Edit tour
Windows
Analysis Report
GuuQOl5kJR.exe
Overview
General Information
| Sample name: | GuuQOl5kJR.exerenamed because original name is a hash value |
| Original sample name: | ada032dd81e29c0b738bab536c8e240ea7cd87f29a14f98ac7302bb93251833c.exe |
| Analysis ID: | 1632365 |
| MD5: | e9c0c56c4a52c53407de85b33e496e75 |
| SHA1: | a75d2673332707c56b0c8db8416925d771a9e47f |
| SHA256: | ada032dd81e29c0b738bab536c8e240ea7cd87f29a14f98ac7302bb93251833c |
| Tags: | exeVIPKeyloggeruser-adrian__luca |
| Infos: |  |
 | |
Detection
GuLoader, Snake Keylogger
| Score: | 100 |
| Range: | 0 - 100 |
| Confidence: | 100% |
Signatures
Antivirus / Scanner detection for submitted sample
Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected GuLoader
Yara detected Snake Keylogger
Joe Sandbox ML detected suspicious sample
Switches to a custom stack to bypass stack traces
Tries to detect the country of the analysis system (by using the IP)
Tries to detect virtualization through RDTSC time measurements
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses the Telegram API (likely for C&C communication)
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality for read data from the clipboard
Contains functionality to dynamically determine API calls
Contains functionality to shutdown / reboot the system
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Stores files to the Windows start menu directory
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer
Classification
- System is w10x64
GuuQOl5kJR.exe (PID: 7056 cmdline: "C:\Users\ user\Deskt op\GuuQOl5 kJR.exe" MD5: E9C0C56C4A52C53407DE85B33E496E75) - GuuQOl5kJR.exe (PID: 2072 cmdline:
"C:\Users\ user\Deskt op\GuuQOl5 kJR.exe" MD5: E9C0C56C4A52C53407DE85B33E496E75)
- cleanup
| Name | Description | Attribution | Blogpost URLs | Link |
|---|---|---|---|---|
| CloudEyE, GuLoader | CloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored. | No Attribution |
| Name | Description | Attribution | Blogpost URLs | Link |
|---|---|---|---|---|
| 404 Keylogger, Snake Keylogger | Snake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram. | No Attribution |
{"Exfil Mode": "Telegram", "Token": "7985048972:AAETw71DlbcHqzvtl1F1nkzl_0aMbnCis_c", "Chat_id": "7794818739", "Version": "4.4"}| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_SnakeKeylogger | Yara detected Snake Keylogger | Joe Security | ||
| JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security | ||
| JoeSecurity_GuLoader_3 | Yara detected GuLoader | Joe Security | ||
| JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security |
⊘No Sigma rule has matched
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-03-07T22:54:27.067551+0100 | 2803305 | 3 | Unknown Traffic | 192.168.2.10 | 49699 | 104.21.64.1 | 443 | TCP |
| 2025-03-07T22:54:30.249316+0100 | 2803305 | 3 | Unknown Traffic | 192.168.2.10 | 49701 | 104.21.64.1 | 443 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-03-07T22:54:21.637546+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.10 | 49697 | 132.226.247.73 | 80 | TCP |
| 2025-03-07T22:54:24.653292+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.10 | 49697 | 132.226.247.73 | 80 | TCP |
| 2025-03-07T22:54:27.825065+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.10 | 49700 | 132.226.247.73 | 80 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-03-07T22:54:12.041953+0100 | 2803270 | 2 | Potentially Bad Traffic | 192.168.2.10 | 49695 | 142.250.181.238 | 443 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-03-07T22:54:52.636499+0100 | 1810007 | 1 | Potentially Bad Traffic | 192.168.2.10 | 49714 | 149.154.167.220 | 443 | TCP |
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | Avira: | ||
| Source: | Malware Configuration Extractor: | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | ReversingLabs: | |||
| Source: | Integrated Neural Analysis Model: | ||
Location Tracking | |
|---|
| Source: | DNS query: | ||
| Source: | Code function: | 9_2_0310E590 | |
| Source: | Code function: | 9_2_0310ECE8 | |
| Source: | Static PE information: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Code function: | 0_2_0040276E | |
| Source: | Code function: | 0_2_00405770 | |
| Source: | Code function: | 0_2_0040622B | |
| Source: | Code function: | 9_2_0040276E | |
| Source: | Code function: | 9_2_00405770 | |
| Source: | Code function: | 9_2_0040622B | |
| Source: | Code function: | 9_2_0307F2C0 | |
| Source: | Code function: | 9_2_0307F4AC | |
| Source: | Code function: | 9_2_0307F960 | |
| Source: | Code function: | 9_2_03101B90 | |
| Source: | Code function: | 9_2_0310D970 | |
| Source: | Code function: | 9_2_03101730 | |
| Source: | Code function: | 9_2_0310EDA8 | |
| Source: | Code function: | 9_2_03101B8A | |
| Source: | Code function: | 9_2_0310BBC8 | |
| Source: | Code function: | 9_2_0310CA10 | |
| Source: | Code function: | 9_2_0310FA48 | |
| Source: | Code function: | 9_2_0310D2E8 | |
| Source: | Code function: | 9_2_03100853 | |
| Source: | Code function: | 9_2_03100040 | |
| Source: | Code function: | 9_2_0310C048 | |
| Source: | Code function: | 9_2_03100673 | |
| Source: | Code function: | 9_2_0310CE68 | |
| Source: | Code function: | 9_2_03101ED6 | |
| Source: | Code function: | 9_2_0310F5B8 | |
| Source: | Code function: | 9_2_0310C5B8 | |
| Source: | Code function: | 9_2_0313A388 | |
| Source: | Code function: | 9_2_03139C68 | |
| Source: | Code function: | 9_2_03131710 | |
| Source: | Code function: | 9_2_0313AD18 | |
| Source: | Code function: | 9_2_03133700 | |
| Source: | Code function: | 9_2_0313C500 | |
| Source: | Code function: | 9_2_03137B38 | |
| Source: | Code function: | 9_2_03132950 | |
| Source: | Code function: | 9_2_0313D358 | |
| Source: | Code function: | 9_2_03134940 | |
| Source: | Code function: | 9_2_0313EB40 | |
| Source: | Code function: | 9_2_03135B48 | |
| Source: | Code function: | 9_2_03139348 | |
| Source: | Code function: | 9_2_0313BB70 | |
| Source: | Code function: | 9_2_03130960 | |
| Source: | Code function: | 9_2_03133B90 | |
| Source: | Code function: | 9_2_0313F998 | |
| Source: | Code function: | 9_2_03136D88 | |
| Source: | Code function: | 9_2_0313E1B0 | |
| Source: | Code function: | 9_2_03131BA0 | |
| Source: | Code function: | 9_2_03134DD0 | |
| Source: | Code function: | 9_2_03135FD8 | |
| Source: | Code function: | 9_2_031397D8 | |
| Source: | Code function: | 9_2_03137FC8 | |
| Source: | Code function: | 9_2_0313C9C8 | |
| Source: | Code function: | 9_2_03130DF0 | |
| Source: | Code function: | 9_2_03132DE0 | |
| Source: | Code function: | 9_2_0313B1E0 | |
| Source: | Code function: | 9_2_03137218 | |
| Source: | Code function: | 9_2_0313F008 | |
| Source: | Code function: | 9_2_03132030 | |
| Source: | Code function: | 9_2_0313C038 | |
| Source: | Code function: | 9_2_03134020 | |
| Source: | Code function: | 9_2_0313D820 | |
| Source: | Code function: | 9_2_03138A28 | |
| Source: | Code function: | 9_2_0313A850 | |
| Source: | Code function: | 9_2_03138458 | |
| Source: | Code function: | 9_2_03130040 | |
| Source: | Code function: | 9_2_03133270 | |
| Source: | Code function: | 9_2_0313E678 | |
| Source: | Code function: | 9_2_03135260 | |
| Source: | Code function: | 9_2_03136468 | |
| Source: | Code function: | 9_2_0313CE90 | |
| Source: | Code function: | 9_2_03131280 | |
| Source: | Code function: | 9_2_031344B0 | |
| Source: | Code function: | 9_2_03138EB8 | |
| Source: | Code function: | 9_2_031376A8 | |
| Source: | Code function: | 9_2_0313B6A8 | |
| Source: | Code function: | 9_2_031304D0 | |
| Source: | Code function: | 9_2_0313F4D0 | |
| Source: | Code function: | 9_2_031324C0 | |
| Source: | Code function: | 9_2_031356F0 | |
| Source: | Code function: | 9_2_031368F8 | |
| Source: | Code function: | 9_2_0313DCE8 | |
| Source: | Code function: | 9_2_03165B18 | |
| Source: | Code function: | 9_2_03160508 | |
| Source: | Code function: | 9_2_03164330 | |
| Source: | Code function: | 9_2_03162B48 | |
| Source: | Code function: | 9_2_03161360 | |
| Source: | Code function: | 9_2_03165188 | |
| Source: | Code function: | 9_2_031621B8 | |
| Source: | Code function: | 9_2_031639A0 | |
| Source: | Code function: | 9_2_031609D0 | |
| Source: | Code function: | 9_2_031647F8 | |
| Source: | Code function: | 9_2_03163010 | |
| Source: | Code function: | 9_2_03161828 | |
| Source: | Code function: | 9_2_03165650 | |
| Source: | Code function: | 9_2_03160040 | |
| Source: | Code function: | 9_2_03163E68 | |
| Source: | Code function: | 9_2_03160E98 | |
| Source: | Code function: | 9_2_03162680 | |
| Source: | Code function: | 9_2_031634D8 | |
| Source: | Code function: | 9_2_03164CC0 | |
| Source: | Code function: | 9_2_03161CF0 | |
| Source: | Code function: | 9_2_03583D08 | |
| Source: | Code function: | 9_2_03583CF8 | |
Networking | |
|---|
| Source: | Suricata IDS: | ||
| Source: | DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | JA3 fingerprint: | ||
| Source: | JA3 fingerprint: | ||
| Source: | JA3 fingerprint: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Code function: | 0_2_004052D1 | |
| Source: | Code function: | 0_2_00403358 | |
| Source: | Code function: | 9_2_00403358 | |
| Source: | File created: | Jump to behavior | ||
| Source: | Code function: | 0_2_00404B0E | |
| Source: | Code function: | 0_2_0040653D | |
| Source: | Code function: | 9_2_00404B0E | |
| Source: | Code function: | 9_2_0040653D | |
| Source: | Code function: | 9_2_03075370 | |
| Source: | Code function: | 9_2_0307D278 | |
| Source: | Code function: | 9_2_0307C147 | |
| Source: | Code function: | 9_2_0307C738 | |
| Source: | Code function: | 9_2_0307C46F | |
| Source: | Code function: | 9_2_0307CA08 | |
| Source: | Code function: | 9_2_0307E988 | |
| Source: | Code function: | 9_2_030769A0 | |
| Source: | Code function: | 9_2_0307CFAA | |
| Source: | Code function: | 9_2_03076FC8 | |
| Source: | Code function: | 9_2_03079DE0 | |
| Source: | Code function: | 9_2_0307CCD8 | |
| Source: | Code function: | 9_2_0307F960 | |
| Source: | Code function: | 9_2_0307E97A | |
| Source: | Code function: | 9_2_030729E0 | |
| Source: | Code function: | 9_2_03100BA8 | |
| Source: | Code function: | 9_2_0310D970 | |
| Source: | Code function: | 9_2_031080E8 | |
| Source: | Code function: | 9_2_03101730 | |
| Source: | Code function: | 9_2_0310DFC8 | |
| Source: | Code function: | 9_2_0310EDA8 | |
| Source: | Code function: | 9_2_03103DE8 | |
| Source: | Code function: | 9_2_03108308 | |
| Source: | Code function: | 9_2_03100B99 | |
| Source: | Code function: | 9_2_0310BBB8 | |
| Source: | Code function: | 9_2_0310BBC8 | |
| Source: | Code function: | 9_2_0310CA10 | |
| Source: | Code function: | 9_2_0310CA01 | |
| Source: | Code function: | 9_2_0310CA0F | |
| Source: | Code function: | 9_2_0310FA38 | |
| Source: | Code function: | 9_2_0310FA48 | |
| Source: | Code function: | 9_2_0310D2D9 | |
| Source: | Code function: | 9_2_0310D2E8 | |
| Source: | Code function: | 9_2_03107950 | |
| Source: | Code function: | 9_2_03107960 | |
| Source: | Code function: | 9_2_0310D960 | |
| Source: | Code function: | 9_2_0310D96F | |
| Source: | Code function: | 9_2_031089D8 | |
| Source: | Code function: | 9_2_0310001F | |
| Source: | Code function: | 9_2_03100040 | |
| Source: | Code function: | 9_2_0310C048 | |
| Source: | Code function: | 9_2_03101720 | |
| Source: | Code function: | 9_2_0310CE58 | |
| Source: | Code function: | 9_2_0310CE68 | |
| Source: | Code function: | 9_2_0310ED99 | |
| Source: | Code function: | 9_2_0310F5B8 | |
| Source: | Code function: | 9_2_0310C5B8 | |
| Source: | Code function: | 9_2_0310F5A7 | |
| Source: | Code function: | 9_2_0310C5A8 | |
| Source: | Code function: | 9_2_03103DD9 | |
| Source: | Code function: | 9_2_0313A388 | |
| Source: | Code function: | 9_2_03139C68 | |
| Source: | Code function: | 9_2_03131710 | |
| Source: | Code function: | 9_2_0313AD18 | |
| Source: | Code function: | 9_2_03133700 | |
| Source: | Code function: | 9_2_0313C500 | |
| Source: | Code function: | 9_2_03131700 | |
| Source: | Code function: | 9_2_0313AD08 | |
| Source: | Code function: | 9_2_03134932 | |
| Source: | Code function: | 9_2_0313EB31 | |
| Source: | Code function: | 9_2_03139337 | |
| Source: | Code function: | 9_2_03135B39 | |
| Source: | Code function: | 9_2_03137B38 | |
| Source: | Code function: | 9_2_03137B28 | |
| Source: | Code function: | 9_2_03132950 | |
| Source: | Code function: | 9_2_0313D358 | |
| Source: | Code function: | 9_2_03134940 | |
| Source: | Code function: | 9_2_0313EB40 | |
| Source: | Code function: | 9_2_0313D347 | |
| Source: | Code function: | 9_2_03135B48 | |
| Source: | Code function: | 9_2_03139348 | |
| Source: | Code function: | 9_2_03132948 | |
| Source: | Code function: | 9_2_0313094F | |
| Source: | Code function: | 9_2_0313BB70 | |
| Source: | Code function: | 9_2_03136D79 | |
| Source: | Code function: | 9_2_0313A378 | |
| Source: | Code function: | 9_2_03130960 | |
| Source: | Code function: | 9_2_0313BB60 | |
| Source: | Code function: | 9_2_03133B90 | |
| Source: | Code function: | 9_2_03131B90 | |
| Source: | Code function: | 9_2_0313F998 | |
| Source: | Code function: | 9_2_03133B80 | |
| Source: | Code function: | 9_2_0313F987 | |
| Source: | Code function: | 9_2_03136D88 | |
| Source: | Code function: | 9_2_0313E1B0 | |
| Source: | Code function: | 9_2_03137FB7 | |
| Source: | Code function: | 9_2_0313C9B8 | |
| Source: | Code function: | 9_2_03134DBF | |
| Source: | Code function: | 9_2_03131BA0 | |
| Source: | Code function: | 9_2_0313E1A0 | |
| Source: | Code function: | 9_2_0313B1D1 | |
| Source: | Code function: | 9_2_03134DD0 | |
| Source: | Code function: | 9_2_03132DD0 | |
| Source: | Code function: | 9_2_03135FD8 | |
| Source: | Code function: | 9_2_031397D8 | |
| Source: | Code function: | 9_2_031397C9 | |
| Source: | Code function: | 9_2_03137FC8 | |
| Source: | Code function: | 9_2_0313C9C8 | |
| Source: | Code function: | 9_2_03135FC8 | |
| Source: | Code function: | 9_2_03130DF0 | |
| Source: | Code function: | 9_2_0313EFF7 | |
| Source: | Code function: | 9_2_03132DE0 | |
| Source: | Code function: | 9_2_0313B1E0 | |
| Source: | Code function: | 9_2_03130DE0 | |
| Source: | Code function: | 9_2_03137218 | |
| Source: | Code function: | 9_2_03138A1C | |
| Source: | Code function: | 9_2_03130006 | |
| Source: | Code function: | 9_2_0313720B | |
| Source: | Code function: | 9_2_0313F008 | |
| Source: | Code function: | 9_2_0313400F | |
| Source: | Code function: | 9_2_0313D80F | |
| Source: | Code function: | 9_2_03132030 | |
| Source: | Code function: | 9_2_0313C038 | |
| Source: | Code function: | 9_2_03134020 | |
| Source: | Code function: | 9_2_0313D820 | |
| Source: | Code function: | 9_2_03132026 | |
| Source: | Code function: | 9_2_03138A28 | |
| Source: | Code function: | 9_2_0313C028 | |
| Source: | Code function: | 9_2_0313A850 | |
| Source: | Code function: | 9_2_03138458 | |
| Source: | Code function: | 9_2_03136458 | |
| Source: | Code function: | 9_2_03139C58 | |
| Source: | Code function: | 9_2_03130040 | |
| Source: | Code function: | 9_2_0313A840 | |
| Source: | Code function: | 9_2_03138448 | |
| Source: | Code function: | 9_2_0313524F | |
| Source: | Code function: | 9_2_03133270 | |
| Source: | Code function: | 9_2_03131270 | |
| Source: | Code function: | 9_2_0313E678 | |
| Source: | Code function: | 9_2_03133262 | |
| Source: | Code function: | 9_2_03135260 | |
| Source: | Code function: | 9_2_03136468 | |
| Source: | Code function: | 9_2_0313E668 | |
| Source: | Code function: | 9_2_0313CE90 | |
| Source: | Code function: | 9_2_0313B697 | |
| Source: | Code function: | 9_2_03137698 | |
| Source: | Code function: | 9_2_0313CE81 | |
| Source: | Code function: | 9_2_03131280 | |
| Source: | Code function: | 9_2_031344B0 | |
| Source: | Code function: | 9_2_031324B0 | |
| Source: | Code function: | 9_2_03138EB8 | |
| Source: | Code function: | 9_2_031344A0 | |
| Source: | Code function: | 9_2_031376A8 | |
| Source: | Code function: | 9_2_0313B6A8 | |
| Source: | Code function: | 9_2_03138EA8 | |
| Source: | Code function: | 9_2_031304D0 | |
| Source: | Code function: | 9_2_0313F4D0 | |
| Source: | Code function: | 9_2_0313DCD7 | |
| Source: | Code function: | 9_2_031324C0 | |
| Source: | Code function: | 9_2_031304C0 | |
| Source: | Code function: | 9_2_0313F4C0 | |
| Source: | Code function: | 9_2_0313C4F1 | |
| Source: | Code function: | 9_2_031356F0 | |
| Source: | Code function: | 9_2_031368F8 | |
| Source: | Code function: | 9_2_031356E0 | |
| Source: | Code function: | 9_2_0313DCE8 | |
| Source: | Code function: | 9_2_031368E8 | |
| Source: | Code function: | 9_2_031336EF | |
| Source: | Code function: | 9_2_03165B18 | |
| Source: | Code function: | 9_2_03160508 | |
| Source: | Code function: | 9_2_0316C298 | |
| Source: | Code function: | 9_2_0316431F | |
| Source: | Code function: | 9_2_0316CF18 | |
| Source: | Code function: | 9_2_03165B08 | |
| Source: | Code function: | 9_2_03164330 | |
| Source: | Code function: | 9_2_0316EB38 | |
| Source: | Code function: | 9_2_03162B38 | |
| Source: | Code function: | 9_2_0316D558 | |
| Source: | Code function: | 9_2_0316134F | |
| Source: | Code function: | 9_2_03162B48 | |
| Source: | Code function: | 9_2_0316F178 | |
| Source: | Code function: | 9_2_03165178 | |
| Source: | Code function: | 9_2_03161360 | |
| Source: | Code function: | 9_2_03163990 | |
| Source: | Code function: | 9_2_0316DB98 | |
| Source: | Code function: | 9_2_03165188 | |
| Source: | Code function: | 9_2_0316F7B8 | |
| Source: | Code function: | 9_2_031621B8 | |
| Source: | Code function: | 9_2_0316C5B8 | |
| Source: | Code function: | 9_2_031621A7 | |
| Source: | Code function: | 9_2_031639A0 | |
| Source: | Code function: | 9_2_031609D0 | |
| Source: | Code function: | 9_2_0316E1D8 | |
| Source: | Code function: | 9_2_031609C1 | |
| Source: | Code function: | 9_2_031647F8 | |
| Source: | Code function: | 9_2_0316CBF8 | |
| Source: | Code function: | 9_2_031647E9 | |
| Source: | Code function: | 9_2_03161817 | |
| Source: | Code function: | 9_2_03163010 | |
| Source: | Code function: | 9_2_0316E818 | |
| Source: | Code function: | 9_2_03160006 | |
| Source: | Code function: | 9_2_03163003 | |
| Source: | Code function: | 9_2_0316563F | |
| Source: | Code function: | 9_2_0316D238 | |
| Source: | Code function: | 9_2_03161828 | |
| Source: | Code function: | 9_2_0316D228 | |
| Source: | Code function: | 9_2_03165650 | |
| Source: | Code function: | 9_2_0316EE58 | |
| Source: | Code function: | 9_2_03163E58 | |
| Source: | Code function: | 9_2_03160040 | |
| Source: | Code function: | 9_2_03162670 | |
| Source: | Code function: | 9_2_0316D878 | |
| Source: | Code function: | 9_2_03163E68 | |
| Source: | Code function: | 9_2_03160E98 | |
| Source: | Code function: | 9_2_0316F498 | |
| Source: | Code function: | 9_2_03162680 | |
| Source: | Code function: | 9_2_03160E89 | |
| Source: | Code function: | 9_2_0316DEB8 | |
| Source: | Code function: | 9_2_03164CAF | |
| Source: | Code function: | 9_2_03161CDF | |
| Source: | Code function: | 9_2_031634D8 | |
| Source: | Code function: | 9_2_0316C8D8 | |
| Source: | Code function: | 9_2_0316FAD8 | |
| Source: | Code function: | 9_2_031634C7 | |
| Source: | Code function: | 9_2_03164CC0 | |
| Source: | Code function: | 9_2_03161CF0 | |
| Source: | Code function: | 9_2_031604FB | |
| Source: | Code function: | 9_2_0316E4F8 | |
| Source: | Code function: | 9_2_0356B580 | |
| Source: | Code function: | 9_2_03563BA0 | |
| Source: | Code function: | 9_2_03563EC0 | |
| Source: | Code function: | 9_2_03561940 | |
| Source: | Code function: | 9_2_03564B40 | |
| Source: | Code function: | 9_2_03567D40 | |
| Source: | Code function: | 9_2_0356AF40 | |
| Source: | Code function: | 9_2_03561F70 | |
| Source: | Code function: | 9_2_03560360 | |
| Source: | Code function: | 9_2_03563560 | |
| Source: | Code function: | 9_2_03566760 | |
| Source: | Code function: | 9_2_03569960 | |
| Source: | Code function: | 9_2_03567700 | |
| Source: | Code function: | 9_2_03564500 | |
| Source: | Code function: | 9_2_03561300 | |
| Source: | Code function: | 9_2_0356A900 | |
| Source: | Code function: | 9_2_03569320 | |
| Source: | Code function: | 9_2_03566120 | |
| Source: | Code function: | 9_2_03562F20 | |
| Source: | Code function: | 9_2_035689C0 | |
| Source: | Code function: | 9_2_035657C0 | |
| Source: | Code function: | 9_2_035625C0 | |
| Source: | Code function: | 9_2_0356A5E0 | |
| Source: | Code function: | 9_2_035673E0 | |
| Source: | Code function: | 9_2_035641E0 | |
| Source: | Code function: | 9_2_03560FE0 | |
| Source: | Code function: | 9_2_03568380 | |
| Source: | Code function: | 9_2_03565180 | |
| Source: | Code function: | 9_2_03561F80 | |
| Source: | Code function: | 9_2_03569FA0 | |
| Source: | Code function: | 9_2_03566DA0 | |
| Source: | Code function: | 9_2_035609A0 | |
| Source: | Code function: | 9_2_035625AF | |
| Source: | Code function: | 9_2_03560040 | |
| Source: | Code function: | 9_2_03563240 | |
| Source: | Code function: | 9_2_03566440 | |
| Source: | Code function: | 9_2_03569640 | |
| Source: | Code function: | 9_2_03561C60 | |
| Source: | Code function: | 9_2_03564E60 | |
| Source: | Code function: | 9_2_03568060 | |
| Source: | Code function: | 9_2_0356B260 | |
| Source: | Code function: | 9_2_03567A10 | |
| Source: | Code function: | 9_2_03560006 | |
| Source: | Code function: | 9_2_03569000 | |
| Source: | Code function: | 9_2_03565E00 | |
| Source: | Code function: | 9_2_03562C00 | |
| Source: | Code function: | 9_2_0356AC20 | |
| Source: | Code function: | 9_2_03567A20 | |
| Source: | Code function: | 9_2_03564820 | |
| Source: | Code function: | 9_2_03561620 | |
| Source: | Code function: | 9_2_035670C0 | |
| Source: | Code function: | 9_2_03560CC0 | |
| Source: | Code function: | 9_2_0356A2C0 | |
| Source: | Code function: | 9_2_03568CE0 | |
| Source: | Code function: | 9_2_03565AE0 | |
| Source: | Code function: | 9_2_035628E0 | |
| Source: | Code function: | 9_2_03569C80 | |
| Source: | Code function: | 9_2_03566A80 | |
| Source: | Code function: | 9_2_03563880 | |
| Source: | Code function: | 9_2_03560680 | |
| Source: | Code function: | 9_2_0356228F | |
| Source: | Code function: | 9_2_035686A0 | |
| Source: | Code function: | 9_2_035654A0 | |
| Source: | Code function: | 9_2_035622A0 | |
| Source: | Code function: | 9_2_03581C90 | |
| Source: | Code function: | 9_2_03583480 | |
| Source: | Code function: | 9_2_03583470 | |
| Source: | Code function: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Static PE information: | ||
| Source: | Classification label: | ||
| Source: | Code function: | 0_2_004045C8 | |
| Source: | Code function: | 0_2_0040206A | |
| Source: | File created: | Jump to behavior | ||
| Source: | Mutant created: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Virustotal: | ||
| Source: | ReversingLabs: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | File written: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
Data Obfuscation | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | Code function: | 0_2_00406252 | |
| Source: | Code function: | 0_2_10002DDE | |
| Source: | Code function: | 9_3_030BEEA9 | |
| Source: | Code function: | 9_3_030BEE65 | |
| Source: | Code function: | 9_3_030BCF4D | |
| Source: | Code function: | 9_2_03079D55 | |
| Source: | Code function: | 9_2_03102C49 | |
| Source: | Code function: | 9_2_03132025 | |
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
Malware Analysis System Evasion | |
|---|
| Source: | API/Special instruction interceptor: | ||
| Source: | API/Special instruction interceptor: | ||
| Source: | RDTSC instruction interceptor: | ||
| Source: | RDTSC instruction interceptor: | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | API coverage: | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Code function: | 0_2_0040276E | |
| Source: | Code function: | 0_2_00405770 | |
| Source: | Code function: | 0_2_0040622B | |
| Source: | Code function: | 9_2_0040276E | |
| Source: | Code function: | 9_2_00405770 | |
| Source: | Code function: | 9_2_0040622B | |
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | API call chain: | graph_0-4509 | ||
| Source: | API call chain: | graph_0-4513 | ||
| Source: | Code function: | 0_2_00406252 | |
| Source: | Process token adjusted: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Code function: | 0_2_00405F0A | |
| Source: | Key value queried: | Jump to behavior | ||
Stealing of Sensitive Information | |
|---|
| Source: | File source: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | File source: | ||
Remote Access Functionality | |
|---|
| Source: | File source: | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Native API | 1 Registry Run Keys / Startup Folder | 11 Process Injection | 11 Masquerading | 1 OS Credential Dumping | 21 Security Software Discovery | Remote Services | 1 Email Collection | 1 Web Service | Exfiltration Over Other Network Medium | 1 System Shutdown/Reboot |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | 1 DLL Side-Loading | 1 Registry Run Keys / Startup Folder | 1 Disable or Modify Tools | LSASS Memory | 31 Virtualization/Sandbox Evasion | Remote Desktop Protocol | 1 Archive Collected Data | 21 Encrypted Channel | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 1 DLL Side-Loading | 31 Virtualization/Sandbox Evasion | Security Account Manager | 1 Application Window Discovery | SMB/Windows Admin Shares | 1 Data from Local System | 3 Ingress Tool Transfer | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 11 Process Injection | NTDS | 1 System Network Configuration Discovery | Distributed Component Object Model | 1 Clipboard Data | 3 Non-Application Layer Protocol | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Deobfuscate/Decode Files or Information | LSA Secrets | 3 File and Directory Discovery | SSH | Keylogging | 14 Application Layer Protocol | Scheduled Transfer | Data Encrypted for Impact |
| Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 3 Obfuscated Files or Information | Cached Domain Credentials | 215 System Information Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
| DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 1 DLL Side-Loading | DCSync | Remote System Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 65% | Virustotal | Browse | ||
| 53% | ReversingLabs | Win32.Trojan.GuLoader | ||
| 100% | Avira | TR/AD.Nekark.smsbe |
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | ReversingLabs | |||
| 0% | Virustotal | Browse |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| drive.google.com | 142.250.181.238 | true | false | high | |
| drive.usercontent.google.com | 172.217.18.1 | true | false | high | |
| reallyfreegeoip.org | 104.21.64.1 | true | false | high | |
| api.telegram.org | 149.154.167.220 | true | false | high | |
| checkip.dyndns.com | 132.226.247.73 | true | false | high | |
| checkip.dyndns.org | unknown | unknown | false | high |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| false | high | ||
| false | high | ||
| false | high |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 142.250.181.238 | drive.google.com | United States | 15169 | GOOGLEUS | false | |
| 149.154.167.220 | api.telegram.org | United Kingdom | 62041 | TELEGRAMRU | false | |
| 104.21.64.1 | reallyfreegeoip.org | United States | 13335 | CLOUDFLARENETUS | false | |
| 172.217.18.1 | drive.usercontent.google.com | United States | 15169 | GOOGLEUS | false | |
| 132.226.247.73 | checkip.dyndns.com | United States | 16989 | UTMEMUS | false |
| Joe Sandbox version: | 42.0.0 Malachite |
| Analysis ID: | 1632365 |
| Start date and time: | 2025-03-07 22:51:54 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 7m 5s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 12 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | GuuQOl5kJR.exerenamed because original name is a hash value |
| Original Sample Name: | ada032dd81e29c0b738bab536c8e240ea7cd87f29a14f98ac7302bb93251833c.exe |
| Detection: | MAL |
| Classification: | mal100.troj.spyw.evad.winEXE@3/30@5/5 |
| EGA Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, sppsvc.exe, Sgrmuserer.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 2.16.185.191
- Excluded domains from analysis (whitelisted): fs.microsoft.com, ctldl.windowsupdate.com, c.pki.goog
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
- Report size getting too big, too many NtSetInformationFile calls found.
- Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
| Time | Type | Description |
|---|---|---|
| 16:53:43 | API Interceptor |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 149.154.167.220 | Get hash | malicious | AgentTesla | Browse | ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse | |||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse | |||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse | |||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse | |||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse | |||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse | |||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse | |||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse | |||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse | |||
| 104.21.64.1 | Get hash | malicious | DarkTortilla, FormBook | Browse |
| |
| Get hash | malicious | Lokibot | Browse |
| ||
| Get hash | malicious | Lokibot | Browse |
| ||
| Get hash | malicious | Lokibot | Browse |
| ||
| Get hash | malicious | Lokibot | Browse |
| ||
| Get hash | malicious | Lokibot | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| 132.226.247.73 | Get hash | malicious | Snake Keylogger | Browse |
| |
| Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| reallyfreegeoip.org | Get hash | malicious | GuLoader | Browse |
| |
| Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| checkip.dyndns.com | Get hash | malicious | GuLoader | Browse |
| |
| Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| api.telegram.org | Get hash | malicious | AgentTesla | Browse |
| |
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| TELEGRAMRU | Get hash | malicious | AgentTesla | Browse |
| |
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| UTMEMUS | Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| |
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| CLOUDFLARENETUS | Get hash | malicious | AgentTesla | Browse |
| |
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | GuLoader | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 54328bd36c14bd82ddaa0c04b25ed9ad | Get hash | malicious | GuLoader | Browse |
| |
| Get hash | malicious | GuLoader | Browse |
| ||
| Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| 3b5074b1b5d032e5620f69f9f700ff0e | Get hash | malicious | AgentTesla | Browse |
| |
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| 37f463bf4616ecd445d4a1937da06e19 | Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| |
| Get hash | malicious | GuLoader | Browse |
| ||
| Get hash | malicious | GuLoader | Browse |
| ||
| Get hash | malicious | GuLoader | Browse |
| ||
| Get hash | malicious | GuLoader | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader | Browse |
| ||
| Get hash | malicious | GuLoader | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| C:\Users\user\AppData\Local\Temp\nslCC10.tmp\System.dll | Get hash | malicious | FormBook, GuLoader | Browse | ||
| Get hash | malicious | FormBook, GuLoader | Browse | |||
| Get hash | malicious | GuLoader | Browse | |||
| Get hash | malicious | GuLoader | Browse | |||
| Get hash | malicious | Remcos, GuLoader | Browse | |||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse | |||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse | |||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse | |||
| Get hash | malicious | Mindspark | Browse | |||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| Process: | C:\Users\user\Desktop\GuuQOl5kJR.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 33 |
| Entropy (8bit): | 4.33197669498491 |
| Encrypted: | false |
| SSDEEP: | 3:U4ooQGRDWh:hooQh |
| MD5: | 340AD700CF73B73EA2313C044D40EA9A |
| SHA1: | 9B90CC3147D140FA936E308C2C320BDC385DA93A |
| SHA-256: | 55A2B8F5EF1D17023FD8245E69830CC961C0CE629EDDC7AC1043C288CB3915B5 |
| SHA-512: | 4B31D10B80AE71197AC367C868569949224A4CD542BF0E9C188B816348EC8958F952525F939C827BDDC8610F268DD12E310D6D2FC99071C741B3A38E062542B4 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\GuuQOl5kJR.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 47 |
| Entropy (8bit): | 4.628848957968553 |
| Encrypted: | false |
| SSDEEP: | 3:YOm45GXQLQIfLBJXmgxv:5TGXQkIP2I |
| MD5: | B895D576D6637A778B387B2FCA0F56EC |
| SHA1: | E78D2BE4D94673D612C16D29C330BB0C78778429 |
| SHA-256: | BFEC1E97ED5D34825521D60B98986D1564CD159B4D1F9569EAE4C3464D2F5C47 |
| SHA-512: | B4A771D1B517A2776BA440F79F168306C244DF1A6DE1966313157154D8D52BEAD8131B95F846C2F55C15382E04284FFFC6CF6ABF3F6FCFCB259DF2EA58D769E5 |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
| Process: | C:\Users\user\Desktop\GuuQOl5kJR.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2226511 |
| Entropy (8bit): | 5.544183790399072 |
| Encrypted: | false |
| SSDEEP: | 49152:efdHEyaOi5yFu0mBFmvYFe0m40mD0mbXCP:wrTi5ywRrgoTU |
| MD5: | 5F29FB03C94F2F70EBE96C39FE8A43C6 |
| SHA1: | 921666D7ABA962B7FFCF42127257E6BE42D17CB3 |
| SHA-256: | 51E512FEADB87A5416EBA4D264F1A7F5BE90606DC9EE8BCBFFCF330BBC5E461C |
| SHA-512: | D36C7991DE0F1098EAE5B5E69689C248DA097D2A7D44889FC78870392A089A1304993AD7630A84637F6DA5EDBC38206FC9CED923B51DFEFA67C88B0332D6CA1E |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\GuuQOl5kJR.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 52 |
| Entropy (8bit): | 4.0914493934217315 |
| Encrypted: | false |
| SSDEEP: | 3:sBa99k1NoCFOn:KankVg |
| MD5: | 5D04A35D3950677049C7A0CF17E37125 |
| SHA1: | CAFDD49A953864F83D387774B39B2657A253470F |
| SHA-256: | A9493973DD293917F3EBB932AB255F8CAC40121707548DE100D5969956BB1266 |
| SHA-512: | C7B1AFD95299C0712BDBC67F9D2714926D6EC9F71909AF615AFFC400D8D2216AB76F6AC35057088836435DE36E919507E1B25BE87B07C911083F964EB67E003B |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
| Process: | C:\Users\user\Desktop\GuuQOl5kJR.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 56 |
| Entropy (8bit): | 4.16599515489879 |
| Encrypted: | false |
| SSDEEP: | 3:sAAEVvjscQl0j84n:fLdQA |
| MD5: | 0BBAA82AB2D26C93D410D2D149F4AFE1 |
| SHA1: | EA70B879A909A8BE7A4332741B1CC6E7C338F991 |
| SHA-256: | 8723EDBC2D2097E04E89873226380787AAAABB3C86FE3B1848E06FDD6BCF6751 |
| SHA-512: | F5C67206A843978E28A0C951679A69C189505F114D8CFB2943584B8568A61302666C03D90425F4DB88FAF3B33F4089F26CB1D1F7AB586065B0901CCF333742B4 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\GuuQOl5kJR.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 11264 |
| Entropy (8bit): | 5.813979271513012 |
| Encrypted: | false |
| SSDEEP: | 192:eF2HS5ih/7i00dWz9T7PH6lOFcQMI5+Vw+bPFomi7dJWsP:rSUmlw9T7DmnI5+N273FP |
| MD5: | 7399323923E3946FE9140132AC388132 |
| SHA1: | 728257D06C452449B1241769B459F091AABCFFC5 |
| SHA-256: | 5A1C20A3E2E2EB182976977669F2C5D9F3104477E98F74D69D2434E79B92FDC3 |
| SHA-512: | D6F28BA761351F374AE007C780BE27758AEA7B9F998E2A88A542EEDE459D18700ADFFE71ABCB52B8A8C00695EFB7CCC280175B5EEB57CA9A645542EDFABB64F1 |
| Malicious: | false |
| Antivirus: |
|
| Joe Sandbox View: |
|
| Reputation: | moderate, very likely benign file |
| Preview: |
| Process: | C:\Users\user\Desktop\GuuQOl5kJR.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 60 |
| Entropy (8bit): | 4.477049763244837 |
| Encrypted: | false |
| SSDEEP: | 3:sEMBQEJkJVEjEUQl9xQoXUn:4Q/xvUn |
| MD5: | 1318FEE7A3850C7B3DA84DC59D5B71D5 |
| SHA1: | F808341CF385A7EC5E3A3AB06205AABF6635BC96 |
| SHA-256: | BBFA433A8FB80C7AEBDF26DAD5B2D9D573BE57E55C48757DE8033778C7649DB8 |
| SHA-512: | 6593DB02AA0E1AFCD30A4BDE42AE04559518AA7FA187FC5CC9F54C3C97F7200E5067F82100439FF1E77391DBD3D876639B3F7C51A9B043284D579B6B9E97D6B0 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\GuuQOl5kJR.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 74 |
| Entropy (8bit): | 3.9637832956585757 |
| Encrypted: | false |
| SSDEEP: | 3:sRQE1wFEt/ijNJyI3dj2+n:aQEGiwh3D |
| MD5: | 16D513397F3C1F8334E8F3E4FC49828F |
| SHA1: | 4EE15AFCA81CA6A13AF4E38240099B730D6931F0 |
| SHA-256: | D3C781A1855C8A70F5ACA88D9E2C92AFFFA80541334731F62CAA9494AA8A0C36 |
| SHA-512: | 4A350B790FDD2FE957E9AB48D5969B217AB19FC7F93F3774F1121A5F140FF9A9EAAA8FA30E06A9EF40AD776E698C2E65A05323C3ADF84271DA1716E75F5183C3 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\GuuQOl5kJR.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 30 |
| Entropy (8bit): | 4.256564762130954 |
| Encrypted: | false |
| SSDEEP: | 3:DyWgLQIfLBJXmgU:mkIP25 |
| MD5: | F15BFDEBB2DF02D02C8491BDE1B4E9BD |
| SHA1: | 93BD46F57C3316C27CAD2605DDF81D6C0BDE9301 |
| SHA-256: | C87F2FF45BB530577FB8856DF1760EDAF1060AE4EE2934B17FDD21B7D116F043 |
| SHA-512: | 1757ED4AE4D47D0C839511C18BE5D75796224D4A3049E2D8853650ACE2C5057C42040DE6450BF90DD4969862E9EBB420CD8A34F8DD9C970779ED2E5459E8F2F1 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\separationerne\Isoionone.ang
Download File
| Process: | C:\Users\user\Desktop\GuuQOl5kJR.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 451964 |
| Entropy (8bit): | 7.038236667220223 |
| Encrypted: | false |
| SSDEEP: | 12288:DU2MhSrr7+nOHsDG4dqMF3PHnb5cKiXoMSQ:DU2MhgWnU0HEuHt68Q |
| MD5: | A13B9C18720213C57117ECFD07AC1965 |
| SHA1: | 722B5C768B57E8513AE640A3B43A7EA3EB5CAD9A |
| SHA-256: | C026B3DE2B25B61A6DD2DE899AB0B7FE47DF346276E8A6A3237BAA24895636A0 |
| SHA-512: | 160695B11CD077A800D9E0C034CA8111172599631CBAFAF05D7A5205E21CB7964D527B375C6915D1382C3E7EBA72F4EEB0E326CB2AE26F9DD9B0EBD5FE3D7B69 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\separationerne\Litiscontest.jpg
Download File
| Process: | C:\Users\user\Desktop\GuuQOl5kJR.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 116646 |
| Entropy (8bit): | 7.9723106052665536 |
| Encrypted: | false |
| SSDEEP: | 3072:Cq3EK4+CecuNPZ23e6at5JG7QXnv0tD6nI:Cq3PRCeTZ1tspwI |
| MD5: | 2400D62D49391C7874C3DF868B3399ED |
| SHA1: | F5AF15AAE9EE9BD00F459D67EBBCDB8E48B6D4A3 |
| SHA-256: | C400565DCC08D080953E47902F2946C687C4F814C3BA51E0D4E63E4242112566 |
| SHA-512: | 7CE7C0DAA1B222DD67D6292F9FE3A9BDFB0782C790D817C0B4B348B8D8AB7B5630D8DBFB953ED55093DFB2DCABF8FBB257A4ED666B2145D8946E0D2C082DB70B |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\separationerne\Tiggerstavens.fes
Download File
| Process: | C:\Users\user\Desktop\GuuQOl5kJR.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 458176 |
| Entropy (8bit): | 1.246204574944222 |
| Encrypted: | false |
| SSDEEP: | 1536:xRWO2EIpW61fXKYiZAiYUQZF4Ce2spug3ZcCQy0kTwxdwBl9qiJsuQKSA4o6LOzv:seFwClmyQzweu |
| MD5: | F507FD73B5683DFB9ECE04A486CF8E21 |
| SHA1: | 171A7FF1F5C92A75FF2787021BA6750FEF68213F |
| SHA-256: | 9AEAFCD46AA3D1B660FB1A3A8F10C21D28C80A50BF37A23D9ECA444A51557065 |
| SHA-512: | B6124C979EF1DC6946F95EACAA369E4EABB9B0E32781197A8A2686FA2FEDB69B123B274EB19E82E4AD781FB49D6F74A96E1B38C147C7AC163C5430DD084C7D2F |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\GuuQOl5kJR.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 34271 |
| Entropy (8bit): | 7.9659073424878555 |
| Encrypted: | false |
| SSDEEP: | 768:4WE6omjLoyBWuDNGNceCXyQezdhoMB8q+ljUsYU1xhbU3vCH:4Uom4yBhmQi7eK8q+lpJRUfCH |
| MD5: | 868F1BE25FA5F82DE53C0CE9EA030CA3 |
| SHA1: | ECA9A135448D5C0F613209FF3516CAE3716BF0E3 |
| SHA-256: | 5FD97F664356EE61E6182C19DC0AF76318B4AA9AF75D674F11EB45DEF3D66526 |
| SHA-512: | 6A67BE639F4A4A8A24587ED6B1D67F276F41BC750B0FC74C49A69FF9293F57ACAE6DEF3423C8DF06805A1BB7CE894F4359510B3A27E2E1F388D065A618479E21 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\separationerne\Udtrttede.ini
Download File
| Process: | C:\Users\user\Desktop\GuuQOl5kJR.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 78838 |
| Entropy (8bit): | 7.9645085314331405 |
| Encrypted: | false |
| SSDEEP: | 1536:0aI5v5+r/WGPIAVQIhrVMZXPizutOFGlin5ZSk2iFJNfgJSYrLfEXWMp:I55e/pVQIhrqKusGkmkPnNYhX2R |
| MD5: | C994CB2032DBA92B7E631171678EC43D |
| SHA1: | E206DF32EA7F37FA26075E0456786E138AC27AE1 |
| SHA-256: | 3D6B9E81DA6DF4A9432CDB4168EE8F8B26CC88E47FDB9BB8A6D967FB1AB241E3 |
| SHA-512: | E444152150B4C1007FA96AA079E41D959A5A48D00D9F1D9AC15321B646F7CF4000D43825DF25EF7D69275A3CA86C029E8862AF07F873A8375B1EAAE5280A4F13 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\separationerne\Untaciturnly135.sem
Download File
| Process: | C:\Users\user\Desktop\GuuQOl5kJR.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 123405 |
| Entropy (8bit): | 4.610096659351627 |
| Encrypted: | false |
| SSDEEP: | 1536:iVehsvhJJyFmA3njHfdns92oPWao+pY1eAZGjCuIYlv4CaafG3g:BkX4FDjVs92oDORZstIYlACawGQ |
| MD5: | 2319DAA21A49CA7A201302F03F976E8D |
| SHA1: | D51930B0FDDAFD814A1030245B7EB488996757D4 |
| SHA-256: | 84202ADFED68FEA1EE7975FD8EF1D557B227F6B2C4A183E70106DB2EB2AE5354 |
| SHA-512: | 15D51851424D629279AB7BA4B8AE25A2D85E9CECEC3B8CA0465F4AFB5F2A14AEC0DDE708164BF259848343B75912F581CBE16BB6FBA99650B669509689C6D355 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\separationerne\aktioners.jpg
Download File
| Process: | C:\Users\user\Desktop\GuuQOl5kJR.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 33760 |
| Entropy (8bit): | 7.967017042537166 |
| Encrypted: | false |
| SSDEEP: | 768:4WE6omjLoyBWuDNGNceCXyQezdhoMB8q+ljUsYU1xhbU3vCW:4Uom4yBhmQi7eK8q+lpJRUfCW |
| MD5: | B79A2EC8152E04C3DF16B5DF803ED841 |
| SHA1: | 4E8FEE2ACDA813B8D6F12FF1B2B9BEDA769C05BD |
| SHA-256: | 584DC6A4106CFB60A2794937921B3B560F398558B482D5C24A1ECFB997EBEA9D |
| SHA-512: | 0DFB2B2FA92EB11B60C87D272B6B2EEA14DC2E05D53048C445772D6249F3635BBD1EE7B663F9F670FCD06C50C71839323BF2325CAEECBD9AD7D182E5733C3488 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\separationerne\begrdeliges.pro
Download File
| Process: | C:\Users\user\Desktop\GuuQOl5kJR.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 271048 |
| Entropy (8bit): | 1.2501527383190683 |
| Encrypted: | false |
| SSDEEP: | 1536:J3Cc9bXL6XUITHsHuh6mYsN8xVvBPJggd0Q96LJe24TSewHt/z1tIwt8iWoImuhr:JGU5Q+7bgfC97p |
| MD5: | 4CDDE62E05107CF3BAD9767453F364D5 |
| SHA1: | 8C3990C82C3F9C0ECECCFC2E878F00B674556E6E |
| SHA-256: | 80EFA0744FB280C29C700886A6CD158053D0BE9C2D87F445A76C6DEA410B774B |
| SHA-512: | A3C64E4B4DB6AEA45756BFB1C2BED5F7CA19549DE8C2D095F320DB8BC8589B01E356D033D6073CBEED9B56EDA1939BEB98E727382F5396EA3E50079125B19451 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\GuuQOl5kJR.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 19024 |
| Entropy (8bit): | 7.941019032399731 |
| Encrypted: | false |
| SSDEEP: | 384:G69R2kiP8DN7z8OayzjwTSQ1vI8+KvvKyMIWVx3NRGBQqxFk8nWzy1+a6Pu10IJh:GgHpXda7+2d1vezVx3NRCpnZ1+afGIJh |
| MD5: | E9772CD90D72A4F4AF0401E7BFBA7BBA |
| SHA1: | 45DEEC11D8CE16E3DF98F6E3AC23A6B647A81535 |
| SHA-256: | 53BB5626BC226D0E476A35645C2D720C1056ADFBB23DAEB5923E9264540259B9 |
| SHA-512: | BA2E24D412C69D2B1EBAEDBF5B7AC0F94544A3E9C42CDE2FB13C456217B6B0449024086D78C72F8B7C4EBA35622C56623919F64CE408471028E0A5DC6E206027 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\separationerne\cartographer.jpg
Download File
| Process: | C:\Users\user\Desktop\GuuQOl5kJR.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 30956 |
| Entropy (8bit): | 7.969499868102271 |
| Encrypted: | false |
| SSDEEP: | 768:ofYXJ6hCAlkicSla3FFc1VQC2NOF1Nuse5wExZ50vn:oQalrlaVC1uClF1NuTT5Mn |
| MD5: | C9D3CCBEBDAFAA919122541A202A9733 |
| SHA1: | F81641E686DE3B8C884971EC5DA65D8CF4BB4D3F |
| SHA-256: | 5FDB8BED6E957D3399EC0D8A30934F1E0B2A4C5880A6EC8DF43F786BAA32A96C |
| SHA-512: | F16B4DC339F4943E19408F386C376C50A4DA42E6DB1241EAB90B8596AF701F75421B87A1AEA10835467A3900E29E2611943DC9B89FDFAAC3E46D0546BFA83A7A |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\separationerne\histographies.txt
Download File
| Process: | C:\Users\user\Desktop\GuuQOl5kJR.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 34638 |
| Entropy (8bit): | 7.9628416848799 |
| Encrypted: | false |
| SSDEEP: | 768:4WE6omjLoyBWuDNGNceCXyQezdhoMB8q+ljUsYU1xhbU3vCL:4Uom4yBhmQi7eK8q+lpJRUfCL |
| MD5: | 5A1AD1096F97C0E2239684846D247918 |
| SHA1: | 2885227167F0780AED630077007401989AFDDAEE |
| SHA-256: | C2C9EE1D315D2D076FAADFDECF060E59877B621385A7825EDBA473BE85CCBF7F |
| SHA-512: | 2740807D4DCDB5D2CE786488047360225EC7DED2B84A215CCE00DB25E67C2A9B5C9C3E0593BA35F8E48D937E3104FFD97C3B034471639F88D3119F9B9C62B36B |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\GuuQOl5kJR.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 78312 |
| Entropy (8bit): | 7.965760163563921 |
| Encrypted: | false |
| SSDEEP: | 1536:0aI5v5+r/WGPIAVQIhrVMZXPizutOFGlin5ZSk2iFJNfgJSYrLfEXWMo:I55e/pVQIhrqKusGkmkPnNYhX2g |
| MD5: | B53488FB78817ABDEA984B799B644E71 |
| SHA1: | B52C3F0461B2D4827634B17A8456FE0EEACCF166 |
| SHA-256: | 37E2971FE0FE1B8F445A2D90CFEFC40A614C09F04D4269DC0E39131714B71644 |
| SHA-512: | 817F53CAA92582CE9F070493836EF6E925CCDFECA064C3CD8ADFFF1124542D61ED2F2DD2ABBCFC46F7CA700A43710EA78440BD16092AC41EA59D90C7E2BB13EC |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\GuuQOl5kJR.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 6266 |
| Entropy (8bit): | 7.934604994452403 |
| Encrypted: | false |
| SSDEEP: | 192:LageUe3z8q30+rTymq37MvDe0QQCtvOdjxvIqwgOdTsx3W:OQeJ3trT1cMvD2jvO7vIqwgOdTaW |
| MD5: | D154965D450CABB2873570BBB6BCEE1F |
| SHA1: | B69F899F37D407E34F7391B278C08140F22A8D4F |
| SHA-256: | 8EAF9B50CE1AE80F9A033C88D393FABFF9033E1D8485B411594889DD23AEEB48 |
| SHA-512: | 6483603905A6B6566F45C7F26EFC549D371A96DEFD57B29DD96AE8890EE481964C9E682A1077AEFC8D10F8366FADEAFE9FC0DE12477D0265C70D3BC629E53B3E |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\separationerne\modstaaet.jpg
Download File
| Process: | C:\Users\user\Desktop\GuuQOl5kJR.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 77820 |
| Entropy (8bit): | 7.966308391338044 |
| Encrypted: | false |
| SSDEEP: | 1536:0aI5v5+r/WGPIAVQIhrVMZXPizutOFGlin5ZSk2iFJNfgJSYrLfEXWMz:I55e/pVQIhrqKusGkmkPnNYhX2r |
| MD5: | 69FAD6C6022F82800FD9AA55EAFF43DF |
| SHA1: | C34951D82990B356BCB2CAE1B24690AAA9A558AB |
| SHA-256: | D765417E77F1604852B08BF8E3FC78B08DB3947AE0456B7DA5A7E272D83B1426 |
| SHA-512: | 324D713ECDE5AAFCEE49721D65936E3B8646F482521D971059E4D90908EAAA0CD7F0FE47159529935C3589F5892AB9F930AE74630EDBECC81CC68B7FC5FBA227 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\separationerne\musicianer.spi
Download File
| Process: | C:\Users\user\Desktop\GuuQOl5kJR.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 252988 |
| Entropy (8bit): | 1.258435768634305 |
| Encrypted: | false |
| SSDEEP: | 1536:Ffup5V9mQ4FqyWKrbCGsV2kLUY+mvKDFHHe4w/Lm65l32C+8zQNrpQJu0jx23uf5:1lMpKEfpd |
| MD5: | E19F0FF07EFE63E8B30B92E64C3279C1 |
| SHA1: | 7855F6FBD8FC96F485B4140A85A4D5CBD31F1AF9 |
| SHA-256: | 4CE892AA1B8B8CFFC9835C703FABC69087F82490FB46E889D6C07280DCE64E03 |
| SHA-512: | 030264903EFB58841058997648E112F3AC89EE4D9EA038D96F1CD132A59B2B0A3D6BCB4DD99DA62279835408453F84CF3AF492E1D53910C8AE29CCE386E2D5CB |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\GuuQOl5kJR.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 9249 |
| Entropy (8bit): | 7.859769804343658 |
| Encrypted: | false |
| SSDEEP: | 192:Lg3GVbPdwh/TkYJFxFd5Ynr9rwP8eiJnuLq6dIUfvF3g5/S+4DHEk:k3GVbPdSwYJn5Yr9rNJuLq6d1nF6S+4F |
| MD5: | 99568CF7EA7AB982BEBEC6E8C9736699 |
| SHA1: | 656B55183279F357ABE336F6359C4AEDB5FB4AD6 |
| SHA-256: | B9FCD205A8B2A819D6774B0F217334C24E508A02BA504D24CE3438C17AAE630A |
| SHA-512: | C7408A24197C4BF2B14C3AD43840851EB14325E60490998E1625FEC3CE538CB8B4EC1C9A71836990E0EB4EE922040217EC0989FD6E6D4F5BC4FCC3F3FDA0FB10 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\separationerne\romantiserendes.ini
Download File
| Process: | C:\Users\user\Desktop\GuuQOl5kJR.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 79085 |
| Entropy (8bit): | 7.963718594699245 |
| Encrypted: | false |
| SSDEEP: | 1536:0aI5v5+r/WGPIAVQIhrVMZXPizutOFGlin5ZSk2iFJNfgJSYrLfEXWMn:I55e/pVQIhrqKusGkmkPnNYhX2P |
| MD5: | 48951E338D32805997DA47E7122CA34C |
| SHA1: | FB7A57BEAAC5B15E081DCF5A54947107FB9DF9C0 |
| SHA-256: | 62D4D8C14C5BC21B8FC7BAC1BC1C8A272404C5516871E574D9E65EEF00787D11 |
| SHA-512: | 7BC3831B4274EB53F5F40C59C41456C35005FEFDD486774DA41287EA46CC33E2858C0DAE2BBE9FD12EB63BD7BA8460D8B184AB316340B45E90C939821B92D2E7 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\separationerne\semiquadrangle.ini
Download File
| Process: | C:\Users\user\Desktop\GuuQOl5kJR.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 18366 |
| Entropy (8bit): | 7.960531856269744 |
| Encrypted: | false |
| SSDEEP: | 384:G69R2kiP8DN7z8OayzjwTSQ1vI8+KvvKyMIWVx3NRGBQqxFk8nWzy1+a6Pu10IJ0:GgHpXda7+2d1vezVx3NRCpnZ1+afGIJ0 |
| MD5: | D0B061FE143A45224AF28C219D85EC29 |
| SHA1: | 98EC46FB584AFFF14AB2B9D8DBD914C2F82DB58B |
| SHA-256: | DDD6D841667588C40373273F4ACE25CD8E25C527BC4B15160A4BD95D5F5F859A |
| SHA-512: | D6035392C1E6D28B01CF4AD9025E9E43B64CAAD772B6FBF2F0D239CDC5F2B1DB3266DEAC88DC73B3C443D8755582E9E99B86642BE67E693447B5B70E79116A48 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\separationerne\sugarcane.jpg
Download File
| Process: | C:\Users\user\Desktop\GuuQOl5kJR.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 17926 |
| Entropy (8bit): | 7.964086895083405 |
| Encrypted: | false |
| SSDEEP: | 384:G69R2kiP8DN7z8OayzjwTSQ1vI8+KvvKyMIWVx3NRGBQqxFk8nWzy1+a6Pu10IJy:GgHpXda7+2d1vezVx3NRCpnZ1+afGIJy |
| MD5: | 226BA095D6E35AE7575FF844DA0C0293 |
| SHA1: | D50131B137CAA1464076A0F6B1AB1ADA6E99234E |
| SHA-256: | 307B12DABB919A69383409A5064E70DCD0CD4903C9E94814D10C540312F0BE73 |
| SHA-512: | 3BEC4961D0682F6ECA723A8838DB446F5152C34D82B9EEE7CE2B80724F63BAB6D4A3BE0C0B5418E7831F04AD8236697B7E4820ECE601878471AAA2184488121A |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\GuuQOl5kJR.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 10701 |
| Entropy (8bit): | 7.839639743360956 |
| Encrypted: | false |
| SSDEEP: | 192:Lzr3FqEXWDs3kosNACUJ2PDTHjHzCM4guHBTGgAuihMBvUjhIaRTHO:3r3FqCd3Bsy1IPDTDebgkTG1XNHO |
| MD5: | 6AB549CF24DE4802D3806218FDC48906 |
| SHA1: | DADA9FCA4EC7121494CC70B3E7A2018E0F8116CA |
| SHA-256: | D484ED1BD415EC1F924CA80A2B8EBD60FF02998A3AD3028145C75900F51F19DF |
| SHA-512: | FDB7BD49B53E243FBDD3FF6613BDC0F47E6ACBE378EC9599263393B121395DCA0B23D978B7029F058B5AEBE4264EB356C945C0EB1AB00B3D6A3E75EE6D4D8651 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\separationerne\unagitatedness.txt
Download File
| Process: | C:\Users\user\Desktop\GuuQOl5kJR.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 355 |
| Entropy (8bit): | 4.365173801202148 |
| Encrypted: | false |
| SSDEEP: | 6:a33GWsurYzIbhGvPiUWrFArTWzgVJ86CcE6LpA6rMrLGbGVPoHknd3TFKA8iWFzK:amN9C0vPQqrqsj86Cck6kVPoEnFweWKp |
| MD5: | 52728264A79BB126BC05A9339A806437 |
| SHA1: | 031F624DC90E451583A740F03B0432F63FB472DE |
| SHA-256: | 8D23AFDA0BB6BFD4399AF4AEBFAA8196644DCD468D1E6705C2388E7DB49F8D4A |
| SHA-512: | EFC41C3E278119CFEDBC039153FE6374C5DB4DBD95E10969768115EFA463D9E38CBC0C3DC2469D200C775AF7851E4B77AB4AE63B5456E4DE996EB21A94903519 |
| Malicious: | false |
| Preview: |
| File type: | |
| Entropy (8bit): | 7.959220956443469 |
| TrID: |
|
| File name: | GuuQOl5kJR.exe |
| File size: | 924'368 bytes |
| MD5: | e9c0c56c4a52c53407de85b33e496e75 |
| SHA1: | a75d2673332707c56b0c8db8416925d771a9e47f |
| SHA256: | ada032dd81e29c0b738bab536c8e240ea7cd87f29a14f98ac7302bb93251833c |
| SHA512: | 8a867790d505edb73a4b16d184e7dd31e63968816c4cfb7a591fa55e9f60baeb6e2f970fd78f79f264bd2eb8c292125048e684f7017c5ba5fc808b0303305785 |
| SSDEEP: | 24576:VYv4iYYOQgoqaAP+YhScfal3ROQMuqBZzm7UlCPS/:m4iuQgnaApyJROub7UQS |
| TLSH: | 0115238691DAC4AAC8C2A6B12B7747F5EA3E2C7100468B497F503D73B8325BE491D367 |
| File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1.D9u.*ju.*ju.*j..ujw.*ju.+j..*j..wjd.*j!..j..*j..,jt.*jRichu.*j........PE..L....f.R.................`...*......X3.......p....@ |
 | |
| Icon Hash: | a5d56872428d9074 |
| Entrypoint: | 0x403358 |
| Entrypoint Section: | .text |
| Digitally signed: | false |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
| DLL Characteristics: | TERMINAL_SERVER_AWARE |
| Time Stamp: | 0x52BA66B2 [Wed Dec 25 05:01:38 2013 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 4 |
| OS Version Minor: | 0 |
| File Version Major: | 4 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 4 |
| Subsystem Version Minor: | 0 |
| Import Hash: | e221f4f7d36469d53810a4b5f9fc8966 |
| Instruction |
|---|
| sub esp, 000002D4h |
| push ebx |
| push ebp |
| push esi |
| push edi |
| push 00000020h |
| xor ebp, ebp |
| pop esi |
| mov dword ptr [esp+14h], ebp |
| mov dword ptr [esp+10h], 00409230h |
| mov dword ptr [esp+1Ch], ebp |
| call dword ptr [00407034h] |
| push 00008001h |
| call dword ptr [004070BCh] |
| push ebp |
| call dword ptr [004072ACh] |
| push 00000008h |
| mov dword ptr [00429298h], eax |
| call 00007FD614D5977Ch |
| mov dword ptr [004291E4h], eax |
| push ebp |
| lea eax, dword ptr [esp+34h] |
| push 000002B4h |
| push eax |
| push ebp |
| push 00420690h |
| call dword ptr [0040717Ch] |
| push 0040937Ch |
| push 004281E0h |
| call 00007FD614D593E7h |
| call dword ptr [00407134h] |
| mov ebx, 00434000h |
| push eax |
| push ebx |
| call 00007FD614D593D5h |
| push ebp |
| call dword ptr [0040710Ch] |
| cmp word ptr [00434000h], 0022h |
| mov dword ptr [004291E0h], eax |
| mov eax, ebx |
| jne 00007FD614D568CAh |
| push 00000022h |
| mov eax, 00434002h |
| pop esi |
| push esi |
| push eax |
| call 00007FD614D58E26h |
| push eax |
| call dword ptr [00407240h] |
| mov dword ptr [esp+18h], eax |
| jmp 00007FD614D5698Eh |
| push 00000020h |
| pop edx |
| cmp cx, dx |
| jne 00007FD614D568C9h |
| inc eax |
| inc eax |
| cmp word ptr [eax], dx |
| je 00007FD614D568BBh |
| add word ptr [eax], 0000h |
| Programming Language: |
|
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0x7494 | 0xb4 | .rdata |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x4d000 | 0x5040 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x7000 | 0x2b8 | .rdata |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0x5e66 | 0x6000 | e8f12472e91b02deb619070e6ee7f1f4 | False | 0.6566569010416666 | data | 6.419409887460116 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .rdata | 0x7000 | 0x1354 | 0x1400 | 2222fe44ebbadbc32af32dfc9c88e48e | False | 0.4306640625 | data | 5.037511188789184 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .data | 0x9000 | 0x202d8 | 0x600 | a5ec1b720d350c6303a7aba8d85072bf | False | 0.4733072916666667 | data | 3.7600484096214832 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .ndata | 0x2a000 | 0x23000 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .rsrc | 0x4d000 | 0x5040 | 0x5200 | b2da62e34b8c62c487b136a5434db933 | False | 0.17844893292682926 | data | 2.8674367335879127 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
|---|---|---|---|---|---|---|
| RT_ICON | 0x4d298 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | English | United States | 0.10197095435684647 |
| RT_ICON | 0x4f840 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | English | United States | 0.17659474671669795 |
| RT_ICON | 0x508e8 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 2400 | English | United States | 0.21598360655737706 |
| RT_ICON | 0x51270 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | English | United States | 0.2703900709219858 |
| RT_DIALOG | 0x516d8 | 0x144 | data | English | United States | 0.5216049382716049 |
| RT_DIALOG | 0x51820 | 0x120 | data | English | United States | 0.5138888888888888 |
| RT_DIALOG | 0x51940 | 0x11c | data | English | United States | 0.6056338028169014 |
| RT_DIALOG | 0x51a60 | 0x60 | data | English | United States | 0.7291666666666666 |
| RT_GROUP_ICON | 0x51ac0 | 0x3e | data | English | United States | 0.8064516129032258 |
| RT_VERSION | 0x51b00 | 0x238 | data | English | United States | 0.5422535211267606 |
| RT_MANIFEST | 0x51d38 | 0x305 | XML 1.0 document, ASCII text, with very long lines (773), with no line terminators | English | United States | 0.5614489003880984 |
| DLL | Import |
|---|---|
| KERNEL32.dll | CompareFileTime, SearchPathW, SetFileTime, CloseHandle, GetShortPathNameW, MoveFileW, SetCurrentDirectoryW, GetFileAttributesW, GetLastError, GetFullPathNameW, CreateDirectoryW, Sleep, GetTickCount, CreateFileW, GetFileSize, GetModuleFileNameW, GetCurrentProcess, CopyFileW, ExitProcess, SetEnvironmentVariableW, GetWindowsDirectoryW, SetFileAttributesW, ExpandEnvironmentStringsW, SetErrorMode, LoadLibraryW, lstrlenW, lstrcpynW, GetDiskFreeSpaceW, GlobalUnlock, GlobalLock, CreateThread, CreateProcessW, RemoveDirectoryW, lstrcmpiA, GetTempFileNameW, lstrcpyA, lstrcpyW, lstrcatW, GetSystemDirectoryW, GetVersion, GetProcAddress, LoadLibraryA, GetModuleHandleA, GetModuleHandleW, lstrcmpiW, lstrcmpW, WaitForSingleObject, GlobalFree, GlobalAlloc, LoadLibraryExW, GetExitCodeProcess, FreeLibrary, WritePrivateProfileStringW, GetCommandLineW, GetTempPathW, GetPrivateProfileStringW, FindFirstFileW, FindNextFileW, DeleteFileW, SetFilePointer, ReadFile, FindClose, MulDiv, MultiByteToWideChar, WriteFile, lstrlenA, WideCharToMultiByte |
| USER32.dll | EndDialog, ScreenToClient, GetWindowRect, RegisterClassW, EnableMenuItem, GetSystemMenu, SetClassLongW, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongW, SetCursor, LoadCursorW, CheckDlgButton, GetMessagePos, LoadBitmapW, CallWindowProcW, IsWindowVisible, CloseClipboard, SetClipboardData, wsprintfW, CreateWindowExW, SystemParametersInfoW, AppendMenuW, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharPrevW, CharNextA, wsprintfA, DispatchMessageW, PeekMessageW, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, GetDC, SetWindowLongW, LoadImageW, SendMessageTimeoutW, FindWindowExW, EmptyClipboard, OpenClipboard, TrackPopupMenu, EndPaint, ShowWindow, GetDlgItem, IsWindow, SetForegroundWindow |
| GDI32.dll | SelectObject, SetBkMode, CreateFontIndirectW, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor |
| SHELL32.dll | SHGetSpecialFolderLocation, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, ShellExecuteW, SHFileOperationW |
| ADVAPI32.dll | RegCloseKey, RegOpenKeyExW, RegDeleteKeyW, RegDeleteValueW, RegEnumValueW, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, RegEnumKeyW |
| COMCTL32.dll | ImageList_Create, ImageList_AddMasked, ImageList_Destroy |
| ole32.dll | CoCreateInstance, CoTaskMemFree, OleInitialize, OleUninitialize |
| VERSION.dll | GetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW |
| Description | Data |
|---|---|
| FileDescription | vignetted |
| LegalCopyright | dommedagsprdikenens johnnis |
| LegalTrademarks | kodes |
| OriginalFilename | toggler triumvirates.exe |
| ProductVersion | 3.5.0.0 |
| Translation | 0x0409 0x04e4 |
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| English | United States |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-03-07T22:54:12.041953+0100 | 2803270 | ETPRO MALWARE Common Downloader Header Pattern UHCa | 2 | 192.168.2.10 | 49695 | 142.250.181.238 | 443 | TCP |
| 2025-03-07T22:54:21.637546+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.10 | 49697 | 132.226.247.73 | 80 | TCP |
| 2025-03-07T22:54:24.653292+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.10 | 49697 | 132.226.247.73 | 80 | TCP |
| 2025-03-07T22:54:27.067551+0100 | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 192.168.2.10 | 49699 | 104.21.64.1 | 443 | TCP |
| 2025-03-07T22:54:27.825065+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.10 | 49700 | 132.226.247.73 | 80 | TCP |
| 2025-03-07T22:54:30.249316+0100 | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 192.168.2.10 | 49701 | 104.21.64.1 | 443 | TCP |
| 2025-03-07T22:54:52.636499+0100 | 1810007 | Joe Security ANOMALY Telegram Send Message | 1 | 192.168.2.10 | 49714 | 149.154.167.220 | 443 | TCP |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Mar 7, 2025 22:53:27.599152088 CET | 49686 | 443 | 192.168.2.10 | 142.250.181.238 |
| Mar 7, 2025 22:53:27.599181890 CET | 443 | 49686 | 142.250.181.238 | 192.168.2.10 |
| Mar 7, 2025 22:53:27.599263906 CET | 49686 | 443 | 192.168.2.10 | 142.250.181.238 |
| Mar 7, 2025 22:53:27.607676029 CET | 49686 | 443 | 192.168.2.10 | 142.250.181.238 |
| Mar 7, 2025 22:53:27.607688904 CET | 443 | 49686 | 142.250.181.238 | 192.168.2.10 |
| Mar 7, 2025 22:53:35.776119947 CET | 443 | 49686 | 142.250.181.238 | 192.168.2.10 |
| Mar 7, 2025 22:53:35.776196003 CET | 49686 | 443 | 192.168.2.10 | 142.250.181.238 |
| Mar 7, 2025 22:53:35.800493002 CET | 49686 | 443 | 192.168.2.10 | 142.250.181.238 |
| Mar 7, 2025 22:53:35.800527096 CET | 443 | 49686 | 142.250.181.238 | 192.168.2.10 |
| Mar 7, 2025 22:53:35.801450968 CET | 49689 | 443 | 192.168.2.10 | 142.250.181.238 |
| Mar 7, 2025 22:53:35.801497936 CET | 443 | 49689 | 142.250.181.238 | 192.168.2.10 |
| Mar 7, 2025 22:53:35.801567078 CET | 49689 | 443 | 192.168.2.10 | 142.250.181.238 |
| Mar 7, 2025 22:53:35.802066088 CET | 49689 | 443 | 192.168.2.10 | 142.250.181.238 |
| Mar 7, 2025 22:53:35.802078009 CET | 443 | 49689 | 142.250.181.238 | 192.168.2.10 |
| Mar 7, 2025 22:53:44.029555082 CET | 443 | 49689 | 142.250.181.238 | 192.168.2.10 |
| Mar 7, 2025 22:53:44.029766083 CET | 49689 | 443 | 192.168.2.10 | 142.250.181.238 |
| Mar 7, 2025 22:53:44.029906034 CET | 49689 | 443 | 192.168.2.10 | 142.250.181.238 |
| Mar 7, 2025 22:53:44.029927015 CET | 443 | 49689 | 142.250.181.238 | 192.168.2.10 |
| Mar 7, 2025 22:53:44.030582905 CET | 49690 | 443 | 192.168.2.10 | 142.250.181.238 |
| Mar 7, 2025 22:53:44.030627966 CET | 443 | 49690 | 142.250.181.238 | 192.168.2.10 |
| Mar 7, 2025 22:53:44.030709982 CET | 49690 | 443 | 192.168.2.10 | 142.250.181.238 |
| Mar 7, 2025 22:53:44.030841112 CET | 49690 | 443 | 192.168.2.10 | 142.250.181.238 |
| Mar 7, 2025 22:53:44.030869961 CET | 443 | 49690 | 142.250.181.238 | 192.168.2.10 |
| Mar 7, 2025 22:53:44.030930042 CET | 49690 | 443 | 192.168.2.10 | 142.250.181.238 |
| Mar 7, 2025 22:53:44.142519951 CET | 49691 | 443 | 192.168.2.10 | 142.250.181.238 |
| Mar 7, 2025 22:53:44.142580032 CET | 443 | 49691 | 142.250.181.238 | 192.168.2.10 |
| Mar 7, 2025 22:53:44.142689943 CET | 49691 | 443 | 192.168.2.10 | 142.250.181.238 |
| Mar 7, 2025 22:53:44.143150091 CET | 49691 | 443 | 192.168.2.10 | 142.250.181.238 |
| Mar 7, 2025 22:53:44.143163919 CET | 443 | 49691 | 142.250.181.238 | 192.168.2.10 |
| Mar 7, 2025 22:53:52.342396021 CET | 443 | 49691 | 142.250.181.238 | 192.168.2.10 |
| Mar 7, 2025 22:53:52.342453003 CET | 49691 | 443 | 192.168.2.10 | 142.250.181.238 |
| Mar 7, 2025 22:53:52.343311071 CET | 49691 | 443 | 192.168.2.10 | 142.250.181.238 |
| Mar 7, 2025 22:53:52.343329906 CET | 443 | 49691 | 142.250.181.238 | 192.168.2.10 |
| Mar 7, 2025 22:53:52.344436884 CET | 49692 | 443 | 192.168.2.10 | 142.250.181.238 |
| Mar 7, 2025 22:53:52.344469070 CET | 443 | 49692 | 142.250.181.238 | 192.168.2.10 |
| Mar 7, 2025 22:53:52.344537973 CET | 49692 | 443 | 192.168.2.10 | 142.250.181.238 |
| Mar 7, 2025 22:53:52.345094919 CET | 49692 | 443 | 192.168.2.10 | 142.250.181.238 |
| Mar 7, 2025 22:53:52.345107079 CET | 443 | 49692 | 142.250.181.238 | 192.168.2.10 |
| Mar 7, 2025 22:54:00.578906059 CET | 443 | 49692 | 142.250.181.238 | 192.168.2.10 |
| Mar 7, 2025 22:54:00.579020023 CET | 49692 | 443 | 192.168.2.10 | 142.250.181.238 |
| Mar 7, 2025 22:54:00.579235077 CET | 49692 | 443 | 192.168.2.10 | 142.250.181.238 |
| Mar 7, 2025 22:54:00.579257965 CET | 443 | 49692 | 142.250.181.238 | 192.168.2.10 |
| Mar 7, 2025 22:54:00.588928938 CET | 49693 | 443 | 192.168.2.10 | 142.250.181.238 |
| Mar 7, 2025 22:54:00.588967085 CET | 443 | 49693 | 142.250.181.238 | 192.168.2.10 |
| Mar 7, 2025 22:54:00.589030981 CET | 49693 | 443 | 192.168.2.10 | 142.250.181.238 |
| Mar 7, 2025 22:54:00.589155912 CET | 49693 | 443 | 192.168.2.10 | 142.250.181.238 |
| Mar 7, 2025 22:54:00.589175940 CET | 443 | 49693 | 142.250.181.238 | 192.168.2.10 |
| Mar 7, 2025 22:54:00.589215040 CET | 49693 | 443 | 192.168.2.10 | 142.250.181.238 |
| Mar 7, 2025 22:54:00.706367016 CET | 49694 | 443 | 192.168.2.10 | 142.250.181.238 |
| Mar 7, 2025 22:54:00.706418037 CET | 443 | 49694 | 142.250.181.238 | 192.168.2.10 |
| Mar 7, 2025 22:54:00.706650972 CET | 49694 | 443 | 192.168.2.10 | 142.250.181.238 |
| Mar 7, 2025 22:54:00.706953049 CET | 49694 | 443 | 192.168.2.10 | 142.250.181.238 |
| Mar 7, 2025 22:54:00.706964970 CET | 443 | 49694 | 142.250.181.238 | 192.168.2.10 |
| Mar 7, 2025 22:54:09.060628891 CET | 443 | 49694 | 142.250.181.238 | 192.168.2.10 |
| Mar 7, 2025 22:54:09.060842991 CET | 49694 | 443 | 192.168.2.10 | 142.250.181.238 |
| Mar 7, 2025 22:54:09.060977936 CET | 49694 | 443 | 192.168.2.10 | 142.250.181.238 |
| Mar 7, 2025 22:54:09.061002016 CET | 443 | 49694 | 142.250.181.238 | 192.168.2.10 |
| Mar 7, 2025 22:54:09.065696001 CET | 49695 | 443 | 192.168.2.10 | 142.250.181.238 |
| Mar 7, 2025 22:54:09.065737009 CET | 443 | 49695 | 142.250.181.238 | 192.168.2.10 |
| Mar 7, 2025 22:54:09.065812111 CET | 49695 | 443 | 192.168.2.10 | 142.250.181.238 |
| Mar 7, 2025 22:54:09.066133022 CET | 49695 | 443 | 192.168.2.10 | 142.250.181.238 |
| Mar 7, 2025 22:54:09.066145897 CET | 443 | 49695 | 142.250.181.238 | 192.168.2.10 |
| Mar 7, 2025 22:54:11.194459915 CET | 443 | 49695 | 142.250.181.238 | 192.168.2.10 |
| Mar 7, 2025 22:54:11.194607019 CET | 49695 | 443 | 192.168.2.10 | 142.250.181.238 |
| Mar 7, 2025 22:54:11.195239067 CET | 443 | 49695 | 142.250.181.238 | 192.168.2.10 |
| Mar 7, 2025 22:54:11.195302963 CET | 49695 | 443 | 192.168.2.10 | 142.250.181.238 |
| Mar 7, 2025 22:54:11.256216049 CET | 49695 | 443 | 192.168.2.10 | 142.250.181.238 |
| Mar 7, 2025 22:54:11.256247997 CET | 443 | 49695 | 142.250.181.238 | 192.168.2.10 |
| Mar 7, 2025 22:54:11.256679058 CET | 443 | 49695 | 142.250.181.238 | 192.168.2.10 |
| Mar 7, 2025 22:54:11.256733894 CET | 49695 | 443 | 192.168.2.10 | 142.250.181.238 |
| Mar 7, 2025 22:54:11.260685921 CET | 49695 | 443 | 192.168.2.10 | 142.250.181.238 |
| Mar 7, 2025 22:54:11.304327011 CET | 443 | 49695 | 142.250.181.238 | 192.168.2.10 |
| Mar 7, 2025 22:54:12.042007923 CET | 443 | 49695 | 142.250.181.238 | 192.168.2.10 |
| Mar 7, 2025 22:54:12.042094946 CET | 443 | 49695 | 142.250.181.238 | 192.168.2.10 |
| Mar 7, 2025 22:54:12.042118073 CET | 49695 | 443 | 192.168.2.10 | 142.250.181.238 |
| Mar 7, 2025 22:54:12.042148113 CET | 49695 | 443 | 192.168.2.10 | 142.250.181.238 |
| Mar 7, 2025 22:54:12.044691086 CET | 49695 | 443 | 192.168.2.10 | 142.250.181.238 |
| Mar 7, 2025 22:54:12.044708014 CET | 443 | 49695 | 142.250.181.238 | 192.168.2.10 |
| Mar 7, 2025 22:54:12.067378044 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:12.067495108 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:12.067584038 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:12.067883968 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:12.067913055 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:14.041182041 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:14.041344881 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:14.046220064 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:14.046241045 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:14.046542883 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:14.046606064 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:14.047106981 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:14.092330933 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:17.312299013 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:17.312449932 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:17.584546089 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:17.584676981 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:17.591384888 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:17.591501951 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:17.598124981 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:17.598284006 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:17.598301888 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:17.598345041 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:17.605005026 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:17.605087042 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:17.605101109 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:17.605140924 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:17.611846924 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:17.611954927 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:17.611982107 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:17.612023115 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:17.618794918 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:17.618882895 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:17.618906021 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:17.618942976 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:17.625567913 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:17.625665903 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:17.625689983 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:17.625734091 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:17.671308041 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:17.671427965 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:17.678906918 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:17.679025888 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:17.679056883 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:17.679102898 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:17.688123941 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:17.688262939 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:17.688290119 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:17.688348055 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:17.691296101 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:17.691373110 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:17.691405058 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:17.691442966 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:17.715866089 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:17.716023922 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:17.766472101 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:17.766617060 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:17.766645908 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:17.766704082 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:17.824227095 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:17.824364901 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:17.824383020 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:17.824421883 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:18.095411062 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:18.095554113 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:18.096199036 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:18.096252918 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:18.096266985 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:18.096314907 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:18.100208044 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:18.100274086 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:18.100281000 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:18.100317001 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:18.104181051 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:18.104242086 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:18.104278088 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:18.104312897 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:18.108242035 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:18.108319998 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:18.108325005 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:18.108366013 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:18.112277985 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:18.112354040 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:18.112364054 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:18.112402916 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:18.116202116 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:18.116262913 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:18.116269112 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:18.116302013 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:18.120208025 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:18.120280981 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:18.120286942 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:18.120332003 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:18.120336056 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:18.120372057 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:18.124238968 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:18.124293089 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:18.124296904 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:18.124330997 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:18.147898912 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:18.148025036 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:18.148032904 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:18.148085117 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:18.185466051 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:18.185596943 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:18.229582071 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:18.229818106 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:18.229837894 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:18.229887962 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:18.248049974 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:18.248142958 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:18.248156071 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:18.248193026 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:18.275314093 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:18.275433064 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:18.319446087 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:18.319538116 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:18.322891951 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:18.322953939 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:18.322983027 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:18.323029041 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:18.365451097 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:18.365562916 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:18.385844946 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:18.385937929 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:18.385951042 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:18.385991096 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:18.412965059 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:18.413070917 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:18.434345961 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:18.434451103 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:18.434470892 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:18.434519053 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:18.467842102 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:18.467950106 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:18.467977047 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:18.468059063 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:18.501980066 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:18.502167940 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:18.502196074 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:18.502284050 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:18.524542093 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:18.524678946 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:18.539093018 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:18.539235115 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:18.539258957 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:18.539300919 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:18.567168951 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:18.567270994 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:18.567306042 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:18.567348957 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:18.591964960 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:18.592164040 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:18.614419937 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:18.614525080 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:18.742741108 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:18.742891073 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:18.742917061 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:18.742981911 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:18.744469881 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:18.744517088 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:18.744534969 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:18.744569063 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:18.758861065 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:18.758923054 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:18.758955002 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:18.759020090 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:18.759043932 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:18.759067059 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:18.759079933 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:18.760656118 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:18.760713100 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:18.760720968 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:18.760755062 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:18.801651001 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:18.801819086 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:18.801851034 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:18.801918983 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:18.832545042 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:18.832717896 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:18.842580080 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:18.842641115 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:18.879998922 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:18.880103111 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:18.880124092 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:18.880141973 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:18.880152941 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:18.880187035 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:18.907356024 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:18.907497883 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:18.907530069 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:18.907568932 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:18.936851978 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:18.936986923 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:18.937020063 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:18.937058926 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:18.963686943 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:18.963788986 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:18.963815928 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:18.963851929 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:18.997263908 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:18.997349024 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:19.027190924 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:19.027349949 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:19.064033031 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:19.064234018 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:19.064383030 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:19.064383030 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:19.064412117 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:19.064460039 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:19.087455034 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:19.087644100 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:19.098325014 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:19.098505020 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:19.098516941 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:19.098565102 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:19.117084980 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:19.117355108 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:19.128797054 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:19.128997087 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:19.129015923 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:19.129072905 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:19.158478022 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:19.158680916 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:19.158699989 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:19.158754110 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:19.255466938 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:19.255590916 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:19.257313013 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:19.257371902 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:19.257386923 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:19.257445097 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:19.353948116 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:19.354065895 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:19.356746912 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:19.356797934 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:19.356798887 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:19.356806993 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:19.356842995 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:19.356892109 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:19.356950998 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:19.356991053 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:19.453012943 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:19.453114986 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:19.453134060 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:19.453170061 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:19.454819918 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:19.454864979 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:19.458853960 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:19.458904982 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:19.458925009 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:19.458935976 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:19.458956003 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:19.458997965 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:19.462831020 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:19.462894917 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:19.462901115 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:19.462934971 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:19.466835976 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:19.466880083 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:19.466938972 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:19.467053890 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:19.470912933 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:19.470995903 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:19.471029043 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:19.471084118 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:19.492578030 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:19.492643118 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:19.492661953 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:19.492702961 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:19.492708921 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:19.492748022 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:19.515019894 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:19.515150070 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:19.515182018 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:19.515232086 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:19.543108940 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:19.543235064 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:19.586575985 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:19.586702108 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:19.586730003 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:19.586781025 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:19.602595091 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:19.602718115 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:19.602736950 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:19.602799892 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:19.635257006 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:19.635381937 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:19.654726982 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:19.654844999 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:19.654860020 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:19.654923916 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:19.687063932 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:19.687186956 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:19.687202930 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:19.687244892 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:19.708456993 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:19.708539009 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:19.733352900 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:19.733448982 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:19.733469963 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:19.733511925 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:19.762968063 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:19.763022900 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:19.777293921 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:19.777465105 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:19.777487993 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:19.777555943 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:19.806097031 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:19.806271076 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:19.806281090 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:19.806365013 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:19.842653036 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:19.842752934 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:19.842768908 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:19.842818975 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:19.867746115 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:19.867830038 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:19.908482075 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:19.908606052 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:19.911926031 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:19.911998987 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:19.912014008 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:19.912076950 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:19.926314116 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:19.926377058 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:19.926383972 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:19.926419973 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:19.954452038 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:19.954518080 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:19.954531908 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:19.954571009 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:19.983697891 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:19.983761072 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:19.983768940 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:19.983804941 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:20.001935005 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:20.002016068 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:20.026304007 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:20.026386976 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:20.026395082 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:20.026429892 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:20.044215918 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:20.044271946 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:20.074088097 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:20.074213028 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:20.074235916 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:20.074285984 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:20.091873884 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:20.091924906 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:20.184070110 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:20.184273958 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:20.184328079 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:20.184421062 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:20.185945988 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:20.185998917 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:20.186016083 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:20.186067104 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:20.190131903 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:20.190207958 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:20.190249920 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:20.190294027 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:20.195559025 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:20.195628881 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:20.195655107 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:20.195703983 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:20.195710897 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:20.195750952 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:20.195816994 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:20.195879936 CET | 443 | 49696 | 172.217.18.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:20.195933104 CET | 49696 | 443 | 192.168.2.10 | 172.217.18.1 |
| Mar 7, 2025 22:54:20.672236919 CET | 49697 | 80 | 192.168.2.10 | 132.226.247.73 |
| Mar 7, 2025 22:54:20.677530050 CET | 80 | 49697 | 132.226.247.73 | 192.168.2.10 |
| Mar 7, 2025 22:54:20.677598953 CET | 49697 | 80 | 192.168.2.10 | 132.226.247.73 |
| Mar 7, 2025 22:54:20.677784920 CET | 49697 | 80 | 192.168.2.10 | 132.226.247.73 |
| Mar 7, 2025 22:54:20.682749987 CET | 80 | 49697 | 132.226.247.73 | 192.168.2.10 |
| Mar 7, 2025 22:54:21.369240999 CET | 80 | 49697 | 132.226.247.73 | 192.168.2.10 |
| Mar 7, 2025 22:54:21.374114037 CET | 49697 | 80 | 192.168.2.10 | 132.226.247.73 |
| Mar 7, 2025 22:54:21.379199028 CET | 80 | 49697 | 132.226.247.73 | 192.168.2.10 |
| Mar 7, 2025 22:54:21.583997011 CET | 80 | 49697 | 132.226.247.73 | 192.168.2.10 |
| Mar 7, 2025 22:54:21.637546062 CET | 49697 | 80 | 192.168.2.10 | 132.226.247.73 |
| Mar 7, 2025 22:54:21.859920979 CET | 49698 | 443 | 192.168.2.10 | 104.21.64.1 |
| Mar 7, 2025 22:54:21.859966040 CET | 443 | 49698 | 104.21.64.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:21.860022068 CET | 49698 | 443 | 192.168.2.10 | 104.21.64.1 |
| Mar 7, 2025 22:54:21.881583929 CET | 49698 | 443 | 192.168.2.10 | 104.21.64.1 |
| Mar 7, 2025 22:54:21.881597042 CET | 443 | 49698 | 104.21.64.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:23.770668983 CET | 443 | 49698 | 104.21.64.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:23.770782948 CET | 49698 | 443 | 192.168.2.10 | 104.21.64.1 |
| Mar 7, 2025 22:54:23.772489071 CET | 49698 | 443 | 192.168.2.10 | 104.21.64.1 |
| Mar 7, 2025 22:54:23.772502899 CET | 443 | 49698 | 104.21.64.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:23.772788048 CET | 443 | 49698 | 104.21.64.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:23.776449919 CET | 49698 | 443 | 192.168.2.10 | 104.21.64.1 |
| Mar 7, 2025 22:54:23.824326038 CET | 443 | 49698 | 104.21.64.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:24.332504988 CET | 443 | 49698 | 104.21.64.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:24.382989883 CET | 443 | 49698 | 104.21.64.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:24.383069038 CET | 49698 | 443 | 192.168.2.10 | 104.21.64.1 |
| Mar 7, 2025 22:54:24.386970997 CET | 49698 | 443 | 192.168.2.10 | 104.21.64.1 |
| Mar 7, 2025 22:54:24.392674923 CET | 49697 | 80 | 192.168.2.10 | 132.226.247.73 |
| Mar 7, 2025 22:54:24.397770882 CET | 80 | 49697 | 132.226.247.73 | 192.168.2.10 |
| Mar 7, 2025 22:54:24.602843046 CET | 80 | 49697 | 132.226.247.73 | 192.168.2.10 |
| Mar 7, 2025 22:54:24.606462002 CET | 49699 | 443 | 192.168.2.10 | 104.21.64.1 |
| Mar 7, 2025 22:54:24.606513023 CET | 443 | 49699 | 104.21.64.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:24.606596947 CET | 49699 | 443 | 192.168.2.10 | 104.21.64.1 |
| Mar 7, 2025 22:54:24.607228041 CET | 49699 | 443 | 192.168.2.10 | 104.21.64.1 |
| Mar 7, 2025 22:54:24.607239962 CET | 443 | 49699 | 104.21.64.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:24.653291941 CET | 49697 | 80 | 192.168.2.10 | 132.226.247.73 |
| Mar 7, 2025 22:54:26.465425968 CET | 443 | 49699 | 104.21.64.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:26.469429970 CET | 49699 | 443 | 192.168.2.10 | 104.21.64.1 |
| Mar 7, 2025 22:54:26.469455004 CET | 443 | 49699 | 104.21.64.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:27.067569017 CET | 443 | 49699 | 104.21.64.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:27.067662954 CET | 443 | 49699 | 104.21.64.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:27.067773104 CET | 49699 | 443 | 192.168.2.10 | 104.21.64.1 |
| Mar 7, 2025 22:54:27.068247080 CET | 49699 | 443 | 192.168.2.10 | 104.21.64.1 |
| Mar 7, 2025 22:54:27.071423054 CET | 49697 | 80 | 192.168.2.10 | 132.226.247.73 |
| Mar 7, 2025 22:54:27.072626114 CET | 49700 | 80 | 192.168.2.10 | 132.226.247.73 |
| Mar 7, 2025 22:54:27.076714993 CET | 80 | 49697 | 132.226.247.73 | 192.168.2.10 |
| Mar 7, 2025 22:54:27.076806068 CET | 49697 | 80 | 192.168.2.10 | 132.226.247.73 |
| Mar 7, 2025 22:54:27.077725887 CET | 80 | 49700 | 132.226.247.73 | 192.168.2.10 |
| Mar 7, 2025 22:54:27.077815056 CET | 49700 | 80 | 192.168.2.10 | 132.226.247.73 |
| Mar 7, 2025 22:54:27.077951908 CET | 49700 | 80 | 192.168.2.10 | 132.226.247.73 |
| Mar 7, 2025 22:54:27.082971096 CET | 80 | 49700 | 132.226.247.73 | 192.168.2.10 |
| Mar 7, 2025 22:54:27.777817965 CET | 80 | 49700 | 132.226.247.73 | 192.168.2.10 |
| Mar 7, 2025 22:54:27.779387951 CET | 49701 | 443 | 192.168.2.10 | 104.21.64.1 |
| Mar 7, 2025 22:54:27.779479980 CET | 443 | 49701 | 104.21.64.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:27.779606104 CET | 49701 | 443 | 192.168.2.10 | 104.21.64.1 |
| Mar 7, 2025 22:54:27.779849052 CET | 49701 | 443 | 192.168.2.10 | 104.21.64.1 |
| Mar 7, 2025 22:54:27.779889107 CET | 443 | 49701 | 104.21.64.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:27.825064898 CET | 49700 | 80 | 192.168.2.10 | 132.226.247.73 |
| Mar 7, 2025 22:54:29.650729895 CET | 443 | 49701 | 104.21.64.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:29.652771950 CET | 49701 | 443 | 192.168.2.10 | 104.21.64.1 |
| Mar 7, 2025 22:54:29.652798891 CET | 443 | 49701 | 104.21.64.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:30.249350071 CET | 443 | 49701 | 104.21.64.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:30.249443054 CET | 443 | 49701 | 104.21.64.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:30.249520063 CET | 49701 | 443 | 192.168.2.10 | 104.21.64.1 |
| Mar 7, 2025 22:54:30.249933958 CET | 49701 | 443 | 192.168.2.10 | 104.21.64.1 |
| Mar 7, 2025 22:54:30.254043102 CET | 49702 | 80 | 192.168.2.10 | 132.226.247.73 |
| Mar 7, 2025 22:54:30.259459019 CET | 80 | 49702 | 132.226.247.73 | 192.168.2.10 |
| Mar 7, 2025 22:54:30.259550095 CET | 49702 | 80 | 192.168.2.10 | 132.226.247.73 |
| Mar 7, 2025 22:54:30.259624004 CET | 49702 | 80 | 192.168.2.10 | 132.226.247.73 |
| Mar 7, 2025 22:54:30.264889002 CET | 80 | 49702 | 132.226.247.73 | 192.168.2.10 |
| Mar 7, 2025 22:54:30.947696924 CET | 80 | 49702 | 132.226.247.73 | 192.168.2.10 |
| Mar 7, 2025 22:54:30.953804016 CET | 49703 | 443 | 192.168.2.10 | 104.21.64.1 |
| Mar 7, 2025 22:54:30.953875065 CET | 443 | 49703 | 104.21.64.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:30.953944921 CET | 49703 | 443 | 192.168.2.10 | 104.21.64.1 |
| Mar 7, 2025 22:54:30.954315901 CET | 49703 | 443 | 192.168.2.10 | 104.21.64.1 |
| Mar 7, 2025 22:54:30.954330921 CET | 443 | 49703 | 104.21.64.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:30.997028112 CET | 49702 | 80 | 192.168.2.10 | 132.226.247.73 |
| Mar 7, 2025 22:54:32.897413969 CET | 443 | 49703 | 104.21.64.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:32.899152040 CET | 49703 | 443 | 192.168.2.10 | 104.21.64.1 |
| Mar 7, 2025 22:54:32.899190903 CET | 443 | 49703 | 104.21.64.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:33.554511070 CET | 443 | 49703 | 104.21.64.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:33.554606915 CET | 443 | 49703 | 104.21.64.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:33.554702044 CET | 49703 | 443 | 192.168.2.10 | 104.21.64.1 |
| Mar 7, 2025 22:54:33.555175066 CET | 49703 | 443 | 192.168.2.10 | 104.21.64.1 |
| Mar 7, 2025 22:54:33.559294939 CET | 49702 | 80 | 192.168.2.10 | 132.226.247.73 |
| Mar 7, 2025 22:54:33.560136080 CET | 49704 | 80 | 192.168.2.10 | 132.226.247.73 |
| Mar 7, 2025 22:54:33.564547062 CET | 80 | 49702 | 132.226.247.73 | 192.168.2.10 |
| Mar 7, 2025 22:54:33.564635992 CET | 49702 | 80 | 192.168.2.10 | 132.226.247.73 |
| Mar 7, 2025 22:54:33.565217018 CET | 80 | 49704 | 132.226.247.73 | 192.168.2.10 |
| Mar 7, 2025 22:54:33.565283060 CET | 49704 | 80 | 192.168.2.10 | 132.226.247.73 |
| Mar 7, 2025 22:54:33.565422058 CET | 49704 | 80 | 192.168.2.10 | 132.226.247.73 |
| Mar 7, 2025 22:54:33.570406914 CET | 80 | 49704 | 132.226.247.73 | 192.168.2.10 |
| Mar 7, 2025 22:54:34.259581089 CET | 80 | 49704 | 132.226.247.73 | 192.168.2.10 |
| Mar 7, 2025 22:54:34.261171103 CET | 49705 | 443 | 192.168.2.10 | 104.21.64.1 |
| Mar 7, 2025 22:54:34.261214018 CET | 443 | 49705 | 104.21.64.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:34.261277914 CET | 49705 | 443 | 192.168.2.10 | 104.21.64.1 |
| Mar 7, 2025 22:54:34.261569977 CET | 49705 | 443 | 192.168.2.10 | 104.21.64.1 |
| Mar 7, 2025 22:54:34.261581898 CET | 443 | 49705 | 104.21.64.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:34.309515953 CET | 49704 | 80 | 192.168.2.10 | 132.226.247.73 |
| Mar 7, 2025 22:54:36.252573013 CET | 443 | 49705 | 104.21.64.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:36.254424095 CET | 49705 | 443 | 192.168.2.10 | 104.21.64.1 |
| Mar 7, 2025 22:54:36.254456043 CET | 443 | 49705 | 104.21.64.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:36.973092079 CET | 443 | 49705 | 104.21.64.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:36.973165989 CET | 443 | 49705 | 104.21.64.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:36.973234892 CET | 49705 | 443 | 192.168.2.10 | 104.21.64.1 |
| Mar 7, 2025 22:54:36.974375010 CET | 49705 | 443 | 192.168.2.10 | 104.21.64.1 |
| Mar 7, 2025 22:54:36.982424021 CET | 49704 | 80 | 192.168.2.10 | 132.226.247.73 |
| Mar 7, 2025 22:54:36.983020067 CET | 49706 | 80 | 192.168.2.10 | 132.226.247.73 |
| Mar 7, 2025 22:54:36.987543106 CET | 80 | 49704 | 132.226.247.73 | 192.168.2.10 |
| Mar 7, 2025 22:54:36.987612009 CET | 49704 | 80 | 192.168.2.10 | 132.226.247.73 |
| Mar 7, 2025 22:54:36.988008022 CET | 80 | 49706 | 132.226.247.73 | 192.168.2.10 |
| Mar 7, 2025 22:54:36.988075018 CET | 49706 | 80 | 192.168.2.10 | 132.226.247.73 |
| Mar 7, 2025 22:54:36.988189936 CET | 49706 | 80 | 192.168.2.10 | 132.226.247.73 |
| Mar 7, 2025 22:54:36.993150949 CET | 80 | 49706 | 132.226.247.73 | 192.168.2.10 |
| Mar 7, 2025 22:54:37.669050932 CET | 80 | 49706 | 132.226.247.73 | 192.168.2.10 |
| Mar 7, 2025 22:54:37.671411991 CET | 49707 | 443 | 192.168.2.10 | 104.21.64.1 |
| Mar 7, 2025 22:54:37.671458006 CET | 443 | 49707 | 104.21.64.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:37.671572924 CET | 49707 | 443 | 192.168.2.10 | 104.21.64.1 |
| Mar 7, 2025 22:54:37.672185898 CET | 49707 | 443 | 192.168.2.10 | 104.21.64.1 |
| Mar 7, 2025 22:54:37.672199011 CET | 443 | 49707 | 104.21.64.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:37.715766907 CET | 49706 | 80 | 192.168.2.10 | 132.226.247.73 |
| Mar 7, 2025 22:54:39.529395103 CET | 443 | 49707 | 104.21.64.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:39.530889034 CET | 49707 | 443 | 192.168.2.10 | 104.21.64.1 |
| Mar 7, 2025 22:54:39.530919075 CET | 443 | 49707 | 104.21.64.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:40.167968035 CET | 443 | 49707 | 104.21.64.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:40.168035030 CET | 443 | 49707 | 104.21.64.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:40.168117046 CET | 49707 | 443 | 192.168.2.10 | 104.21.64.1 |
| Mar 7, 2025 22:54:40.176614046 CET | 49707 | 443 | 192.168.2.10 | 104.21.64.1 |
| Mar 7, 2025 22:54:40.262216091 CET | 49706 | 80 | 192.168.2.10 | 132.226.247.73 |
| Mar 7, 2025 22:54:40.265305996 CET | 49708 | 80 | 192.168.2.10 | 132.226.247.73 |
| Mar 7, 2025 22:54:40.267468929 CET | 80 | 49706 | 132.226.247.73 | 192.168.2.10 |
| Mar 7, 2025 22:54:40.267519951 CET | 49706 | 80 | 192.168.2.10 | 132.226.247.73 |
| Mar 7, 2025 22:54:40.270337105 CET | 80 | 49708 | 132.226.247.73 | 192.168.2.10 |
| Mar 7, 2025 22:54:40.270401955 CET | 49708 | 80 | 192.168.2.10 | 132.226.247.73 |
| Mar 7, 2025 22:54:40.270659924 CET | 49708 | 80 | 192.168.2.10 | 132.226.247.73 |
| Mar 7, 2025 22:54:40.275610924 CET | 80 | 49708 | 132.226.247.73 | 192.168.2.10 |
| Mar 7, 2025 22:54:40.962618113 CET | 80 | 49708 | 132.226.247.73 | 192.168.2.10 |
| Mar 7, 2025 22:54:40.964237928 CET | 49709 | 443 | 192.168.2.10 | 104.21.64.1 |
| Mar 7, 2025 22:54:40.964287996 CET | 443 | 49709 | 104.21.64.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:40.964366913 CET | 49709 | 443 | 192.168.2.10 | 104.21.64.1 |
| Mar 7, 2025 22:54:40.964662075 CET | 49709 | 443 | 192.168.2.10 | 104.21.64.1 |
| Mar 7, 2025 22:54:40.964677095 CET | 443 | 49709 | 104.21.64.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:41.012774944 CET | 49708 | 80 | 192.168.2.10 | 132.226.247.73 |
| Mar 7, 2025 22:54:42.857080936 CET | 443 | 49709 | 104.21.64.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:42.866734982 CET | 49709 | 443 | 192.168.2.10 | 104.21.64.1 |
| Mar 7, 2025 22:54:42.866766930 CET | 443 | 49709 | 104.21.64.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:43.494920969 CET | 443 | 49709 | 104.21.64.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:43.494995117 CET | 443 | 49709 | 104.21.64.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:43.495042086 CET | 49709 | 443 | 192.168.2.10 | 104.21.64.1 |
| Mar 7, 2025 22:54:43.496087074 CET | 49709 | 443 | 192.168.2.10 | 104.21.64.1 |
| Mar 7, 2025 22:54:43.501082897 CET | 49708 | 80 | 192.168.2.10 | 132.226.247.73 |
| Mar 7, 2025 22:54:43.502397060 CET | 49710 | 80 | 192.168.2.10 | 132.226.247.73 |
| Mar 7, 2025 22:54:43.506222010 CET | 80 | 49708 | 132.226.247.73 | 192.168.2.10 |
| Mar 7, 2025 22:54:43.506275892 CET | 49708 | 80 | 192.168.2.10 | 132.226.247.73 |
| Mar 7, 2025 22:54:43.507399082 CET | 80 | 49710 | 132.226.247.73 | 192.168.2.10 |
| Mar 7, 2025 22:54:43.507471085 CET | 49710 | 80 | 192.168.2.10 | 132.226.247.73 |
| Mar 7, 2025 22:54:43.507565022 CET | 49710 | 80 | 192.168.2.10 | 132.226.247.73 |
| Mar 7, 2025 22:54:43.512525082 CET | 80 | 49710 | 132.226.247.73 | 192.168.2.10 |
| Mar 7, 2025 22:54:44.207166910 CET | 80 | 49710 | 132.226.247.73 | 192.168.2.10 |
| Mar 7, 2025 22:54:44.210269928 CET | 49711 | 443 | 192.168.2.10 | 104.21.64.1 |
| Mar 7, 2025 22:54:44.210320950 CET | 443 | 49711 | 104.21.64.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:44.210378885 CET | 49711 | 443 | 192.168.2.10 | 104.21.64.1 |
| Mar 7, 2025 22:54:44.210659027 CET | 49711 | 443 | 192.168.2.10 | 104.21.64.1 |
| Mar 7, 2025 22:54:44.210673094 CET | 443 | 49711 | 104.21.64.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:44.262639999 CET | 49710 | 80 | 192.168.2.10 | 132.226.247.73 |
| Mar 7, 2025 22:54:46.073446035 CET | 443 | 49711 | 104.21.64.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:46.122062922 CET | 49711 | 443 | 192.168.2.10 | 104.21.64.1 |
| Mar 7, 2025 22:54:46.141117096 CET | 49711 | 443 | 192.168.2.10 | 104.21.64.1 |
| Mar 7, 2025 22:54:46.141145945 CET | 443 | 49711 | 104.21.64.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:46.684082031 CET | 443 | 49711 | 104.21.64.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:46.684263945 CET | 443 | 49711 | 104.21.64.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:46.684334993 CET | 49711 | 443 | 192.168.2.10 | 104.21.64.1 |
| Mar 7, 2025 22:54:46.684952021 CET | 49711 | 443 | 192.168.2.10 | 104.21.64.1 |
| Mar 7, 2025 22:54:46.688313007 CET | 49710 | 80 | 192.168.2.10 | 132.226.247.73 |
| Mar 7, 2025 22:54:46.689415932 CET | 49712 | 80 | 192.168.2.10 | 132.226.247.73 |
| Mar 7, 2025 22:54:46.693619967 CET | 80 | 49710 | 132.226.247.73 | 192.168.2.10 |
| Mar 7, 2025 22:54:46.693681955 CET | 49710 | 80 | 192.168.2.10 | 132.226.247.73 |
| Mar 7, 2025 22:54:46.694586039 CET | 80 | 49712 | 132.226.247.73 | 192.168.2.10 |
| Mar 7, 2025 22:54:46.694664001 CET | 49712 | 80 | 192.168.2.10 | 132.226.247.73 |
| Mar 7, 2025 22:54:46.694801092 CET | 49712 | 80 | 192.168.2.10 | 132.226.247.73 |
| Mar 7, 2025 22:54:46.699882984 CET | 80 | 49712 | 132.226.247.73 | 192.168.2.10 |
| Mar 7, 2025 22:54:47.387867928 CET | 80 | 49712 | 132.226.247.73 | 192.168.2.10 |
| Mar 7, 2025 22:54:47.389518976 CET | 49713 | 443 | 192.168.2.10 | 104.21.64.1 |
| Mar 7, 2025 22:54:47.389569998 CET | 443 | 49713 | 104.21.64.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:47.389659882 CET | 49713 | 443 | 192.168.2.10 | 104.21.64.1 |
| Mar 7, 2025 22:54:47.389905930 CET | 49713 | 443 | 192.168.2.10 | 104.21.64.1 |
| Mar 7, 2025 22:54:47.389918089 CET | 443 | 49713 | 104.21.64.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:47.434642076 CET | 49712 | 80 | 192.168.2.10 | 132.226.247.73 |
| Mar 7, 2025 22:54:49.302115917 CET | 443 | 49713 | 104.21.64.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:49.304023981 CET | 49713 | 443 | 192.168.2.10 | 104.21.64.1 |
| Mar 7, 2025 22:54:49.304049969 CET | 443 | 49713 | 104.21.64.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:49.880583048 CET | 443 | 49713 | 104.21.64.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:49.880662918 CET | 443 | 49713 | 104.21.64.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:49.880769968 CET | 49713 | 443 | 192.168.2.10 | 104.21.64.1 |
| Mar 7, 2025 22:54:49.884264946 CET | 49713 | 443 | 192.168.2.10 | 104.21.64.1 |
| Mar 7, 2025 22:54:49.921574116 CET | 49712 | 80 | 192.168.2.10 | 132.226.247.73 |
| Mar 7, 2025 22:54:49.928518057 CET | 80 | 49712 | 132.226.247.73 | 192.168.2.10 |
| Mar 7, 2025 22:54:49.928630114 CET | 49712 | 80 | 192.168.2.10 | 132.226.247.73 |
| Mar 7, 2025 22:54:49.932053089 CET | 49714 | 443 | 192.168.2.10 | 149.154.167.220 |
| Mar 7, 2025 22:54:49.932109118 CET | 443 | 49714 | 149.154.167.220 | 192.168.2.10 |
| Mar 7, 2025 22:54:49.932178020 CET | 49714 | 443 | 192.168.2.10 | 149.154.167.220 |
| Mar 7, 2025 22:54:49.932789087 CET | 49714 | 443 | 192.168.2.10 | 149.154.167.220 |
| Mar 7, 2025 22:54:49.932805061 CET | 443 | 49714 | 149.154.167.220 | 192.168.2.10 |
| Mar 7, 2025 22:54:51.927416086 CET | 443 | 49714 | 149.154.167.220 | 192.168.2.10 |
| Mar 7, 2025 22:54:51.927608013 CET | 49714 | 443 | 192.168.2.10 | 149.154.167.220 |
| Mar 7, 2025 22:54:51.929534912 CET | 49714 | 443 | 192.168.2.10 | 149.154.167.220 |
| Mar 7, 2025 22:54:51.929554939 CET | 443 | 49714 | 149.154.167.220 | 192.168.2.10 |
| Mar 7, 2025 22:54:51.929842949 CET | 443 | 49714 | 149.154.167.220 | 192.168.2.10 |
| Mar 7, 2025 22:54:51.931174994 CET | 49714 | 443 | 192.168.2.10 | 149.154.167.220 |
| Mar 7, 2025 22:54:51.976327896 CET | 443 | 49714 | 149.154.167.220 | 192.168.2.10 |
| Mar 7, 2025 22:54:52.636588097 CET | 443 | 49714 | 149.154.167.220 | 192.168.2.10 |
| Mar 7, 2025 22:54:52.636760950 CET | 443 | 49714 | 149.154.167.220 | 192.168.2.10 |
| Mar 7, 2025 22:54:52.636821985 CET | 49714 | 443 | 192.168.2.10 | 149.154.167.220 |
| Mar 7, 2025 22:54:52.662000895 CET | 49714 | 443 | 192.168.2.10 | 149.154.167.220 |
| Mar 7, 2025 22:54:53.204184055 CET | 49700 | 80 | 192.168.2.10 | 132.226.247.73 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Mar 7, 2025 22:53:27.585444927 CET | 64780 | 53 | 192.168.2.10 | 1.1.1.1 |
| Mar 7, 2025 22:53:27.592674971 CET | 53 | 64780 | 1.1.1.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:12.058690071 CET | 65419 | 53 | 192.168.2.10 | 1.1.1.1 |
| Mar 7, 2025 22:54:12.066545010 CET | 53 | 65419 | 1.1.1.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:20.660521030 CET | 51423 | 53 | 192.168.2.10 | 1.1.1.1 |
| Mar 7, 2025 22:54:20.668327093 CET | 53 | 51423 | 1.1.1.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:21.851159096 CET | 50033 | 53 | 192.168.2.10 | 1.1.1.1 |
| Mar 7, 2025 22:54:21.859347105 CET | 53 | 50033 | 1.1.1.1 | 192.168.2.10 |
| Mar 7, 2025 22:54:49.922245979 CET | 59225 | 53 | 192.168.2.10 | 1.1.1.1 |
| Mar 7, 2025 22:54:49.931148052 CET | 53 | 59225 | 1.1.1.1 | 192.168.2.10 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Mar 7, 2025 22:53:27.585444927 CET | 192.168.2.10 | 1.1.1.1 | 0xef46 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Mar 7, 2025 22:54:12.058690071 CET | 192.168.2.10 | 1.1.1.1 | 0xd686 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Mar 7, 2025 22:54:20.660521030 CET | 192.168.2.10 | 1.1.1.1 | 0x2d14 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Mar 7, 2025 22:54:21.851159096 CET | 192.168.2.10 | 1.1.1.1 | 0x832e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Mar 7, 2025 22:54:49.922245979 CET | 192.168.2.10 | 1.1.1.1 | 0xb68c | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Mar 7, 2025 22:53:27.592674971 CET | 1.1.1.1 | 192.168.2.10 | 0xef46 | No error (0) | 142.250.181.238 | A (IP address) | IN (0x0001) | false | ||
| Mar 7, 2025 22:54:12.066545010 CET | 1.1.1.1 | 192.168.2.10 | 0xd686 | No error (0) | 172.217.18.1 | A (IP address) | IN (0x0001) | false | ||
| Mar 7, 2025 22:54:20.668327093 CET | 1.1.1.1 | 192.168.2.10 | 0x2d14 | No error (0) | checkip.dyndns.com | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 7, 2025 22:54:20.668327093 CET | 1.1.1.1 | 192.168.2.10 | 0x2d14 | No error (0) | 132.226.247.73 | A (IP address) | IN (0x0001) | false | ||
| Mar 7, 2025 22:54:20.668327093 CET | 1.1.1.1 | 192.168.2.10 | 0x2d14 | No error (0) | 193.122.6.168 | A (IP address) | IN (0x0001) | false | ||
| Mar 7, 2025 22:54:20.668327093 CET | 1.1.1.1 | 192.168.2.10 | 0x2d14 | No error (0) | 132.226.8.169 | A (IP address) | IN (0x0001) | false | ||
| Mar 7, 2025 22:54:20.668327093 CET | 1.1.1.1 | 192.168.2.10 | 0x2d14 | No error (0) | 193.122.130.0 | A (IP address) | IN (0x0001) | false | ||
| Mar 7, 2025 22:54:20.668327093 CET | 1.1.1.1 | 192.168.2.10 | 0x2d14 | No error (0) | 158.101.44.242 | A (IP address) | IN (0x0001) | false | ||
| Mar 7, 2025 22:54:21.859347105 CET | 1.1.1.1 | 192.168.2.10 | 0x832e | No error (0) | 104.21.64.1 | A (IP address) | IN (0x0001) | false | ||
| Mar 7, 2025 22:54:21.859347105 CET | 1.1.1.1 | 192.168.2.10 | 0x832e | No error (0) | 104.21.112.1 | A (IP address) | IN (0x0001) | false | ||
| Mar 7, 2025 22:54:21.859347105 CET | 1.1.1.1 | 192.168.2.10 | 0x832e | No error (0) | 104.21.32.1 | A (IP address) | IN (0x0001) | false | ||
| Mar 7, 2025 22:54:21.859347105 CET | 1.1.1.1 | 192.168.2.10 | 0x832e | No error (0) | 104.21.16.1 | A (IP address) | IN (0x0001) | false | ||
| Mar 7, 2025 22:54:21.859347105 CET | 1.1.1.1 | 192.168.2.10 | 0x832e | No error (0) | 104.21.96.1 | A (IP address) | IN (0x0001) | false | ||
| Mar 7, 2025 22:54:21.859347105 CET | 1.1.1.1 | 192.168.2.10 | 0x832e | No error (0) | 104.21.80.1 | A (IP address) | IN (0x0001) | false | ||
| Mar 7, 2025 22:54:21.859347105 CET | 1.1.1.1 | 192.168.2.10 | 0x832e | No error (0) | 104.21.48.1 | A (IP address) | IN (0x0001) | false | ||
| Mar 7, 2025 22:54:49.931148052 CET | 1.1.1.1 | 192.168.2.10 | 0xb68c | No error (0) | 149.154.167.220 | A (IP address) | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.10 | 49697 | 132.226.247.73 | 80 | 2072 | C:\Users\user\Desktop\GuuQOl5kJR.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Mar 7, 2025 22:54:20.677784920 CET | 151 | OUT | |
| Mar 7, 2025 22:54:21.369240999 CET | 273 | IN | |
| Mar 7, 2025 22:54:21.374114037 CET | 127 | OUT | |
| Mar 7, 2025 22:54:21.583997011 CET | 273 | IN | |
| Mar 7, 2025 22:54:24.392674923 CET | 127 | OUT | |
| Mar 7, 2025 22:54:24.602843046 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.10 | 49700 | 132.226.247.73 | 80 | 2072 | C:\Users\user\Desktop\GuuQOl5kJR.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Mar 7, 2025 22:54:27.077951908 CET | 127 | OUT | |
| Mar 7, 2025 22:54:27.777817965 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 2 | 192.168.2.10 | 49702 | 132.226.247.73 | 80 | 2072 | C:\Users\user\Desktop\GuuQOl5kJR.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Mar 7, 2025 22:54:30.259624004 CET | 151 | OUT | |
| Mar 7, 2025 22:54:30.947696924 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 3 | 192.168.2.10 | 49704 | 132.226.247.73 | 80 | 2072 | C:\Users\user\Desktop\GuuQOl5kJR.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Mar 7, 2025 22:54:33.565422058 CET | 151 | OUT | |
| Mar 7, 2025 22:54:34.259581089 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 4 | 192.168.2.10 | 49706 | 132.226.247.73 | 80 | 2072 | C:\Users\user\Desktop\GuuQOl5kJR.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Mar 7, 2025 22:54:36.988189936 CET | 151 | OUT | |
| Mar 7, 2025 22:54:37.669050932 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 5 | 192.168.2.10 | 49708 | 132.226.247.73 | 80 | 2072 | C:\Users\user\Desktop\GuuQOl5kJR.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Mar 7, 2025 22:54:40.270659924 CET | 151 | OUT | |
| Mar 7, 2025 22:54:40.962618113 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 6 | 192.168.2.10 | 49710 | 132.226.247.73 | 80 | 2072 | C:\Users\user\Desktop\GuuQOl5kJR.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Mar 7, 2025 22:54:43.507565022 CET | 151 | OUT | |
| Mar 7, 2025 22:54:44.207166910 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 7 | 192.168.2.10 | 49712 | 132.226.247.73 | 80 | 2072 | C:\Users\user\Desktop\GuuQOl5kJR.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Mar 7, 2025 22:54:46.694801092 CET | 151 | OUT | |
| Mar 7, 2025 22:54:47.387867928 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.10 | 49695 | 142.250.181.238 | 443 | 2072 | C:\Users\user\Desktop\GuuQOl5kJR.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-07 21:54:11 UTC | 216 | OUT | |
| 2025-03-07 21:54:12 UTC | 1610 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.10 | 49696 | 172.217.18.1 | 443 | 2072 | C:\Users\user\Desktop\GuuQOl5kJR.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-07 21:54:14 UTC | 258 | OUT | |
| 2025-03-07 21:54:17 UTC | 5009 | IN | |
| 2025-03-07 21:54:17 UTC | 5009 | IN | |
| 2025-03-07 21:54:17 UTC | 4678 | IN | |
| 2025-03-07 21:54:17 UTC | 1378 | IN | |
| 2025-03-07 21:54:17 UTC | 1378 | IN | |
| 2025-03-07 21:54:17 UTC | 1378 | IN | |
| 2025-03-07 21:54:17 UTC | 1378 | IN | |
| 2025-03-07 21:54:17 UTC | 1378 | IN | |
| 2025-03-07 21:54:17 UTC | 1378 | IN | |
| 2025-03-07 21:54:17 UTC | 1378 | IN | |
| 2025-03-07 21:54:17 UTC | 1378 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 2 | 192.168.2.10 | 49698 | 104.21.64.1 | 443 | 2072 | C:\Users\user\Desktop\GuuQOl5kJR.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-07 21:54:23 UTC | 85 | OUT | |
| 2025-03-07 21:54:24 UTC | 858 | IN | |
| 2025-03-07 21:54:24 UTC | 362 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 3 | 192.168.2.10 | 49699 | 104.21.64.1 | 443 | 2072 | C:\Users\user\Desktop\GuuQOl5kJR.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-07 21:54:26 UTC | 61 | OUT | |
| 2025-03-07 21:54:27 UTC | 860 | IN | |
| 2025-03-07 21:54:27 UTC | 362 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 4 | 192.168.2.10 | 49701 | 104.21.64.1 | 443 | 2072 | C:\Users\user\Desktop\GuuQOl5kJR.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-07 21:54:29 UTC | 61 | OUT | |
| 2025-03-07 21:54:30 UTC | 862 | IN | |
| 2025-03-07 21:54:30 UTC | 362 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 5 | 192.168.2.10 | 49703 | 104.21.64.1 | 443 | 2072 | C:\Users\user\Desktop\GuuQOl5kJR.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-07 21:54:32 UTC | 85 | OUT | |
| 2025-03-07 21:54:33 UTC | 866 | IN | |
| 2025-03-07 21:54:33 UTC | 362 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 6 | 192.168.2.10 | 49705 | 104.21.64.1 | 443 | 2072 | C:\Users\user\Desktop\GuuQOl5kJR.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-07 21:54:36 UTC | 85 | OUT | |
| 2025-03-07 21:54:36 UTC | 850 | IN | |
| 2025-03-07 21:54:36 UTC | 362 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 7 | 192.168.2.10 | 49707 | 104.21.64.1 | 443 | 2072 | C:\Users\user\Desktop\GuuQOl5kJR.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-07 21:54:39 UTC | 85 | OUT | |
| 2025-03-07 21:54:40 UTC | 856 | IN | |
| 2025-03-07 21:54:40 UTC | 362 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 8 | 192.168.2.10 | 49709 | 104.21.64.1 | 443 | 2072 | C:\Users\user\Desktop\GuuQOl5kJR.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-07 21:54:42 UTC | 85 | OUT | |
| 2025-03-07 21:54:43 UTC | 858 | IN | |
| 2025-03-07 21:54:43 UTC | 362 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 9 | 192.168.2.10 | 49711 | 104.21.64.1 | 443 | 2072 | C:\Users\user\Desktop\GuuQOl5kJR.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-07 21:54:46 UTC | 85 | OUT | |
| 2025-03-07 21:54:46 UTC | 864 | IN | |
| 2025-03-07 21:54:46 UTC | 362 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 10 | 192.168.2.10 | 49713 | 104.21.64.1 | 443 | 2072 | C:\Users\user\Desktop\GuuQOl5kJR.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-07 21:54:49 UTC | 85 | OUT | |
| 2025-03-07 21:54:49 UTC | 856 | IN | |
| 2025-03-07 21:54:49 UTC | 362 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 11 | 192.168.2.10 | 49714 | 149.154.167.220 | 443 | 2072 | C:\Users\user\Desktop\GuuQOl5kJR.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-07 21:54:51 UTC | 349 | OUT | |
| 2025-03-07 21:54:52 UTC | 344 | IN | |
| 2025-03-07 21:54:52 UTC | 55 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 16:52:48 |
| Start date: | 07/03/2025 |
| Path: | C:\Users\user\Desktop\GuuQOl5kJR.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 924'368 bytes |
| MD5 hash: | E9C0C56C4A52C53407DE85B33E496E75 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
| Has exited: | true |
| Target ID: | 9 |
| Start time: | 16:53:21 |
| Start date: | 07/03/2025 |
| Path: | C:\Users\user\Desktop\GuuQOl5kJR.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x7ff67a7d0000 |
| File size: | 924'368 bytes |
| MD5 hash: | E9C0C56C4A52C53407DE85B33E496E75 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
| Has exited: | false |