.5234375 |
| RT_DIALOG | 0x7ee60 | 0xf8 | data | English | United States | 0.6330645161290323 |
| RT_DIALOG | 0x7ef58 | 0xa0 | data | English | United States | 0.6125 |
| RT_DIALOG | 0x7eff8 | 0x60 | data | English | United States | 0.7291666666666666 |
| RT_GROUP_ICON | 0x7f058 | 0x30 | data | English | United States | 0.8333333333333334 |
| RT_VERSION | 0x7f088 | 0x220 | data | English | United States | 0.5459558823529411 |
| RT_MANIFEST | 0x7f2a8 | 0x3ea | XML 1.0 document, ASCII text, with very long lines (1002), with no line terminators | English | United States | 0.5179640718562875 |
| DLL | Import |
|---|---|
| KERNEL32.dll | CompareFileTime, SearchPathW, SetFileTime, CloseHandle, GetShortPathNameW, MoveFileW, SetCurrentDirectoryW, GetFileAttributesW, GetLastError, GetFullPathNameW, CreateDirectoryW, Sleep, GetTickCount, CreateFileW, GetFileSize, GetModuleFileNameW, GetCurrentProcess, CopyFileW, ExitProcess, SetEnvironmentVariableW, GetWindowsDirectoryW, SetFileAttributesW, ExpandEnvironmentStringsW, SetErrorMode, LoadLibraryW, lstrlenW, lstrcpynW, GetDiskFreeSpaceW, GlobalUnlock, GlobalLock, CreateThread, CreateProcessW, RemoveDirectoryW, lstrcmpiA, GetTempFileNameW, lstrcpyA, lstrcpyW, lstrcatW, GetSystemDirectoryW, GetVersion, GetProcAddress, LoadLibraryA, GetModuleHandleA, GetModuleHandleW, lstrcmpiW, lstrcmpW, WaitForSingleObject, GlobalFree, GlobalAlloc, LoadLibraryExW, GetExitCodeProcess, FreeLibrary, WritePrivateProfileStringW, GetCommandLineW, GetTempPathW, GetPrivateProfileStringW, FindFirstFileW, FindNextFileW, DeleteFileW, SetFilePointer, MultiByteToWideChar, FindClose, MulDiv, ReadFile, WriteFile, lstrlenA, WideCharToMultiByte |
| USER32.dll | EndDialog, ScreenToClient, GetWindowRect, RegisterClassW, EnableMenuItem, GetSystemMenu, SetClassLongW, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongW, SetCursor, LoadCursorW, CheckDlgButton, GetMessagePos, LoadBitmapW, CallWindowProcW, IsWindowVisible, CloseClipboard, SetClipboardData, wsprintfW, CreateWindowExW, SystemParametersInfoW, AppendMenuW, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharPrevW, CharNextA, wsprintfA, DispatchMessageW, PeekMessageW, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, GetDC, SetWindowLongW, LoadImageW, SendMessageTimeoutW, FindWindowExW, EmptyClipboard, OpenClipboard, TrackPopupMenu, EndPaint, ShowWindow, GetDlgItem, IsWindow, SetForegroundWindow |
| GDI32.dll | SelectObject, SetBkMode, CreateFontIndirectW, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor |
| SHELL32.dll | SHGetSpecialFolderLocation, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, ShellExecuteW, SHFileOperationW |
| ADVAPI32.dll | RegCloseKey, RegOpenKeyExW, RegDeleteKeyW, RegDeleteValueW, RegEnumValueW, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, RegEnumKeyW |
| COMCTL32.dll | ImageList_Create, ImageList_AddMasked, ImageList_Destroy |
| ole32.dll | CoCreateInstance, CoTaskMemFree, OleInitialize, OleUninitialize |
| VERSION.dll | GetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW |
| Description | Data |
|---|---|
| Comments | esdragol |
| CompanyName | heliographer tomotorersflys |
| FileDescription | drfyldings |
| LegalCopyright | forraa dalsnknings |
| ProductVersion | 2.5.0.0 |
| Translation | 0x0409 0x04e4 |
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| English | United States |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-03-07T21:24:48.792130+0100 | 2803270 | ETPRO MALWARE Common Downloader Header Pattern UHCa | 2 | 192.168.2.6 | 49692 | 142.250.185.142 | 443 | TCP |
| 2025-03-07T21:24:56.138287+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.6 | 49694 | 193.122.6.168 | 80 | TCP |
| 2025-03-07T21:24:59.528970+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.6 | 49694 | 193.122.6.168 | 80 | TCP |
| 2025-03-07T21:25:01.952682+0100 | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 192.168.2.6 | 49696 | 104.21.48.1 | 443 | TCP |
| 2025-03-07T21:25:05.833937+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.6 | 49697 | 193.122.6.168 | 80 | TCP |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Mar 7, 2025 21:24:45.396311998 CET | 49692 | 443 | 192.168.2.6 | 142.250.185.142 |
| Mar 7, 2025 21:24:45.396356106 CET | 443 | 49692 | 142.250.185.142 | 192.168.2.6 |
| Mar 7, 2025 21:24:45.396414995 CET | 49692 | 443 | 192.168.2.6 | 142.250.185.142 |
| Mar 7, 2025 21:24:45.491396904 CET | 49692 | 443 | 192.168.2.6 | 142.250.185.142 |
| Mar 7, 2025 21:24:45.491449118 CET | 443 | 49692 | 142.250.185.142 | 192.168.2.6 |
| Mar 7, 2025 21:24:47.443016052 CET | 443 | 49692 | 142.250.185.142 | 192.168.2.6 |
| Mar 7, 2025 21:24:47.443150997 CET | 49692 | 443 | 192.168.2.6 | 142.250.185.142 |
| Mar 7, 2025 21:24:47.443783998 CET | 443 | 49692 | 142.250.185.142 | 192.168.2.6 |
| Mar 7, 2025 21:24:47.443840027 CET | 49692 | 443 | 192.168.2.6 | 142.250.185.142 |
| Mar 7, 2025 21:24:48.123763084 CET | 49692 | 443 | 192.168.2.6 | 142.250.185.142 |
| Mar 7, 2025 21:24:48.123797894 CET | 443 | 49692 | 142.250.185.142 | 192.168.2.6 |
| Mar 7, 2025 21:24:48.124171019 CET | 443 | 49692 | 142.250.185.142 | 192.168.2.6 |
| Mar 7, 2025 21:24:48.124228001 CET | 49692 | 443 | 192.168.2.6 | 142.250.185.142 |
| Mar 7, 2025 21:24:48.129949093 CET | 49692 | 443 | 192.168.2.6 | 142.250.185.142 |
| Mar 7, 2025 21:24:48.172327995 CET | 443 | 49692 | 142.250.185.142 | 192.168.2.6 |
| Mar 7, 2025 21:24:48.792165995 CET | 443 | 49692 | 142.250.185.142 | 192.168.2.6 |
| Mar 7, 2025 21:24:48.792237997 CET | 49692 | 443 | 192.168.2.6 | 142.250.185.142 |
| Mar 7, 2025 21:24:48.792252064 CET | 443 | 49692 | 142.250.185.142 | 192.168.2.6 |
| Mar 7, 2025 21:24:48.792295933 CET | 49692 | 443 | 192.168.2.6 | 142.250.185.142 |
| Mar 7, 2025 21:24:48.794958115 CET | 49692 | 443 | 192.168.2.6 | 142.250.185.142 |
| Mar 7, 2025 21:24:48.794974089 CET | 443 | 49692 | 142.250.185.142 | 192.168.2.6 |
| Mar 7, 2025 21:24:48.837562084 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:48.837605953 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:48.837680101 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:48.838093996 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:48.838103056 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:50.690361023 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:50.690429926 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:50.694344997 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:50.694359064 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:50.694608927 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:50.694658995 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:50.699974060 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:50.740334034 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:53.697037935 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:53.697460890 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:53.703320980 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:53.703418970 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:53.716892004 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:53.716989040 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:53.716996908 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:53.717072964 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:53.781780005 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:53.781898022 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:53.814423084 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:53.814543962 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:53.814568043 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:53.814613104 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:53.821190119 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:53.821281910 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:53.821293116 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:53.821368933 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:53.825921059 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:53.826033115 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:53.826040030 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:53.826088905 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:53.834418058 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:53.834573030 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:53.834580898 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:53.834625959 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:53.847769976 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:53.847846985 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:53.847860098 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:53.849172115 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:53.855309010 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:53.855367899 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:53.855377913 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:53.857621908 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:53.863202095 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:53.863276005 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:53.863359928 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:53.863396883 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:53.874434948 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:53.874504089 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:53.874512911 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:53.874550104 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:53.881831884 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:53.881916046 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:53.881926060 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:53.882035971 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:53.889650106 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:53.889746904 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:53.889753103 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:53.889885902 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:53.896080971 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:53.896142960 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:53.896152020 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:53.896238089 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:53.909389973 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:53.909514904 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:53.909523964 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:53.909636021 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:53.924489975 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:53.924673080 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:53.936955929 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:53.937011957 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:53.937021017 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:53.937160015 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:53.940129042 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:53.940181971 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:53.940198898 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:53.940262079 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:53.946644068 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:53.946727037 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:53.946733952 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:53.946794987 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:53.953064919 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:53.953124046 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:53.953183889 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:53.953233957 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:53.959677935 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:53.959727049 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:53.959745884 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:53.959760904 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:53.959772110 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:53.959847927 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:53.966187000 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:53.966231108 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:53.966250896 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:53.966423988 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:53.972668886 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:53.972750902 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:53.972760916 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:53.972867012 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:53.979094028 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:53.979161024 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:53.979172945 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:53.979238987 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:53.984875917 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:53.984960079 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:53.984973907 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:53.985069990 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:53.991437912 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:53.991501093 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:53.991512060 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:53.991565943 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:53.997771025 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:53.997828007 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:53.997837067 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:53.997914076 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.005444050 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.005501032 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.005511999 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.005609989 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.012928009 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.013003111 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.013010979 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.013066053 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.023847103 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.024050951 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.024059057 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.024316072 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.026431084 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.026473045 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.026489019 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.026587009 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.035005093 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.035084963 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.035093069 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.035147905 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.045981884 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.046036959 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.046047926 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.046133041 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.050096035 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.050178051 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.050184965 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.050225019 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.051580906 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.051647902 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.051702976 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.051901102 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.058466911 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.058511019 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.058520079 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.058564901 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.062587976 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.062958956 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.083240032 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.083302975 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.083308935 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.083589077 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.084991932 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.085068941 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.085074902 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.085565090 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.087610960 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.087680101 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.090195894 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.090248108 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.090261936 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.090353966 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.090358019 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.090476036 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.092855930 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.092928886 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.092935085 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.093173027 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.095827103 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.095869064 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.095875978 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.095918894 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.098519087 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.098619938 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.098624945 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.098824024 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.101427078 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.101504087 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.101524115 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.101557016 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.101563931 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.101617098 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.104330063 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.104558945 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.104563951 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.104629040 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.108064890 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.108114958 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.113271952 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.113327026 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.113359928 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.113359928 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.113364935 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.113459110 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.114554882 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.114625931 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.114692926 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.114738941 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.141351938 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.141401052 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.141433001 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.141453028 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.141462088 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.141484022 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.141522884 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.141535044 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.141571045 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.141623020 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.141695976 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.141701937 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.141745090 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.142365932 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.142405033 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.142406940 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.142415047 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.142436028 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.142471075 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.143084049 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.143124104 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.143126011 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.143132925 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.143157005 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.143177986 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.143193960 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.143234015 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.148449898 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.148503065 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.149051905 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.149096966 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.149117947 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.149122953 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.149137974 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.149166107 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.150181055 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.150227070 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.150233030 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.150271893 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.153342962 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.153386116 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.153392076 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.153431892 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.154797077 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.154844046 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.154850006 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.154882908 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.157063961 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.157121897 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.157126904 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.157162905 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.159456015 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.159625053 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.159631014 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.159672022 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.161617041 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.161667109 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.161670923 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.161705971 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.163959980 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.164001942 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.164012909 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.164046049 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.166230917 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.166275024 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.166280031 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.166313887 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.168459892 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.168502092 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.168582916 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.168621063 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.170846939 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.170893908 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.170898914 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.170934916 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.173069954 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.173116922 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.173122883 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.173161983 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.173166990 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.173197985 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.175412893 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.175473928 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.175477982 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.175513029 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.180299997 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.180421114 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.180425882 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.180460930 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.181301117 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.181346893 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.181353092 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.181386948 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.185906887 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.185956955 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.186367035 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.186431885 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.186436892 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.186496019 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.187510967 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.187571049 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.187576056 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.187613964 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.194144964 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.194217920 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.194222927 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.194272041 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.208159924 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.208240032 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.208245039 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.208281040 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.212774992 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.212821007 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.212826014 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.212863922 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.213588953 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.213638067 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.213641882 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.213677883 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.215368032 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.215425968 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.215430975 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.215472937 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.217120886 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.217174053 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.217178106 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.217219114 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.220077991 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.220125914 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.220129967 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.220168114 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.222961903 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.223011971 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.223016024 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.223059893 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.223817110 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.223862886 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.223866940 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.223910093 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.225361109 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.225405931 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.225409985 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.225454092 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.226823092 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.226872921 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.226877928 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.226918936 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.228185892 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.228229046 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.228234053 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.228272915 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.229736090 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.229788065 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.229794025 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.229834080 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.233886957 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.233936071 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.233978987 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.234019041 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.234528065 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.234569073 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.234617949 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.234653950 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.235965014 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.236016989 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.236021042 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.236057043 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.237590075 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.237641096 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.237644911 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.237693071 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.239075899 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.239113092 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.239195108 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.239231110 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.240665913 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.240700960 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.240705967 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.240740061 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.241920948 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.241956949 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.242022038 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.242055893 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.243614912 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.243649960 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.243654966 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.243685961 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.247236967 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.247289896 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.247345924 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.247381926 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.247965097 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.248003960 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.248009920 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.248043060 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.249456882 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.249500990 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.249515057 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.249547005 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.250902891 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.250957012 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.250961065 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.251008034 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.256179094 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.256222010 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.256227016 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.256261110 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.256294966 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.256330967 CET | 443 | 49693 | 216.58.206.33 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.256375074 CET | 49693 | 443 | 192.168.2.6 | 216.58.206.33 |
| Mar 7, 2025 21:24:54.858068943 CET | 49694 | 80 | 192.168.2.6 | 193.122.6.168 |
| Mar 7, 2025 21:24:54.864051104 CET | 80 | 49694 | 193.122.6.168 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.864135027 CET | 49694 | 80 | 192.168.2.6 | 193.122.6.168 |
| Mar 7, 2025 21:24:54.864650965 CET | 49694 | 80 | 192.168.2.6 | 193.122.6.168 |
| Mar 7, 2025 21:24:54.869707108 CET | 80 | 49694 | 193.122.6.168 | 192.168.2.6 |
| Mar 7, 2025 21:24:55.571259022 CET | 80 | 49694 | 193.122.6.168 | 192.168.2.6 |
| Mar 7, 2025 21:24:55.622659922 CET | 49694 | 80 | 192.168.2.6 | 193.122.6.168 |
| Mar 7, 2025 21:24:55.896656036 CET | 49694 | 80 | 192.168.2.6 | 193.122.6.168 |
| Mar 7, 2025 21:24:55.901972055 CET | 80 | 49694 | 193.122.6.168 | 192.168.2.6 |
| Mar 7, 2025 21:24:56.085607052 CET | 80 | 49694 | 193.122.6.168 | 192.168.2.6 |
| Mar 7, 2025 21:24:56.138287067 CET | 49694 | 80 | 192.168.2.6 | 193.122.6.168 |
| Mar 7, 2025 21:24:56.739701033 CET | 49695 | 443 | 192.168.2.6 | 104.21.48.1 |
| Mar 7, 2025 21:24:56.739762068 CET | 443 | 49695 | 104.21.48.1 | 192.168.2.6 |
| Mar 7, 2025 21:24:56.739923954 CET | 49695 | 443 | 192.168.2.6 | 104.21.48.1 |
| Mar 7, 2025 21:24:56.742656946 CET | 49695 | 443 | 192.168.2.6 | 104.21.48.1 |
| Mar 7, 2025 21:24:56.742669106 CET | 443 | 49695 | 104.21.48.1 | 192.168.2.6 |
| Mar 7, 2025 21:24:58.529619932 CET | 443 | 49695 | 104.21.48.1 | 192.168.2.6 |
| Mar 7, 2025 21:24:58.529839039 CET | 49695 | 443 | 192.168.2.6 | 104.21.48.1 |
| Mar 7, 2025 21:24:58.533454895 CET | 49695 | 443 | 192.168.2.6 | 104.21.48.1 |
| Mar 7, 2025 21:24:58.533468008 CET | 443 | 49695 | 104.21.48.1 | 192.168.2.6 |
| Mar 7, 2025 21:24:58.533821106 CET | 443 | 49695 | 104.21.48.1 | 192.168.2.6 |
| Mar 7, 2025 21:24:58.536587000 CET | 49695 | 443 | 192.168.2.6 | 104.21.48.1 |
| Mar 7, 2025 21:24:58.584330082 CET | 443 | 49695 | 104.21.48.1 | 192.168.2.6 |
| Mar 7, 2025 21:24:59.010867119 CET | 443 | 49695 | 104.21.48.1 | 192.168.2.6 |
| Mar 7, 2025 21:24:59.010958910 CET | 443 | 49695 | 104.21.48.1 | 192.168.2.6 |
| Mar 7, 2025 21:24:59.011027098 CET | 49695 | 443 | 192.168.2.6 | 104.21.48.1 |
| Mar 7, 2025 21:24:59.174309015 CET | 49695 | 443 | 192.168.2.6 | 104.21.48.1 |
| Mar 7, 2025 21:24:59.287189960 CET | 49694 | 80 | 192.168.2.6 | 193.122.6.168 |
| Mar 7, 2025 21:24:59.292445898 CET | 80 | 49694 | 193.122.6.168 | 192.168.2.6 |
| Mar 7, 2025 21:24:59.476700068 CET | 80 | 49694 | 193.122.6.168 | 192.168.2.6 |
| Mar 7, 2025 21:24:59.528970003 CET | 49694 | 80 | 192.168.2.6 | 193.122.6.168 |
| Mar 7, 2025 21:24:59.618148088 CET | 49696 | 443 | 192.168.2.6 | 104.21.48.1 |
| Mar 7, 2025 21:24:59.618182898 CET | 443 | 49696 | 104.21.48.1 | 192.168.2.6 |
| Mar 7, 2025 21:24:59.618289948 CET | 49696 | 443 | 192.168.2.6 | 104.21.48.1 |
| Mar 7, 2025 21:24:59.618664026 CET | 49696 | 443 | 192.168.2.6 | 104.21.48.1 |
| Mar 7, 2025 21:24:59.618680000 CET | 443 | 49696 | 104.21.48.1 | 192.168.2.6 |
| Mar 7, 2025 21:25:01.387388945 CET | 443 | 49696 | 104.21.48.1 | 192.168.2.6 |
| Mar 7, 2025 21:25:01.397145033 CET | 49696 | 443 | 192.168.2.6 | 104.21.48.1 |
| Mar 7, 2025 21:25:01.397185087 CET | 443 | 49696 | 104.21.48.1 | 192.168.2.6 |
| Mar 7, 2025 21:25:01.952718973 CET | 443 | 49696 | 104.21.48.1 | 192.168.2.6 |
| Mar 7, 2025 21:25:01.952796936 CET | 443 | 49696 | 104.21.48.1 | 192.168.2.6 |
| Mar 7, 2025 21:25:01.952936888 CET | 49696 | 443 | 192.168.2.6 | 104.21.48.1 |
| Mar 7, 2025 21:25:01.953294992 CET | 49696 | 443 | 192.168.2.6 | 104.21.48.1 |
| Mar 7, 2025 21:25:01.962924004 CET | 49694 | 80 | 192.168.2.6 | 193.122.6.168 |
| Mar 7, 2025 21:25:01.964173079 CET | 49697 | 80 | 192.168.2.6 | 193.122.6.168 |
| Mar 7, 2025 21:25:01.970916986 CET | 80 | 49694 | 193.122.6.168 | 192.168.2.6 |
| Mar 7, 2025 21:25:01.970976114 CET | 49694 | 80 | 192.168.2.6 | 193.122.6.168 |
| Mar 7, 2025 21:25:01.971836090 CET | 80 | 49697 | 193.122.6.168 | 192.168.2.6 |
| Mar 7, 2025 21:25:01.971909046 CET | 49697 | 80 | 192.168.2.6 | 193.122.6.168 |
| Mar 7, 2025 21:25:01.972034931 CET | 49697 | 80 | 192.168.2.6 | 193.122.6.168 |
| Mar 7, 2025 21:25:01.979640961 CET | 80 | 49697 | 193.122.6.168 | 192.168.2.6 |
| Mar 7, 2025 21:25:05.830410957 CET | 80 | 49697 | 193.122.6.168 | 192.168.2.6 |
| Mar 7, 2025 21:25:05.833936930 CET | 49697 | 80 | 192.168.2.6 | 193.122.6.168 |
| Mar 7, 2025 21:25:05.835052967 CET | 49698 | 443 | 192.168.2.6 | 104.21.48.1 |
| Mar 7, 2025 21:25:05.835103989 CET | 443 | 49698 | 104.21.48.1 | 192.168.2.6 |
| Mar 7, 2025 21:25:05.837022066 CET | 49698 | 443 | 192.168.2.6 | 104.21.48.1 |
| Mar 7, 2025 21:25:05.837158918 CET | 49698 | 443 | 192.168.2.6 | 104.21.48.1 |
| Mar 7, 2025 21:25:05.837168932 CET | 443 | 49698 | 104.21.48.1 | 192.168.2.6 |
| Mar 7, 2025 21:25:05.839152098 CET | 80 | 49697 | 193.122.6.168 | 192.168.2.6 |
| Mar 7, 2025 21:25:05.839219093 CET | 49697 | 80 | 192.168.2.6 | 193.122.6.168 |
| Mar 7, 2025 21:25:07.571748018 CET | 443 | 49698 | 104.21.48.1 | 192.168.2.6 |
| Mar 7, 2025 21:25:07.622793913 CET | 49698 | 443 | 192.168.2.6 | 104.21.48.1 |
| Mar 7, 2025 21:25:09.417537928 CET | 49698 | 443 | 192.168.2.6 | 104.21.48.1 |
| Mar 7, 2025 21:25:09.417613029 CET | 443 | 49698 | 104.21.48.1 | 192.168.2.6 |
| Mar 7, 2025 21:25:09.833189964 CET | 443 | 49698 | 104.21.48.1 | 192.168.2.6 |
| Mar 7, 2025 21:25:09.833265066 CET | 443 | 49698 | 104.21.48.1 | 192.168.2.6 |
| Mar 7, 2025 21:25:09.833316088 CET | 49698 | 443 | 192.168.2.6 | 104.21.48.1 |
| Mar 7, 2025 21:25:09.833659887 CET | 49698 | 443 | 192.168.2.6 | 104.21.48.1 |
| Mar 7, 2025 21:25:09.837951899 CET | 49699 | 80 | 192.168.2.6 | 193.122.6.168 |
| Mar 7, 2025 21:25:09.843947887 CET | 80 | 49699 | 193.122.6.168 | 192.168.2.6 |
| Mar 7, 2025 21:25:09.844038963 CET | 49699 | 80 | 192.168.2.6 | 193.122.6.168 |
| Mar 7, 2025 21:25:09.844084978 CET | 49699 | 80 | 192.168.2.6 | 193.122.6.168 |
| Mar 7, 2025 21:25:09.849982977 CET | 80 | 49699 | 193.122.6.168 | 192.168.2.6 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Mar 7, 2025 21:24:45.378933907 CET | 59810 | 53 | 192.168.2.6 | 1.1.1.1 |
| Mar 7, 2025 21:24:45.386387110 CET | 53 | 59810 | 1.1.1.1 | 192.168.2.6 |
| Mar 7, 2025 21:24:48.827749968 CET | 52017 | 53 | 192.168.2.6 | 1.1.1.1 |
| Mar 7, 2025 21:24:48.836549044 CET | 53 | 52017 | 1.1.1.1 | 192.168.2.6 |
| Mar 7, 2025 21:24:54.841675043 CET | 63458 | 53 | 192.168.2.6 | 1.1.1.1 |
| Mar 7, 2025 21:24:54.849776983 CET | 53 | 63458 | 1.1.1.1 | 192.168.2.6 |
| Mar 7, 2025 21:24:56.620649099 CET | 58141 | 53 | 192.168.2.6 | 1.1.1.1 |
| Mar 7, 2025 21:24:56.738864899 CET | 53 | 58141 | 1.1.1.1 | 192.168.2.6 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Mar 7, 2025 21:24:45.378933907 CET | 192.168.2.6 | 1.1.1.1 | 0x4819 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Mar 7, 2025 21:24:48.827749968 CET | 192.168.2.6 | 1.1.1.1 | 0xfc6b | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Mar 7, 2025 21:24:54.841675043 CET | 192.168.2.6 | 1.1.1.1 | 0x64e1 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Mar 7, 2025 21:24:56.620649099 CET | 192.168.2.6 | 1.1.1.1 | 0x34ad | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Mar 7, 2025 21:24:45.386387110 CET | 1.1.1.1 | 192.168.2.6 | 0x4819 | No error (0) | 142.250.185.142 | A (IP address) | IN (0x0001) | false | ||
| Mar 7, 2025 21:24:48.836549044 CET | 1.1.1.1 | 192.168.2.6 | 0xfc6b | No error (0) | 216.58.206.33 | A (IP address) | IN (0x0001) | false | ||
| Mar 7, 2025 21:24:54.849776983 CET | 1.1.1.1 | 192.168.2.6 | 0x64e1 | No error (0) | checkip.dyndns.com | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 7, 2025 21:24:54.849776983 CET | 1.1.1.1 | 192.168.2.6 | 0x64e1 | No error (0) | 193.122.6.168 | A (IP address) | IN (0x0001) | false | ||
| Mar 7, 2025 21:24:54.849776983 CET | 1.1.1.1 | 192.168.2.6 | 0x64e1 | No error (0) | 193.122.130.0 | A (IP address) | IN (0x0001) | false | ||
| Mar 7, 2025 21:24:54.849776983 CET | 1.1.1.1 | 192.168.2.6 | 0x64e1 | No error (0) | 132.226.8.169 | A (IP address) | IN (0x0001) | false | ||
| Mar 7, 2025 21:24:54.849776983 CET | 1.1.1.1 | 192.168.2.6 | 0x64e1 | No error (0) | 158.101.44.242 | A (IP address) | IN (0x0001) | false | ||
| Mar 7, 2025 21:24:54.849776983 CET | 1.1.1.1 | 192.168.2.6 | 0x64e1 | No error (0) | 132.226.247.73 | A (IP address) | IN (0x0001) | false | ||
| Mar 7, 2025 21:24:56.738864899 CET | 1.1.1.1 | 192.168.2.6 | 0x34ad | No error (0) | 104.21.48.1 | A (IP address) | IN (0x0001) | false | ||
| Mar 7, 2025 21:24:56.738864899 CET | 1.1.1.1 | 192.168.2.6 | 0x34ad | No error (0) | 104.21.16.1 | A (IP address) | IN (0x0001) | false | ||
| Mar 7, 2025 21:24:56.738864899 CET | 1.1.1.1 | 192.168.2.6 | 0x34ad | No error (0) | 104.21.112.1 | A (IP address) | IN (0x0001) | false | ||
| Mar 7, 2025 21:24:56.738864899 CET | 1.1.1.1 | 192.168.2.6 | 0x34ad | No error (0) | 104.21.96.1 | A (IP address) | IN (0x0001) | false | ||
| Mar 7, 2025 21:24:56.738864899 CET | 1.1.1.1 | 192.168.2.6 | 0x34ad | No error (0) | 104.21.80.1 | A (IP address) | IN (0x0001) | false | ||
| Mar 7, 2025 21:24:56.738864899 CET | 1.1.1.1 | 192.168.2.6 | 0x34ad | No error (0) | 104.21.32.1 | A (IP address) | IN (0x0001) | false | ||
| Mar 7, 2025 21:24:56.738864899 CET | 1.1.1.1 | 192.168.2.6 | 0x34ad | No error (0) | 104.21.64.1 | A (IP address) | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.6 | 49694 | 193.122.6.168 | 80 | 6284 | C:\Users\user\Desktop\NDCNDvC27F.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Mar 7, 2025 21:24:54.864650965 CET | 151 | OUT | |
| Mar 7, 2025 21:24:55.571259022 CET | 273 | IN | |
| Mar 7, 2025 21:24:55.896656036 CET | 127 | OUT | |
| Mar 7, 2025 21:24:56.085607052 CET | 273 | IN | |
| Mar 7, 2025 21:24:59.287189960 CET | 127 | OUT | |
| Mar 7, 2025 21:24:59.476700068 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.6 | 49697 | 193.122.6.168 | 80 | 6284 | C:\Users\user\Desktop\NDCNDvC27F.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Mar 7, 2025 21:25:01.972034931 CET | 127 | OUT | |
| Mar 7, 2025 21:25:05.830410957 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port |
|---|---|---|---|---|
| 2 | 192.168.2.6 | 49699 | 193.122.6.168 | 80 |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Mar 7, 2025 21:25:09.844084978 CET | 151 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.6 | 49692 | 142.250.185.142 | 443 | 6284 | C:\Users\user\Desktop\NDCNDvC27F.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-07 20:24:48 UTC | 216 | OUT | |
| 2025-03-07 20:24:48 UTC | 1610 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.6 | 49693 | 216.58.206.33 | 443 | 6284 | C:\Users\user\Desktop\NDCNDvC27F.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-07 20:24:50 UTC | 258 | OUT | |
| 2025-03-07 20:24:53 UTC | 5030 | IN | |
| 2025-03-07 20:24:53 UTC | 5030 | IN | |
| 2025-03-07 20:24:53 UTC | 4634 | IN | |
| 2025-03-07 20:24:53 UTC | 1326 | IN | |
| 2025-03-07 20:24:53 UTC | 1378 | IN | |
| 2025-03-07 20:24:53 UTC | 1378 | IN | |
| 2025-03-07 20:24:53 UTC | 1378 | IN | |
| 2025-03-07 20:24:53 UTC | 1378 | IN | |
| 2025-03-07 20:24:53 UTC | 1378 | IN | |
| 2025-03-07 20:24:53 UTC | 1378 | IN | |
| 2025-03-07 20:24:53 UTC | 1378 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 2 | 192.168.2.6 | 49695 | 104.21.48.1 | 443 | 6284 | C:\Users\user\Desktop\NDCNDvC27F.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-07 20:24:58 UTC | 85 | OUT | |
| 2025-03-07 20:24:59 UTC | 870 | IN | |
| 2025-03-07 20:24:59 UTC | 362 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 3 | 192.168.2.6 | 49696 | 104.21.48.1 | 443 | 6284 | C:\Users\user\Desktop\NDCNDvC27F.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-07 20:25:01 UTC | 61 | OUT | |
| 2025-03-07 20:25:01 UTC | 856 | IN | |
| 2025-03-07 20:25:01 UTC | 362 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 4 | 192.168.2.6 | 49698 | 104.21.48.1 | 443 | 6284 | C:\Users\user\Desktop\NDCNDvC27F.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-07 20:25:09 UTC | 85 | OUT | |
| 2025-03-07 20:25:09 UTC | 855 | IN | |
| 2025-03-07 20:25:09 UTC | 362 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 15:22:59 |
| Start date: | 07/03/2025 |
| Path: | C:\Users\user\Desktop\NDCNDvC27F.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 1'016'632 bytes |
| MD5 hash: | 429E48D78BF4BF8403C99C46E6514840 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
| Has exited: | true |
| Target ID: | 9 |
| Start time: | 15:24:38 |
| Start date: | 07/03/2025 |
| Path: | C:\Users\user\Desktop\NDCNDvC27F.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 1'016'632 bytes |
| MD5 hash: | 429E48D78BF4BF8403C99C46E6514840 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
| Has exited: | false |