Edit tour
Windows
Analysis Report
Portals.exe
Overview
General Information
| Sample name: | Portals.exe |
| Analysis ID: | 1637568 |
| MD5: | 1f2c4ac075b7a79917c290f0b9fd27b6 |
| SHA1: | 26b2d2ed94bea477e82f1dfe490aff259824ac5d |
| SHA256: | 7b7f4f1480f606b0e49ade273dd67ff9a636c428319fe074f9d98d0f76612728 |
| Tags: | exeVidaruser-BastianHein |
| Infos: |  |
 | |
Detection
| Score: | 88 |
| Range: | 0 - 100 |
| Confidence: | 100% |
Signatures
Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Contains functionality to inject code into remote processes
Injects a PE file into a foreign processes
Joe Sandbox ML detected suspicious sample
Searches for specific processes (likely to inject)
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains functionality to dynamically determine API calls
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to record screenshots
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Extensive use of GetProcAddress (often used to hide API calls)
Found evasive API chain (date check)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
One or more processes crash
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses Microsoft's Enhanced Cryptographic Provider
Yara signature match
Classification
- System is w10x64
Portals.exe (PID: 7824 cmdline: "C:\Users\ user\Deskt op\Portals .exe" MD5: 1F2C4AC075B7A79917C290F0B9FD27B6) - Portals.exe (PID: 7856 cmdline:
"C:\Users\ user\Deskt op\Portals .exe" MD5: 1F2C4AC075B7A79917C290F0B9FD27B6) 
WerFault.exe (PID: 7920 cmdline: C:\Windows \SysWOW64\ WerFault.e xe -u -p 7 824 -s 788 MD5: C31336C1EFC2CCB44B4326EA793040F2)
- cleanup
⊘No configs have been found
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| infostealer_win_vidar_strings_nov23 | Finds Vidar samples based on the specific strings | Sekoia.io |
|
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| infostealer_win_vidar_strings_nov23 | Finds Vidar samples based on the specific strings | Sekoia.io |
| |
| infostealer_win_vidar_strings_nov23 | Finds Vidar samples based on the specific strings | Sekoia.io |
| |
| infostealer_win_vidar_strings_nov23 | Finds Vidar samples based on the specific strings | Sekoia.io |
|
⊘No Sigma rule has matched
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-03-13T17:56:14.993692+0100 | 2028765 | 3 | Unknown Traffic | 192.168.2.4 | 49767 | 116.202.4.223 | 443 | TCP |
| 2025-03-13T17:56:34.029949+0100 | 2028765 | 3 | Unknown Traffic | 192.168.2.4 | 49728 | 116.202.4.223 | 443 | TCP |
| 2025-03-13T17:56:59.074991+0100 | 2028765 | 3 | Unknown Traffic | 192.168.2.4 | 49738 | 116.202.4.223 | 443 | TCP |
| 2025-03-13T17:57:24.478720+0100 | 2028765 | 3 | Unknown Traffic | 192.168.2.4 | 49747 | 116.202.4.223 | 443 | TCP |
| 2025-03-13T17:57:58.248048+0100 | 2028765 | 3 | Unknown Traffic | 192.168.2.4 | 49759 | 116.202.4.223 | 443 | TCP |
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | Avira: | ||
| Source: | Avira URL Cloud: | ||
| Source: | Avira URL Cloud: | ||
| Source: | Avira URL Cloud: | ||
| Source: | Avira URL Cloud: | ||
| Source: | Avira URL Cloud: | ||
| Source: | Avira URL Cloud: | ||
| Source: | Avira URL Cloud: | ||
| Source: | Avira URL Cloud: | ||
| Source: | Avira URL Cloud: | ||
| Source: | Avira URL Cloud: | ||
| Source: | Avira URL Cloud: | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | ReversingLabs: | |||
| Source: | Integrated Neural Analysis Model: | ||
| Source: | Code function: | 1_2_00406A10 | |
| Source: | Code function: | 1_2_00410830 | |
| Source: | Code function: | 1_2_00406CF0 | |
| Source: | Code function: | 1_2_00406940 | |
| Source: | Code function: | 1_2_0040A150 | |
| Source: | Code function: | 1_2_0040A560 | |
| Source: | Code function: | 1_2_00406980 | |
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Static PE information: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Code function: | 1_2_00414E70 | |
| Source: | Code function: | 1_2_00407210 | |
| Source: | Code function: | 1_2_0040ACD0 | |
| Source: | Code function: | 1_2_00408C90 | |
| Source: | Code function: | 1_2_0040B6B0 | |
| Source: | Code function: | 1_2_00415EB0 | |
| Source: | Code function: | 1_2_00414950 | |
| Source: | Code function: | 1_2_00409560 | |
| Source: | Code function: | 1_2_00408360 | |
| Source: | Code function: | 1_2_00413FD0 | |
| Source: | Code function: | 1_2_004013F0 | |
| Source: | Code function: | 1_2_00413580 | |
| Source: | Code function: | 1_2_004097B0 | |
| Source: | Code function: | 1_2_00413AF0 | |
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | JA3 fingerprint: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | Code function: | 1_2_00403850 | |
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Code function: | 1_2_00410A90 | |
| Source: | Code function: | 1_2_00406480 | |
System Summary | |
|---|
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Code function: | 0_2_02A52548 | |
| Source: | Code function: | 1_2_00404A20 | |
| Source: | Code function: | 1_2_00418630 | |
| Source: | Code function: | 1_2_0041B770 | |
| Source: | Code function: | 1_2_0041B300 | |
| Source: | Code function: | 1_2_0041C100 | |
| Source: | Code function: | 1_2_004193D0 | |
| Source: | Code function: | 1_2_0041A7D0 | |
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Process created: | ||
| Source: | Binary or memory string: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Classification label: | ||
| Source: | Code function: | 1_2_00411250 | |
| Source: | File created: | Jump to behavior | ||
| Source: | Mutant created: | ||
| Source: | Mutant created: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | Static file information: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Virustotal: | ||
| Source: | ReversingLabs: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 1_2_004108E0 | |
| Source: | Static PE information: | ||
| Source: | Code function: | 1_2_004108E0 | |
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Evasive API call chain: | graph_1-12412 | ||
| Source: | API coverage: | ||
| Source: | Code function: | 1_2_00414E70 | |
| Source: | Code function: | 1_2_00407210 | |
| Source: | Code function: | 1_2_0040ACD0 | |
| Source: | Code function: | 1_2_00408C90 | |
| Source: | Code function: | 1_2_0040B6B0 | |
| Source: | Code function: | 1_2_00415EB0 | |
| Source: | Code function: | 1_2_00414950 | |
| Source: | Code function: | 1_2_00409560 | |
| Source: | Code function: | 1_2_00408360 | |
| Source: | Code function: | 1_2_00413FD0 | |
| Source: | Code function: | 1_2_004013F0 | |
| Source: | Code function: | 1_2_00413580 | |
| Source: | Code function: | 1_2_004097B0 | |
| Source: | Code function: | 1_2_00413AF0 | |
| Source: | Code function: | 1_2_0040FDD0 | |
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | API call chain: | graph_1-13006 | ||
| Source: | API call chain: | graph_1-13095 | ||
| Source: | API call chain: | graph_1-12713 | ||
| Source: | Process queried: | Jump to behavior | ||
| Source: | Process queried: | Jump to behavior | ||
| Source: | Code function: | 1_2_004108E0 | |
| Source: | Code function: | 0_2_02BE2149 | |
| Source: | Code function: | 0_2_02BE22C6 | |
| Source: | Code function: | 1_2_0040F450 | |
| Source: | Memory allocated: | Jump to behavior | ||
HIPS / PFW / Operating System Protection Evasion | |
|---|
| Source: | Code function: | 0_2_02BE2149 | |
| Source: | Memory written: | Jump to behavior | ||
| Source: | Code function: | 1_2_00411250 | |
| Source: | Code function: | 1_2_00411310 | |
| Source: | Process created: | Jump to behavior | ||
| Source: | Code function: | 1_2_0040FC20 | |
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Code function: | 1_2_0041BAA0 | |
| Source: | Code function: | 1_2_00417210 | |
| Source: | Code function: | 1_2_0040FBC0 | |
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Native API | 1 Create Account | 311 Process Injection | 1 Masquerading | OS Credential Dumping | 2 System Time Discovery | Remote Services | 1 Screen Capture | 21 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | 1 DLL Side-Loading | 1 DLL Side-Loading | 2 Virtualization/Sandbox Evasion | LSASS Memory | 31 Security Software Discovery | Remote Desktop Protocol | 1 Archive Collected Data | 2 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Disable or Modify Tools | Security Account Manager | 2 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | Data from Network Shared Drive | 2 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 311 Process Injection | NTDS | 11 Process Discovery | Distributed Component Object Model | Input Capture | 3 Application Layer Protocol | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Deobfuscate/Decode Files or Information | LSA Secrets | 1 Account Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
| Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 Obfuscated Files or Information | Cached Domain Credentials | 1 System Owner/User Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
| DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 2 Software Packing | DCSync | 2 File and Directory Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
| Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 1 Timestomp | Proc Filesystem | 23 System Information Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
| Network Topology | Malvertising | Exploit Public-Facing Application | Command and Scripting Interpreter | At | At | 1 DLL Side-Loading | /etc/passwd and /etc/shadow | Network Sniffing | Direct Cloud VM Connections | Data Staged | Web Protocols | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Internal Defacement |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 69% | Virustotal | Browse | ||
| 87% | ReversingLabs | ByteCode-MSIL.Trojan.LummaStealer | ||
| 100% | Avira | TR/AD.Nekark.zctli |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 100% | Avira URL Cloud | malware | ||
| 100% | Avira URL Cloud | malware | ||
| 100% | Avira URL Cloud | malware | ||
| 0% | Avira URL Cloud | safe | ||
| 100% | Avira URL Cloud | malware | ||
| 100% | Avira URL Cloud | malware | ||
| 0% | Avira URL Cloud | safe | ||
| 100% | Avira URL Cloud | malware | ||
| 100% | Avira URL Cloud | malware | ||
| 0% | Avira URL Cloud | safe | ||
| 100% | Avira URL Cloud | malware | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 100% | Avira URL Cloud | malware | ||
| 100% | Avira URL Cloud | malware | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 100% | Avira URL Cloud | malware |
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| b.b.goldenloafuae.com | 94.130.189.58 | true | false | unknown | |
| steamcommunity.com | 104.73.234.102 | true | false | high | |
| t.me | 149.154.167.99 | true | false | high |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| false | high | ||
| false | high |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 116.202.4.223 | unknown | Germany | 24940 | HETZNER-ASDE | false | |
| 104.73.234.102 | steamcommunity.com | United States | 16625 | AKAMAI-ASUS | false | |
| 94.130.189.58 | b.b.goldenloafuae.com | Germany | 24940 | HETZNER-ASDE | false | |
| 149.154.167.99 | t.me | United Kingdom | 62041 | TELEGRAMRU | false |
| Joe Sandbox version: | 42.0.0 Malachite |
| Analysis ID: | 1637568 |
| Start date and time: | 2025-03-13 17:55:17 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 5m 7s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 13 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | Portals.exe |
| Detection: | MAL |
| Classification: | mal88.evad.winEXE@4/8@3/4 |
| EGA Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 13.89.230.12, 23.60.203.209, 172.202.163.200, 20.12.23.50
- Excluded domains from analysis (whitelisted): a-ring-fallback.msedge.net, fs.microsoft.com, onedsblobvmssprdcus03.centralus.cloudapp.azure.com, slscr.update.microsoft.com, blobcollector.events.data.trafficmanager.net, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
| Time | Type | Description |
|---|---|---|
| 12:56:17 | API Interceptor | |
| 12:57:39 | API Interceptor |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 104.73.234.102 | Get hash | malicious | Unknown | Browse | ||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | LummaC Stealer | Browse | |||
| Get hash | malicious | LummaC Stealer | Browse | |||
| Get hash | malicious | LummaC Stealer | Browse | |||
| Get hash | malicious | LummaC Stealer | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| 94.130.189.58 | Get hash | malicious | Unknown | Browse | ||
| 149.154.167.99 | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Cinoshi Stealer | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| t.me | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Vidar | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | LummaC Stealer, RHADAMANTHYS, Xmrig | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| steamcommunity.com | Get hash | malicious | LummaC Stealer | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| b.b.goldenloafuae.com | Get hash | malicious | Unknown | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| TELEGRAMRU | Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Vidar | Browse |
| ||
| Get hash | malicious | XWorm | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| AKAMAI-ASUS | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| HETZNER-ASDE | Get hash | malicious | Vidar | Browse |
| |
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | Prometei | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Prometei | Browse |
| ||
| Get hash | malicious | Prometei | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Prometei | Browse |
| ||
| Get hash | malicious | Prometei | Browse |
| ||
| HETZNER-ASDE | Get hash | malicious | Vidar | Browse |
| |
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | Prometei | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Prometei | Browse |
| ||
| Get hash | malicious | Prometei | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Prometei | Browse |
| ||
| Get hash | malicious | Prometei | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 37f463bf4616ecd445d4a1937da06e19 | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Remcos | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Vidar | Browse |
| ||
| Get hash | malicious | GuLoader, Remcos | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
⊘No context
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Portals.exe_f411adae77749b33a46592f0ef3e523e429446d0_fc381590_fd06be25-eaa2-4e7d-bb21-12e102acb00d\Report.wer 
Download File
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 65536 |
| Entropy (8bit): | 0.8592326785022042 |
| Encrypted: | false |
| SSDEEP: | 96:yuDFGgZRO1dHsqgtojTOAqyS3QXIDcQlc6VcEdcw31+BHUHZ0ownOgHkEwH3dEF8:yQTEfHsvA0LR3kaeSzuiFTZ24IO88 |
| MD5: | 323057242206199DD691B51156A441D8 |
| SHA1: | 2AEB584141668BE9A5D62C8F5CEED0DC5F59EE16 |
| SHA-256: | ED9E071E92581D30747C3E78B3AEE4C9E0591BA71360A1710C154CE4AB6A09CB |
| SHA-512: | 0C5514FE02D03A9C58D830B0D1538FE18336618ED5AFF19DD1E2C61FD8A953BCD2388D2389879699C6BF4DB30F4EAF5C4802548ECFC864321D9A2F2CF6890A6E |
| Malicious: | true |
| Reputation: | low |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 154323 |
| Entropy (8bit): | 3.720349859889603 |
| Encrypted: | false |
| SSDEEP: | 1536:YxsqZQuuBojRypN4uE2aOCFCDnPp6tLTgDUMCn01AMD6tTCBQC:YxsqKWU4uEqCQnPMtLTgdkCn |
| MD5: | E4BDF4B1B7648B99336E6A2F29548F6F |
| SHA1: | C71A413556CFE65FC0511F32A83AA1FBCBCC440D |
| SHA-256: | 8CD6775BF57DE5DB81FBB25BD57EAF6850DFC4EB2846432854C4A1FBFAE93514 |
| SHA-512: | 69FE9AAE486274957328C16596C2CCC0F737AEDFDACD9105853DF88FA50148B041E14BDA45EF4E9EAD3FFEDFC7B4824B5A35ECA4ED779E911898095EED229A7B |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8380 |
| Entropy (8bit): | 3.686651569586756 |
| Encrypted: | false |
| SSDEEP: | 192:R6l7wVeJnG6A6Y68SUyegmf7VJQyprY89b2KsfNASm:R6lXJG6A6YhSUyegmf7VJQy2pfNU |
| MD5: | B558677B13F13372817655DD57EF3BAD |
| SHA1: | 69092512448CFCE2B0111F127769DAEA32E31B00 |
| SHA-256: | A8A97941B031D0C2E696EE2E4DD6DAE366417F972588D20F2C188424C55DF66F |
| SHA-512: | 4BD4F41B6F7344454454986B3678FE3980287A7BE48735EDCEB63917FA90B3A0C1FA6A56A3DC314E0A9111047EF9A2D42C80817E03861AE938F2459DF7E2FEB9 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4735 |
| Entropy (8bit): | 4.437122890845229 |
| Encrypted: | false |
| SSDEEP: | 48:cvIwWl8zs3Jg77aI9jhyWpW8VYnYm8M4JwJrdxPcf6FY+q8vArdxPcfL2Nb5BJ5d:uIjfZI71h7VjJwufrK1fLMb5BTd |
| MD5: | A47A5813303025B0A6C854A9AA333113 |
| SHA1: | 5BD4516FD2960725563661ADC07BD5DD3D921EC9 |
| SHA-256: | 36CEEA08DDB1F087180DE1A0E928F87D46CC9A01B08EA2D565A8431AAC314C8E |
| SHA-512: | 4788EB376CC0112CAE9CBF9D70C03C12005C34DB5FF7B0EBDBA3B20526DC1B46BC1F4740216B5009C0594F5BCC987412ED4425BFBA62B81E3ED5B90BE5F93A9F |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\76561199829660832[1].htm
Download File
| Process: | C:\Users\user\Desktop\Portals.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 38102 |
| Entropy (8bit): | 5.370009474943779 |
| Encrypted: | false |
| SSDEEP: | 768:oBpq1J9cOGMnevx83TfwtH7NS3FQaXfsW9l+X9hJYFnzOMD5QBdxaXfsW9l+X9hm:oB81JKOGMnevx83TfwtH78QaXfsW9l+k |
| MD5: | 38790FFB4B4A4BDA7B16C190445B44AB |
| SHA1: | D1876FB65930943B81C0AD1DAA5FCB3C7AC85BED |
| SHA-256: | 90E284910097226DAA92CE93AA214EB28C4D45252235CCC0FD529F29832407B9 |
| SHA-512: | B221F00CA64008C402CE200B244516FD82682E62147AA7AB17195A213BAAD42F22C70A7598AA8B6703F3D4FF5B88C04633F8AEE1A68C21492B54F895921D2700 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\76561199829660832[1].htm
Download File
| Process: | C:\Users\user\Desktop\Portals.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 38102 |
| Entropy (8bit): | 5.370043374505181 |
| Encrypted: | false |
| SSDEEP: | 768:oBpq1J9cOGMnevx83TfwtH7NS3FQaXfsW9l+X9hJYFnzOMD5QBdxaXfsW9l+X9hY:oB81JKOGMnevx83TfwtH78QaXfsW9l+W |
| MD5: | 79299D68DB24C7BABFEE41D585D39741 |
| SHA1: | 78AA154E4A9A3440A28867827C6A46536838BC2D |
| SHA-256: | 48F3BDC6FF30AA3CB1191FFB2F996256AA87CF08E6EA2658DA617AF98BAF3261 |
| SHA-512: | 8DEDDF5F9DE0C029EACCAD4F5E044A0017A8A575F3F38876C245025D9E7649A665E01AA597E622E5263ADF7869B53484E195D8E61B9B50D58ACBA9F95F653622 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1835008 |
| Entropy (8bit): | 4.470259311542959 |
| Encrypted: | false |
| SSDEEP: | 6144:I+Xfpi67eLPU9skLmb0b4eWSPKaJG8nAgejZQqZaKWFIeC/F1cXIdW1qaEGlV:XXD94eWlLZQqYgtW4sV |
| MD5: | 57F1D32FE580FFC20C4B416E4031EFA1 |
| SHA1: | F05DD6AAA8EA4BC8EEECB8789E8561E7AAFA4EE2 |
| SHA-256: | 777AAC6FD4EECC1D09739C9A73ADC9487CACCD49AA1C79C6B4AF059486AFC0ED |
| SHA-512: | CE545C359A464ED8BB0A29BDD3CB9DE258B4B7B8E7DF3BB0EB87AD75F17AB35EF58BF99851CDB1C2E7D4D173FF6B36CF47A48661694096864AF648DE1A0EDDE2 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 36864 |
| Entropy (8bit): | 4.155120744536816 |
| Encrypted: | false |
| SSDEEP: | 768:Sh7DoFVtNr0WFRs4iWgFf8LEl999d9l+9uPIEcfmsc7qV:ShMFdv+8IlH9l0utc |
| MD5: | 9BD1DDF5E206A799ED69383674E28E00 |
| SHA1: | 227A827C1A6A78DF6E54BBF2E72F8101848F5AE8 |
| SHA-256: | A0175D43B4EB0B221771108D02318677EFBBEE289FC1FCEB21236EF5E1D0A96D |
| SHA-512: | C7301D619F2A5685271FF4388CDDE85100C8211A6DB60D955D7673A078AA61ED4CB370095DB1137839DB81C746E0290C67B2ED80BFDF57919130FB7937BCFCAF |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| File type: | |
| Entropy (8bit): | 7.9531171337918085 |
| TrID: |
|
| File name: | Portals.exe |
| File size: | 152'576 bytes |
| MD5: | 1f2c4ac075b7a79917c290f0b9fd27b6 |
| SHA1: | 26b2d2ed94bea477e82f1dfe490aff259824ac5d |
| SHA256: | 7b7f4f1480f606b0e49ade273dd67ff9a636c428319fe074f9d98d0f76612728 |
| SHA512: | 4ada5989c043b25d7f97077e4ac6b47ecf3a1f7db69b9b6359990454146446f28f5b779354d97fad1bd2b5454538347e082a6e089cd4e5a0fc4e32f8ce8c0842 |
| SSDEEP: | 3072:b3GqXhaXFCV70nVvzvgQMjTjm5qCxBfSIEt/4EIOxhy/fFqBO0A3UQ6oaJ:Jx6Fw70VvzgQMjTj0xB2ZnaFkgGJ |
| TLSH: | 42E31254EEF2D6B6F06D0E3A19FB8DC97651F2613889713E41CFA3022AAA1EC1567740 |
| File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Q............"...0.."..........f;... ...`....@.. ....................................`................................ |
 | |
| Icon Hash: | 90cececece8e8eb0 |
| Entrypoint: | 0x403b66 |
| Entrypoint Section: | .text |
| Digitally signed: | false |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE |
| DLL Characteristics: | HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
| Time Stamp: | 0xADFF511F [Mon Jul 3 22:20:15 2062 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 4 |
| OS Version Minor: | 0 |
| File Version Major: | 4 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 4 |
| Subsystem Version Minor: | 0 |
| Import Hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
| Instruction |
|---|
| jmp dword ptr [00402000h] |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| push es |
| js 00007F2F50FEC2EDh |
| or al, 24h |
| add eax, 15110704h |
| or al, byte ptr [eax] |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| pop esp |
| jns 0000C2B3h |
| jno 00007F2F50FEC39Ah |
| aam C8h |
| outsd |
| and eax, 4C604532h |
| jmp far 5164h : 62FDD060h |
| mov dword ptr [esi], ebx |
| xor byte ptr [ebx+7BBFA4B8h], ah |
| aam 4Ah |
| ret |
| jnbe 00007F2F50FEC356h |
| add al, 3Dh |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| jns 00007F2F50FEC382h |
| lea edx, dword ptr [eax] |
| loope 00007F2F50FEC31Bh |
| sti |
| jne 00007F2F50FEC333h |
| or esp, dword ptr [ecx] |
| adc esi, ebp |
| cmpsd |
| in al, 03h |
| mov bh, A3h |
| cmpsb |
| and dword ptr [eax], esp |
| test esi, esp |
| cwde |
| push edx |
| jmp 00007F2EFF2C0431h |
| sub dword ptr [edx+325E6BADh], esp |
| adc dword ptr [ebx], esp |
| lodsd |
| rcl dword ptr [eax-35h], FFFFFFDCh |
| sub ah, byte ptr [ebx] |
| inc ebx |
| jnc 00007F2F50FEC36Bh |
| jbe 00007F2F50FEC397h |
| cmp dword ptr [ebp-00874B27h], esi |
| push eax |
| and ah, byte ptr [ecx+03FCEF36h] |
| hlt |
| xchg eax, edi |
| int3 |
| scasb |
| add eax, A99A6234h |
| aam 6Fh |
| mov edx, 0A561172h |
| mov al, C7h |
| pop ds |
| cmp esp, ebx |
| fdivr qword ptr [edi] |
| or bl, byte ptr [ebp-5Eh] |
| shl al, FFFFFFBFh |
| mov eax, 926A3B5Eh |
| add byte ptr [ecx], 00000069h |
| pop eax |
| stosb |
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0x3b14 | 0x4f | .text |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x6000 | 0x59c | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x8000 | 0xc | .reloc |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x3a80 | 0x38 | .text |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x2000 | 0x8 | .text |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x2008 | 0x48 | .text |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|---|
| .text | 0x2000 | 0x20f8 | 0x2200 | 2336fc02d84ab7fe67bf872f8511b001 | False | 0.7184053308823529 | data | 6.597846647424806 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .rsrc | 0x6000 | 0x59c | 0x600 | 88026805aec0496128e320c861c25c4f | False | 0.41015625 | data | 4.0305393073644025 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .reloc | 0x8000 | 0xc | 0x200 | fe25fe59d6526d5530f0d4f3420107c5 | False | 0.044921875 | data | 0.08153941234324169 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
| .CSS | 0xa000 | 0x22600 | 0x22600 | a3ec7bef25de134bb86058b038632cb6 | False | 1.0003622159090908 | data | 7.998816411019897 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
|---|---|---|---|---|---|---|
| RT_VERSION | 0x6090 | 0x30c | data | 0.4217948717948718 | ||
| RT_MANIFEST | 0x63ac | 0x1ea | XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators | 0.5489795918367347 |
| DLL | Import |
|---|---|
| mscoree.dll | _CorExeMain |
| Description | Data |
|---|---|
| Translation | 0x0000 0x04b0 |
| Comments | |
| CompanyName | |
| FileDescription | Portals |
| FileVersion | 1.0.0.0 |
| InternalName | Portals.exe |
| LegalCopyright | Copyright 2025 |
| LegalTrademarks | |
| OriginalFilename | Portals.exe |
| ProductName | Portals |
| ProductVersion | 1.0.0.0 |
| Assembly Version | 1.0.0.0 |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-03-13T17:56:14.993692+0100 | 2028765 | ET JA3 Hash - [Abuse.ch] Possible Dridex | 3 | 192.168.2.4 | 49767 | 116.202.4.223 | 443 | TCP |
| 2025-03-13T17:56:34.029949+0100 | 2028765 | ET JA3 Hash - [Abuse.ch] Possible Dridex | 3 | 192.168.2.4 | 49728 | 116.202.4.223 | 443 | TCP |
| 2025-03-13T17:56:59.074991+0100 | 2028765 | ET JA3 Hash - [Abuse.ch] Possible Dridex | 3 | 192.168.2.4 | 49738 | 116.202.4.223 | 443 | TCP |
| 2025-03-13T17:57:24.478720+0100 | 2028765 | ET JA3 Hash - [Abuse.ch] Possible Dridex | 3 | 192.168.2.4 | 49747 | 116.202.4.223 | 443 | TCP |
| 2025-03-13T17:57:58.248048+0100 | 2028765 | ET JA3 Hash - [Abuse.ch] Possible Dridex | 3 | 192.168.2.4 | 49759 | 116.202.4.223 | 443 | TCP |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Mar 13, 2025 17:56:15.069727898 CET | 49717 | 443 | 192.168.2.4 | 149.154.167.99 |
| Mar 13, 2025 17:56:15.069777966 CET | 443 | 49717 | 149.154.167.99 | 192.168.2.4 |
| Mar 13, 2025 17:56:15.069864988 CET | 49717 | 443 | 192.168.2.4 | 149.154.167.99 |
| Mar 13, 2025 17:56:15.077678919 CET | 49717 | 443 | 192.168.2.4 | 149.154.167.99 |
| Mar 13, 2025 17:56:15.077693939 CET | 443 | 49717 | 149.154.167.99 | 192.168.2.4 |
| Mar 13, 2025 17:56:16.928131104 CET | 443 | 49717 | 149.154.167.99 | 192.168.2.4 |
| Mar 13, 2025 17:56:16.928216934 CET | 49717 | 443 | 192.168.2.4 | 149.154.167.99 |
| Mar 13, 2025 17:56:16.983705997 CET | 49717 | 443 | 192.168.2.4 | 149.154.167.99 |
| Mar 13, 2025 17:56:16.983741999 CET | 443 | 49717 | 149.154.167.99 | 192.168.2.4 |
| Mar 13, 2025 17:56:16.984097958 CET | 443 | 49717 | 149.154.167.99 | 192.168.2.4 |
| Mar 13, 2025 17:56:16.984169006 CET | 49717 | 443 | 192.168.2.4 | 149.154.167.99 |
| Mar 13, 2025 17:56:16.988030910 CET | 49717 | 443 | 192.168.2.4 | 149.154.167.99 |
| Mar 13, 2025 17:56:17.028343916 CET | 443 | 49717 | 149.154.167.99 | 192.168.2.4 |
| Mar 13, 2025 17:56:18.014425039 CET | 443 | 49717 | 149.154.167.99 | 192.168.2.4 |
| Mar 13, 2025 17:56:18.014460087 CET | 443 | 49717 | 149.154.167.99 | 192.168.2.4 |
| Mar 13, 2025 17:56:18.014507055 CET | 443 | 49717 | 149.154.167.99 | 192.168.2.4 |
| Mar 13, 2025 17:56:18.014507055 CET | 49717 | 443 | 192.168.2.4 | 149.154.167.99 |
| Mar 13, 2025 17:56:18.014532089 CET | 443 | 49717 | 149.154.167.99 | 192.168.2.4 |
| Mar 13, 2025 17:56:18.014549971 CET | 443 | 49717 | 149.154.167.99 | 192.168.2.4 |
| Mar 13, 2025 17:56:18.014550924 CET | 49717 | 443 | 192.168.2.4 | 149.154.167.99 |
| Mar 13, 2025 17:56:18.014583111 CET | 49717 | 443 | 192.168.2.4 | 149.154.167.99 |
| Mar 13, 2025 17:56:18.014599085 CET | 49717 | 443 | 192.168.2.4 | 149.154.167.99 |
| Mar 13, 2025 17:56:18.019539118 CET | 49717 | 443 | 192.168.2.4 | 149.154.167.99 |
| Mar 13, 2025 17:56:18.019552946 CET | 443 | 49717 | 149.154.167.99 | 192.168.2.4 |
| Mar 13, 2025 17:56:18.045172930 CET | 49721 | 443 | 192.168.2.4 | 94.130.189.58 |
| Mar 13, 2025 17:56:18.045232058 CET | 443 | 49721 | 94.130.189.58 | 192.168.2.4 |
| Mar 13, 2025 17:56:18.045301914 CET | 49721 | 443 | 192.168.2.4 | 94.130.189.58 |
| Mar 13, 2025 17:56:18.045680046 CET | 49721 | 443 | 192.168.2.4 | 94.130.189.58 |
| Mar 13, 2025 17:56:18.045701981 CET | 443 | 49721 | 94.130.189.58 | 192.168.2.4 |
| Mar 13, 2025 17:56:21.311660051 CET | 443 | 49721 | 94.130.189.58 | 192.168.2.4 |
| Mar 13, 2025 17:56:21.311716080 CET | 49721 | 443 | 192.168.2.4 | 94.130.189.58 |
| Mar 13, 2025 17:56:21.315196037 CET | 49721 | 443 | 192.168.2.4 | 94.130.189.58 |
| Mar 13, 2025 17:56:21.315301895 CET | 443 | 49721 | 94.130.189.58 | 192.168.2.4 |
| Mar 13, 2025 17:56:21.315354109 CET | 49721 | 443 | 192.168.2.4 | 94.130.189.58 |
| Mar 13, 2025 17:56:21.317183971 CET | 49723 | 443 | 192.168.2.4 | 94.130.189.58 |
| Mar 13, 2025 17:56:21.317234993 CET | 443 | 49723 | 94.130.189.58 | 192.168.2.4 |
| Mar 13, 2025 17:56:21.317301035 CET | 49723 | 443 | 192.168.2.4 | 94.130.189.58 |
| Mar 13, 2025 17:56:21.317559958 CET | 49723 | 443 | 192.168.2.4 | 94.130.189.58 |
| Mar 13, 2025 17:56:21.317574978 CET | 443 | 49723 | 94.130.189.58 | 192.168.2.4 |
| Mar 13, 2025 17:56:23.970818043 CET | 443 | 49723 | 94.130.189.58 | 192.168.2.4 |
| Mar 13, 2025 17:56:23.970890045 CET | 49723 | 443 | 192.168.2.4 | 94.130.189.58 |
| Mar 13, 2025 17:56:23.971127987 CET | 49723 | 443 | 192.168.2.4 | 94.130.189.58 |
| Mar 13, 2025 17:56:23.971225977 CET | 443 | 49723 | 94.130.189.58 | 192.168.2.4 |
| Mar 13, 2025 17:56:23.971275091 CET | 49723 | 443 | 192.168.2.4 | 94.130.189.58 |
| Mar 13, 2025 17:56:23.971555948 CET | 49725 | 443 | 192.168.2.4 | 94.130.189.58 |
| Mar 13, 2025 17:56:23.971600056 CET | 443 | 49725 | 94.130.189.58 | 192.168.2.4 |
| Mar 13, 2025 17:56:23.971672058 CET | 49725 | 443 | 192.168.2.4 | 94.130.189.58 |
| Mar 13, 2025 17:56:23.972028971 CET | 49725 | 443 | 192.168.2.4 | 94.130.189.58 |
| Mar 13, 2025 17:56:23.972062111 CET | 443 | 49725 | 94.130.189.58 | 192.168.2.4 |
| Mar 13, 2025 17:56:23.972173929 CET | 49725 | 443 | 192.168.2.4 | 94.130.189.58 |
| Mar 13, 2025 17:56:23.983294010 CET | 49726 | 443 | 192.168.2.4 | 104.73.234.102 |
| Mar 13, 2025 17:56:23.983330965 CET | 443 | 49726 | 104.73.234.102 | 192.168.2.4 |
| Mar 13, 2025 17:56:23.983397961 CET | 49726 | 443 | 192.168.2.4 | 104.73.234.102 |
| Mar 13, 2025 17:56:23.983680010 CET | 49726 | 443 | 192.168.2.4 | 104.73.234.102 |
| Mar 13, 2025 17:56:23.983692884 CET | 443 | 49726 | 104.73.234.102 | 192.168.2.4 |
| Mar 13, 2025 17:56:25.668319941 CET | 443 | 49726 | 104.73.234.102 | 192.168.2.4 |
| Mar 13, 2025 17:56:25.668391943 CET | 49726 | 443 | 192.168.2.4 | 104.73.234.102 |
| Mar 13, 2025 17:56:25.672333002 CET | 49726 | 443 | 192.168.2.4 | 104.73.234.102 |
| Mar 13, 2025 17:56:25.672343969 CET | 443 | 49726 | 104.73.234.102 | 192.168.2.4 |
| Mar 13, 2025 17:56:25.672579050 CET | 443 | 49726 | 104.73.234.102 | 192.168.2.4 |
| Mar 13, 2025 17:56:25.672631025 CET | 49726 | 443 | 192.168.2.4 | 104.73.234.102 |
| Mar 13, 2025 17:56:25.673110008 CET | 49726 | 443 | 192.168.2.4 | 104.73.234.102 |
| Mar 13, 2025 17:56:25.720324039 CET | 443 | 49726 | 104.73.234.102 | 192.168.2.4 |
| Mar 13, 2025 17:56:26.484966993 CET | 443 | 49726 | 104.73.234.102 | 192.168.2.4 |
| Mar 13, 2025 17:56:26.484992027 CET | 443 | 49726 | 104.73.234.102 | 192.168.2.4 |
| Mar 13, 2025 17:56:26.485009909 CET | 443 | 49726 | 104.73.234.102 | 192.168.2.4 |
| Mar 13, 2025 17:56:26.485049009 CET | 49726 | 443 | 192.168.2.4 | 104.73.234.102 |
| Mar 13, 2025 17:56:26.485085964 CET | 443 | 49726 | 104.73.234.102 | 192.168.2.4 |
| Mar 13, 2025 17:56:26.485116959 CET | 49726 | 443 | 192.168.2.4 | 104.73.234.102 |
| Mar 13, 2025 17:56:26.485146046 CET | 49726 | 443 | 192.168.2.4 | 104.73.234.102 |
| Mar 13, 2025 17:56:26.615411043 CET | 443 | 49726 | 104.73.234.102 | 192.168.2.4 |
| Mar 13, 2025 17:56:26.615427971 CET | 443 | 49726 | 104.73.234.102 | 192.168.2.4 |
| Mar 13, 2025 17:56:26.615955114 CET | 49726 | 443 | 192.168.2.4 | 104.73.234.102 |
| Mar 13, 2025 17:56:26.615986109 CET | 443 | 49726 | 104.73.234.102 | 192.168.2.4 |
| Mar 13, 2025 17:56:26.616202116 CET | 49726 | 443 | 192.168.2.4 | 104.73.234.102 |
| Mar 13, 2025 17:56:26.627696037 CET | 443 | 49726 | 104.73.234.102 | 192.168.2.4 |
| Mar 13, 2025 17:56:26.627839088 CET | 49726 | 443 | 192.168.2.4 | 104.73.234.102 |
| Mar 13, 2025 17:56:26.645049095 CET | 443 | 49726 | 104.73.234.102 | 192.168.2.4 |
| Mar 13, 2025 17:56:26.645104885 CET | 443 | 49726 | 104.73.234.102 | 192.168.2.4 |
| Mar 13, 2025 17:56:26.645165920 CET | 49726 | 443 | 192.168.2.4 | 104.73.234.102 |
| Mar 13, 2025 17:56:26.645165920 CET | 49726 | 443 | 192.168.2.4 | 104.73.234.102 |
| Mar 13, 2025 17:56:26.645514965 CET | 49726 | 443 | 192.168.2.4 | 104.73.234.102 |
| Mar 13, 2025 17:56:26.645514965 CET | 49726 | 443 | 192.168.2.4 | 104.73.234.102 |
| Mar 13, 2025 17:56:26.645554066 CET | 443 | 49726 | 104.73.234.102 | 192.168.2.4 |
| Mar 13, 2025 17:56:26.646593094 CET | 49726 | 443 | 192.168.2.4 | 104.73.234.102 |
| Mar 13, 2025 17:56:26.686779022 CET | 49728 | 443 | 192.168.2.4 | 116.202.4.223 |
| Mar 13, 2025 17:56:26.686841011 CET | 443 | 49728 | 116.202.4.223 | 192.168.2.4 |
| Mar 13, 2025 17:56:26.687119961 CET | 49728 | 443 | 192.168.2.4 | 116.202.4.223 |
| Mar 13, 2025 17:56:26.687504053 CET | 49728 | 443 | 192.168.2.4 | 116.202.4.223 |
| Mar 13, 2025 17:56:26.687535048 CET | 443 | 49728 | 116.202.4.223 | 192.168.2.4 |
| Mar 13, 2025 17:56:34.029870987 CET | 443 | 49728 | 116.202.4.223 | 192.168.2.4 |
| Mar 13, 2025 17:56:34.029891968 CET | 443 | 49728 | 116.202.4.223 | 192.168.2.4 |
| Mar 13, 2025 17:56:34.029948950 CET | 49728 | 443 | 192.168.2.4 | 116.202.4.223 |
| Mar 13, 2025 17:56:34.029966116 CET | 49728 | 443 | 192.168.2.4 | 116.202.4.223 |
| Mar 13, 2025 17:56:34.030328989 CET | 49728 | 443 | 192.168.2.4 | 116.202.4.223 |
| Mar 13, 2025 17:56:34.030344963 CET | 443 | 49728 | 116.202.4.223 | 192.168.2.4 |
| Mar 13, 2025 17:56:34.030842066 CET | 49731 | 443 | 192.168.2.4 | 116.202.4.223 |
| Mar 13, 2025 17:56:34.030877113 CET | 443 | 49731 | 116.202.4.223 | 192.168.2.4 |
| Mar 13, 2025 17:56:34.030965090 CET | 49731 | 443 | 192.168.2.4 | 116.202.4.223 |
| Mar 13, 2025 17:56:34.031193018 CET | 49731 | 443 | 192.168.2.4 | 116.202.4.223 |
| Mar 13, 2025 17:56:34.031203032 CET | 443 | 49731 | 116.202.4.223 | 192.168.2.4 |
| Mar 13, 2025 17:56:41.444678068 CET | 443 | 49731 | 116.202.4.223 | 192.168.2.4 |
| Mar 13, 2025 17:56:41.444701910 CET | 443 | 49731 | 116.202.4.223 | 192.168.2.4 |
| Mar 13, 2025 17:56:41.444737911 CET | 49731 | 443 | 192.168.2.4 | 116.202.4.223 |
| Mar 13, 2025 17:56:41.444753885 CET | 49731 | 443 | 192.168.2.4 | 116.202.4.223 |
| Mar 13, 2025 17:56:41.446019888 CET | 49731 | 443 | 192.168.2.4 | 116.202.4.223 |
| Mar 13, 2025 17:56:41.446039915 CET | 443 | 49731 | 116.202.4.223 | 192.168.2.4 |
| Mar 13, 2025 17:56:41.449548960 CET | 49732 | 443 | 192.168.2.4 | 116.202.4.223 |
| Mar 13, 2025 17:56:41.449588060 CET | 443 | 49732 | 116.202.4.223 | 192.168.2.4 |
| Mar 13, 2025 17:56:41.449651957 CET | 49732 | 443 | 192.168.2.4 | 116.202.4.223 |
| Mar 13, 2025 17:56:41.458755016 CET | 49732 | 443 | 192.168.2.4 | 116.202.4.223 |
| Mar 13, 2025 17:56:41.458795071 CET | 443 | 49732 | 116.202.4.223 | 192.168.2.4 |
| Mar 13, 2025 17:56:41.458848000 CET | 49732 | 443 | 192.168.2.4 | 116.202.4.223 |
| Mar 13, 2025 17:56:41.473805904 CET | 49733 | 443 | 192.168.2.4 | 149.154.167.99 |
| Mar 13, 2025 17:56:41.473853111 CET | 443 | 49733 | 149.154.167.99 | 192.168.2.4 |
| Mar 13, 2025 17:56:41.473931074 CET | 49733 | 443 | 192.168.2.4 | 149.154.167.99 |
| Mar 13, 2025 17:56:41.481301069 CET | 49733 | 443 | 192.168.2.4 | 149.154.167.99 |
| Mar 13, 2025 17:56:41.481317043 CET | 443 | 49733 | 149.154.167.99 | 192.168.2.4 |
| Mar 13, 2025 17:56:42.921757936 CET | 443 | 49733 | 149.154.167.99 | 192.168.2.4 |
| Mar 13, 2025 17:56:42.921899080 CET | 49733 | 443 | 192.168.2.4 | 149.154.167.99 |
| Mar 13, 2025 17:56:42.931719065 CET | 49733 | 443 | 192.168.2.4 | 149.154.167.99 |
| Mar 13, 2025 17:56:42.931726933 CET | 443 | 49733 | 149.154.167.99 | 192.168.2.4 |
| Mar 13, 2025 17:56:42.934196949 CET | 49733 | 443 | 192.168.2.4 | 149.154.167.99 |
| Mar 13, 2025 17:56:42.934202909 CET | 443 | 49733 | 149.154.167.99 | 192.168.2.4 |
| Mar 13, 2025 17:56:43.806914091 CET | 443 | 49733 | 149.154.167.99 | 192.168.2.4 |
| Mar 13, 2025 17:56:43.806941032 CET | 443 | 49733 | 149.154.167.99 | 192.168.2.4 |
| Mar 13, 2025 17:56:43.806972027 CET | 49733 | 443 | 192.168.2.4 | 149.154.167.99 |
| Mar 13, 2025 17:56:43.806978941 CET | 443 | 49733 | 149.154.167.99 | 192.168.2.4 |
| Mar 13, 2025 17:56:43.806996107 CET | 443 | 49733 | 149.154.167.99 | 192.168.2.4 |
| Mar 13, 2025 17:56:43.807008028 CET | 49733 | 443 | 192.168.2.4 | 149.154.167.99 |
| Mar 13, 2025 17:56:43.807017088 CET | 443 | 49733 | 149.154.167.99 | 192.168.2.4 |
| Mar 13, 2025 17:56:43.807044983 CET | 49733 | 443 | 192.168.2.4 | 149.154.167.99 |
| Mar 13, 2025 17:56:43.807064056 CET | 49733 | 443 | 192.168.2.4 | 149.154.167.99 |
| Mar 13, 2025 17:56:43.811681032 CET | 49733 | 443 | 192.168.2.4 | 149.154.167.99 |
| Mar 13, 2025 17:56:43.811692953 CET | 443 | 49733 | 149.154.167.99 | 192.168.2.4 |
| Mar 13, 2025 17:56:43.814539909 CET | 49734 | 443 | 192.168.2.4 | 94.130.189.58 |
| Mar 13, 2025 17:56:43.814574957 CET | 443 | 49734 | 94.130.189.58 | 192.168.2.4 |
| Mar 13, 2025 17:56:43.814654112 CET | 49734 | 443 | 192.168.2.4 | 94.130.189.58 |
| Mar 13, 2025 17:56:43.815412045 CET | 49734 | 443 | 192.168.2.4 | 94.130.189.58 |
| Mar 13, 2025 17:56:43.815426111 CET | 443 | 49734 | 94.130.189.58 | 192.168.2.4 |
| Mar 13, 2025 17:56:46.623265028 CET | 443 | 49734 | 94.130.189.58 | 192.168.2.4 |
| Mar 13, 2025 17:56:46.623409033 CET | 49734 | 443 | 192.168.2.4 | 94.130.189.58 |
| Mar 13, 2025 17:56:46.623795033 CET | 49734 | 443 | 192.168.2.4 | 94.130.189.58 |
| Mar 13, 2025 17:56:46.623909950 CET | 443 | 49734 | 94.130.189.58 | 192.168.2.4 |
| Mar 13, 2025 17:56:46.623965979 CET | 49734 | 443 | 192.168.2.4 | 94.130.189.58 |
| Mar 13, 2025 17:56:46.625191927 CET | 49735 | 443 | 192.168.2.4 | 94.130.189.58 |
| Mar 13, 2025 17:56:46.625237942 CET | 443 | 49735 | 94.130.189.58 | 192.168.2.4 |
| Mar 13, 2025 17:56:46.625324965 CET | 49735 | 443 | 192.168.2.4 | 94.130.189.58 |
| Mar 13, 2025 17:56:46.625705004 CET | 49735 | 443 | 192.168.2.4 | 94.130.189.58 |
| Mar 13, 2025 17:56:46.625727892 CET | 443 | 49735 | 94.130.189.58 | 192.168.2.4 |
| Mar 13, 2025 17:56:49.318777084 CET | 443 | 49735 | 94.130.189.58 | 192.168.2.4 |
| Mar 13, 2025 17:56:49.318854094 CET | 49735 | 443 | 192.168.2.4 | 94.130.189.58 |
| Mar 13, 2025 17:56:49.319281101 CET | 49735 | 443 | 192.168.2.4 | 94.130.189.58 |
| Mar 13, 2025 17:56:49.319386005 CET | 443 | 49735 | 94.130.189.58 | 192.168.2.4 |
| Mar 13, 2025 17:56:49.319437027 CET | 49735 | 443 | 192.168.2.4 | 94.130.189.58 |
| Mar 13, 2025 17:56:49.319720984 CET | 49736 | 443 | 192.168.2.4 | 94.130.189.58 |
| Mar 13, 2025 17:56:49.319757938 CET | 443 | 49736 | 94.130.189.58 | 192.168.2.4 |
| Mar 13, 2025 17:56:49.319839954 CET | 49736 | 443 | 192.168.2.4 | 94.130.189.58 |
| Mar 13, 2025 17:56:49.319916964 CET | 49736 | 443 | 192.168.2.4 | 94.130.189.58 |
| Mar 13, 2025 17:56:49.319967031 CET | 443 | 49736 | 94.130.189.58 | 192.168.2.4 |
| Mar 13, 2025 17:56:49.320015907 CET | 49736 | 443 | 192.168.2.4 | 94.130.189.58 |
| Mar 13, 2025 17:56:49.321295977 CET | 49737 | 443 | 192.168.2.4 | 104.73.234.102 |
| Mar 13, 2025 17:56:49.321326017 CET | 443 | 49737 | 104.73.234.102 | 192.168.2.4 |
| Mar 13, 2025 17:56:49.321394920 CET | 49737 | 443 | 192.168.2.4 | 104.73.234.102 |
| Mar 13, 2025 17:56:49.321671963 CET | 49737 | 443 | 192.168.2.4 | 104.73.234.102 |
| Mar 13, 2025 17:56:49.321686029 CET | 443 | 49737 | 104.73.234.102 | 192.168.2.4 |
| Mar 13, 2025 17:56:50.720297098 CET | 443 | 49737 | 104.73.234.102 | 192.168.2.4 |
| Mar 13, 2025 17:56:50.720365047 CET | 49737 | 443 | 192.168.2.4 | 104.73.234.102 |
| Mar 13, 2025 17:56:50.720930099 CET | 49737 | 443 | 192.168.2.4 | 104.73.234.102 |
| Mar 13, 2025 17:56:50.720942974 CET | 443 | 49737 | 104.73.234.102 | 192.168.2.4 |
| Mar 13, 2025 17:56:50.722927094 CET | 49737 | 443 | 192.168.2.4 | 104.73.234.102 |
| Mar 13, 2025 17:56:50.722934008 CET | 443 | 49737 | 104.73.234.102 | 192.168.2.4 |
| Mar 13, 2025 17:56:51.578495979 CET | 443 | 49737 | 104.73.234.102 | 192.168.2.4 |
| Mar 13, 2025 17:56:51.578517914 CET | 443 | 49737 | 104.73.234.102 | 192.168.2.4 |
| Mar 13, 2025 17:56:51.578552961 CET | 443 | 49737 | 104.73.234.102 | 192.168.2.4 |
| Mar 13, 2025 17:56:51.578696012 CET | 49737 | 443 | 192.168.2.4 | 104.73.234.102 |
| Mar 13, 2025 17:56:51.578696012 CET | 49737 | 443 | 192.168.2.4 | 104.73.234.102 |
| Mar 13, 2025 17:56:51.578728914 CET | 443 | 49737 | 104.73.234.102 | 192.168.2.4 |
| Mar 13, 2025 17:56:51.578779936 CET | 49737 | 443 | 192.168.2.4 | 104.73.234.102 |
| Mar 13, 2025 17:56:51.705568075 CET | 443 | 49737 | 104.73.234.102 | 192.168.2.4 |
| Mar 13, 2025 17:56:51.705601931 CET | 443 | 49737 | 104.73.234.102 | 192.168.2.4 |
| Mar 13, 2025 17:56:51.705780029 CET | 49737 | 443 | 192.168.2.4 | 104.73.234.102 |
| Mar 13, 2025 17:56:51.705780029 CET | 49737 | 443 | 192.168.2.4 | 104.73.234.102 |
| Mar 13, 2025 17:56:51.705809116 CET | 443 | 49737 | 104.73.234.102 | 192.168.2.4 |
| Mar 13, 2025 17:56:51.705857038 CET | 49737 | 443 | 192.168.2.4 | 104.73.234.102 |
| Mar 13, 2025 17:56:51.715038061 CET | 443 | 49737 | 104.73.234.102 | 192.168.2.4 |
| Mar 13, 2025 17:56:51.715102911 CET | 49737 | 443 | 192.168.2.4 | 104.73.234.102 |
| Mar 13, 2025 17:56:51.721448898 CET | 443 | 49737 | 104.73.234.102 | 192.168.2.4 |
| Mar 13, 2025 17:56:51.721519947 CET | 443 | 49737 | 104.73.234.102 | 192.168.2.4 |
| Mar 13, 2025 17:56:51.721528053 CET | 49737 | 443 | 192.168.2.4 | 104.73.234.102 |
| Mar 13, 2025 17:56:51.721584082 CET | 49737 | 443 | 192.168.2.4 | 104.73.234.102 |
| Mar 13, 2025 17:56:51.721780062 CET | 49737 | 443 | 192.168.2.4 | 104.73.234.102 |
| Mar 13, 2025 17:56:51.721796036 CET | 443 | 49737 | 104.73.234.102 | 192.168.2.4 |
| Mar 13, 2025 17:56:51.721807003 CET | 49737 | 443 | 192.168.2.4 | 104.73.234.102 |
| Mar 13, 2025 17:56:51.721842051 CET | 49737 | 443 | 192.168.2.4 | 104.73.234.102 |
| Mar 13, 2025 17:56:51.730819941 CET | 49738 | 443 | 192.168.2.4 | 116.202.4.223 |
| Mar 13, 2025 17:56:51.730869055 CET | 443 | 49738 | 116.202.4.223 | 192.168.2.4 |
| Mar 13, 2025 17:56:51.730932951 CET | 49738 | 443 | 192.168.2.4 | 116.202.4.223 |
| Mar 13, 2025 17:56:51.731292963 CET | 49738 | 443 | 192.168.2.4 | 116.202.4.223 |
| Mar 13, 2025 17:56:51.731309891 CET | 443 | 49738 | 116.202.4.223 | 192.168.2.4 |
| Mar 13, 2025 17:56:59.074902058 CET | 443 | 49738 | 116.202.4.223 | 192.168.2.4 |
| Mar 13, 2025 17:56:59.074935913 CET | 443 | 49738 | 116.202.4.223 | 192.168.2.4 |
| Mar 13, 2025 17:56:59.074990988 CET | 49738 | 443 | 192.168.2.4 | 116.202.4.223 |
| Mar 13, 2025 17:56:59.075015068 CET | 49738 | 443 | 192.168.2.4 | 116.202.4.223 |
| Mar 13, 2025 17:56:59.075360060 CET | 49738 | 443 | 192.168.2.4 | 116.202.4.223 |
| Mar 13, 2025 17:56:59.075376987 CET | 443 | 49738 | 116.202.4.223 | 192.168.2.4 |
| Mar 13, 2025 17:56:59.083651066 CET | 49739 | 443 | 192.168.2.4 | 116.202.4.223 |
| Mar 13, 2025 17:56:59.083734989 CET | 443 | 49739 | 116.202.4.223 | 192.168.2.4 |
| Mar 13, 2025 17:56:59.083842993 CET | 49739 | 443 | 192.168.2.4 | 116.202.4.223 |
| Mar 13, 2025 17:56:59.084547997 CET | 49739 | 443 | 192.168.2.4 | 116.202.4.223 |
| Mar 13, 2025 17:56:59.084584951 CET | 443 | 49739 | 116.202.4.223 | 192.168.2.4 |
| Mar 13, 2025 17:57:06.421541929 CET | 443 | 49739 | 116.202.4.223 | 192.168.2.4 |
| Mar 13, 2025 17:57:06.421567917 CET | 443 | 49739 | 116.202.4.223 | 192.168.2.4 |
| Mar 13, 2025 17:57:06.421617985 CET | 49739 | 443 | 192.168.2.4 | 116.202.4.223 |
| Mar 13, 2025 17:57:06.421617985 CET | 49739 | 443 | 192.168.2.4 | 116.202.4.223 |
| Mar 13, 2025 17:57:06.421927929 CET | 49739 | 443 | 192.168.2.4 | 116.202.4.223 |
| Mar 13, 2025 17:57:06.421967030 CET | 443 | 49739 | 116.202.4.223 | 192.168.2.4 |
| Mar 13, 2025 17:57:06.422518015 CET | 49740 | 443 | 192.168.2.4 | 116.202.4.223 |
| Mar 13, 2025 17:57:06.422554970 CET | 443 | 49740 | 116.202.4.223 | 192.168.2.4 |
| Mar 13, 2025 17:57:06.422666073 CET | 49740 | 443 | 192.168.2.4 | 116.202.4.223 |
| Mar 13, 2025 17:57:06.422741890 CET | 49740 | 443 | 192.168.2.4 | 116.202.4.223 |
| Mar 13, 2025 17:57:06.422785044 CET | 443 | 49740 | 116.202.4.223 | 192.168.2.4 |
| Mar 13, 2025 17:57:06.422863960 CET | 49740 | 443 | 192.168.2.4 | 116.202.4.223 |
| Mar 13, 2025 17:57:06.423923016 CET | 49741 | 443 | 192.168.2.4 | 149.154.167.99 |
| Mar 13, 2025 17:57:06.423959970 CET | 443 | 49741 | 149.154.167.99 | 192.168.2.4 |
| Mar 13, 2025 17:57:06.424016953 CET | 49741 | 443 | 192.168.2.4 | 149.154.167.99 |
| Mar 13, 2025 17:57:06.424254894 CET | 49741 | 443 | 192.168.2.4 | 149.154.167.99 |
| Mar 13, 2025 17:57:06.424271107 CET | 443 | 49741 | 149.154.167.99 | 192.168.2.4 |
| Mar 13, 2025 17:57:08.191080093 CET | 443 | 49741 | 149.154.167.99 | 192.168.2.4 |
| Mar 13, 2025 17:57:08.191195965 CET | 49741 | 443 | 192.168.2.4 | 149.154.167.99 |
| Mar 13, 2025 17:57:08.195615053 CET | 49741 | 443 | 192.168.2.4 | 149.154.167.99 |
| Mar 13, 2025 17:57:08.195626020 CET | 443 | 49741 | 149.154.167.99 | 192.168.2.4 |
| Mar 13, 2025 17:57:08.197427034 CET | 49741 | 443 | 192.168.2.4 | 149.154.167.99 |
| Mar 13, 2025 17:57:08.197432995 CET | 443 | 49741 | 149.154.167.99 | 192.168.2.4 |
| Mar 13, 2025 17:57:09.204288960 CET | 443 | 49741 | 149.154.167.99 | 192.168.2.4 |
| Mar 13, 2025 17:57:09.204319000 CET | 443 | 49741 | 149.154.167.99 | 192.168.2.4 |
| Mar 13, 2025 17:57:09.204374075 CET | 443 | 49741 | 149.154.167.99 | 192.168.2.4 |
| Mar 13, 2025 17:57:09.204385996 CET | 49741 | 443 | 192.168.2.4 | 149.154.167.99 |
| Mar 13, 2025 17:57:09.204407930 CET | 49741 | 443 | 192.168.2.4 | 149.154.167.99 |
| Mar 13, 2025 17:57:09.204474926 CET | 49741 | 443 | 192.168.2.4 | 149.154.167.99 |
| Mar 13, 2025 17:57:09.204791069 CET | 49741 | 443 | 192.168.2.4 | 149.154.167.99 |
| Mar 13, 2025 17:57:09.204809904 CET | 443 | 49741 | 149.154.167.99 | 192.168.2.4 |
| Mar 13, 2025 17:57:09.206146002 CET | 49743 | 443 | 192.168.2.4 | 94.130.189.58 |
| Mar 13, 2025 17:57:09.206167936 CET | 443 | 49743 | 94.130.189.58 | 192.168.2.4 |
| Mar 13, 2025 17:57:09.206242085 CET | 49743 | 443 | 192.168.2.4 | 94.130.189.58 |
| Mar 13, 2025 17:57:09.206470013 CET | 49743 | 443 | 192.168.2.4 | 94.130.189.58 |
| Mar 13, 2025 17:57:09.206482887 CET | 443 | 49743 | 94.130.189.58 | 192.168.2.4 |
| Mar 13, 2025 17:57:11.880337000 CET | 443 | 49743 | 94.130.189.58 | 192.168.2.4 |
| Mar 13, 2025 17:57:11.880450964 CET | 49743 | 443 | 192.168.2.4 | 94.130.189.58 |
| Mar 13, 2025 17:57:11.912642002 CET | 49743 | 443 | 192.168.2.4 | 94.130.189.58 |
| Mar 13, 2025 17:57:11.912861109 CET | 443 | 49743 | 94.130.189.58 | 192.168.2.4 |
| Mar 13, 2025 17:57:11.912915945 CET | 49743 | 443 | 192.168.2.4 | 94.130.189.58 |
| Mar 13, 2025 17:57:11.913882017 CET | 49744 | 443 | 192.168.2.4 | 94.130.189.58 |
| Mar 13, 2025 17:57:11.913924932 CET | 443 | 49744 | 94.130.189.58 | 192.168.2.4 |
| Mar 13, 2025 17:57:11.913988113 CET | 49744 | 443 | 192.168.2.4 | 94.130.189.58 |
| Mar 13, 2025 17:57:11.915070057 CET | 49744 | 443 | 192.168.2.4 | 94.130.189.58 |
| Mar 13, 2025 17:57:11.915081978 CET | 443 | 49744 | 94.130.189.58 | 192.168.2.4 |
| Mar 13, 2025 17:57:14.687613964 CET | 443 | 49744 | 94.130.189.58 | 192.168.2.4 |
| Mar 13, 2025 17:57:14.687705040 CET | 49744 | 443 | 192.168.2.4 | 94.130.189.58 |
| Mar 13, 2025 17:57:14.688041925 CET | 49744 | 443 | 192.168.2.4 | 94.130.189.58 |
| Mar 13, 2025 17:57:14.688149929 CET | 443 | 49744 | 94.130.189.58 | 192.168.2.4 |
| Mar 13, 2025 17:57:14.688205004 CET | 49744 | 443 | 192.168.2.4 | 94.130.189.58 |
| Mar 13, 2025 17:57:14.688515902 CET | 49745 | 443 | 192.168.2.4 | 94.130.189.58 |
| Mar 13, 2025 17:57:14.688565016 CET | 443 | 49745 | 94.130.189.58 | 192.168.2.4 |
| Mar 13, 2025 17:57:14.688646078 CET | 49745 | 443 | 192.168.2.4 | 94.130.189.58 |
| Mar 13, 2025 17:57:14.688735008 CET | 49745 | 443 | 192.168.2.4 | 94.130.189.58 |
| Mar 13, 2025 17:57:14.688766003 CET | 443 | 49745 | 94.130.189.58 | 192.168.2.4 |
| Mar 13, 2025 17:57:14.688817978 CET | 49745 | 443 | 192.168.2.4 | 94.130.189.58 |
| Mar 13, 2025 17:57:14.690584898 CET | 49746 | 443 | 192.168.2.4 | 104.73.234.102 |
| Mar 13, 2025 17:57:14.690635920 CET | 443 | 49746 | 104.73.234.102 | 192.168.2.4 |
| Mar 13, 2025 17:57:14.690712929 CET | 49746 | 443 | 192.168.2.4 | 104.73.234.102 |
| Mar 13, 2025 17:57:14.691003084 CET | 49746 | 443 | 192.168.2.4 | 104.73.234.102 |
| Mar 13, 2025 17:57:14.691018105 CET | 443 | 49746 | 104.73.234.102 | 192.168.2.4 |
| Mar 13, 2025 17:57:16.147949934 CET | 443 | 49746 | 104.73.234.102 | 192.168.2.4 |
| Mar 13, 2025 17:57:16.148044109 CET | 49746 | 443 | 192.168.2.4 | 104.73.234.102 |
| Mar 13, 2025 17:57:16.148643017 CET | 49746 | 443 | 192.168.2.4 | 104.73.234.102 |
| Mar 13, 2025 17:57:16.148659945 CET | 443 | 49746 | 104.73.234.102 | 192.168.2.4 |
| Mar 13, 2025 17:57:16.150500059 CET | 49746 | 443 | 192.168.2.4 | 104.73.234.102 |
| Mar 13, 2025 17:57:16.150511026 CET | 443 | 49746 | 104.73.234.102 | 192.168.2.4 |
| Mar 13, 2025 17:57:16.986048937 CET | 443 | 49746 | 104.73.234.102 | 192.168.2.4 |
| Mar 13, 2025 17:57:16.986077070 CET | 443 | 49746 | 104.73.234.102 | 192.168.2.4 |
| Mar 13, 2025 17:57:16.986125946 CET | 443 | 49746 | 104.73.234.102 | 192.168.2.4 |
| Mar 13, 2025 17:57:16.986146927 CET | 49746 | 443 | 192.168.2.4 | 104.73.234.102 |
| Mar 13, 2025 17:57:16.986164093 CET | 443 | 49746 | 104.73.234.102 | 192.168.2.4 |
| Mar 13, 2025 17:57:16.986186028 CET | 49746 | 443 | 192.168.2.4 | 104.73.234.102 |
| Mar 13, 2025 17:57:16.986236095 CET | 49746 | 443 | 192.168.2.4 | 104.73.234.102 |
| Mar 13, 2025 17:57:17.114342928 CET | 443 | 49746 | 104.73.234.102 | 192.168.2.4 |
| Mar 13, 2025 17:57:17.114375114 CET | 443 | 49746 | 104.73.234.102 | 192.168.2.4 |
| Mar 13, 2025 17:57:17.114556074 CET | 49746 | 443 | 192.168.2.4 | 104.73.234.102 |
| Mar 13, 2025 17:57:17.114593983 CET | 443 | 49746 | 104.73.234.102 | 192.168.2.4 |
| Mar 13, 2025 17:57:17.114641905 CET | 49746 | 443 | 192.168.2.4 | 104.73.234.102 |
| Mar 13, 2025 17:57:17.120618105 CET | 443 | 49746 | 104.73.234.102 | 192.168.2.4 |
| Mar 13, 2025 17:57:17.120698929 CET | 49746 | 443 | 192.168.2.4 | 104.73.234.102 |
| Mar 13, 2025 17:57:17.124248028 CET | 443 | 49746 | 104.73.234.102 | 192.168.2.4 |
| Mar 13, 2025 17:57:17.124319077 CET | 49746 | 443 | 192.168.2.4 | 104.73.234.102 |
| Mar 13, 2025 17:57:17.124334097 CET | 443 | 49746 | 104.73.234.102 | 192.168.2.4 |
| Mar 13, 2025 17:57:17.124350071 CET | 443 | 49746 | 104.73.234.102 | 192.168.2.4 |
| Mar 13, 2025 17:57:17.124376059 CET | 49746 | 443 | 192.168.2.4 | 104.73.234.102 |
| Mar 13, 2025 17:57:17.124434948 CET | 49746 | 443 | 192.168.2.4 | 104.73.234.102 |
| Mar 13, 2025 17:57:17.124671936 CET | 49746 | 443 | 192.168.2.4 | 104.73.234.102 |
| Mar 13, 2025 17:57:17.124691010 CET | 443 | 49746 | 104.73.234.102 | 192.168.2.4 |
| Mar 13, 2025 17:57:17.124706984 CET | 49746 | 443 | 192.168.2.4 | 104.73.234.102 |
| Mar 13, 2025 17:57:17.124747992 CET | 49746 | 443 | 192.168.2.4 | 104.73.234.102 |
| Mar 13, 2025 17:57:17.133270025 CET | 49747 | 443 | 192.168.2.4 | 116.202.4.223 |
| Mar 13, 2025 17:57:17.133325100 CET | 443 | 49747 | 116.202.4.223 | 192.168.2.4 |
| Mar 13, 2025 17:57:17.133419991 CET | 49747 | 443 | 192.168.2.4 | 116.202.4.223 |
| Mar 13, 2025 17:57:17.133757114 CET | 49747 | 443 | 192.168.2.4 | 116.202.4.223 |
| Mar 13, 2025 17:57:17.133774996 CET | 443 | 49747 | 116.202.4.223 | 192.168.2.4 |
| Mar 13, 2025 17:57:24.478616953 CET | 443 | 49747 | 116.202.4.223 | 192.168.2.4 |
| Mar 13, 2025 17:57:24.478640079 CET | 443 | 49747 | 116.202.4.223 | 192.168.2.4 |
| Mar 13, 2025 17:57:24.478719950 CET | 49747 | 443 | 192.168.2.4 | 116.202.4.223 |
| Mar 13, 2025 17:57:24.478748083 CET | 49747 | 443 | 192.168.2.4 | 116.202.4.223 |
| Mar 13, 2025 17:57:24.479094028 CET | 49747 | 443 | 192.168.2.4 | 116.202.4.223 |
| Mar 13, 2025 17:57:24.479113102 CET | 443 | 49747 | 116.202.4.223 | 192.168.2.4 |
| Mar 13, 2025 17:57:24.479624033 CET | 49748 | 443 | 192.168.2.4 | 116.202.4.223 |
| Mar 13, 2025 17:57:24.479655981 CET | 443 | 49748 | 116.202.4.223 | 192.168.2.4 |
| Mar 13, 2025 17:57:24.479742050 CET | 49748 | 443 | 192.168.2.4 | 116.202.4.223 |
| Mar 13, 2025 17:57:24.480010986 CET | 49748 | 443 | 192.168.2.4 | 116.202.4.223 |
| Mar 13, 2025 17:57:24.480021954 CET | 443 | 49748 | 116.202.4.223 | 192.168.2.4 |
| Mar 13, 2025 17:57:31.884393930 CET | 443 | 49748 | 116.202.4.223 | 192.168.2.4 |
| Mar 13, 2025 17:57:31.884496927 CET | 49748 | 443 | 192.168.2.4 | 116.202.4.223 |
| Mar 13, 2025 17:57:31.884711027 CET | 443 | 49748 | 116.202.4.223 | 192.168.2.4 |
| Mar 13, 2025 17:57:31.884915113 CET | 49748 | 443 | 192.168.2.4 | 116.202.4.223 |
| Mar 13, 2025 17:57:31.885056973 CET | 49748 | 443 | 192.168.2.4 | 116.202.4.223 |
| Mar 13, 2025 17:57:31.885067940 CET | 443 | 49748 | 116.202.4.223 | 192.168.2.4 |
| Mar 13, 2025 17:57:31.885637999 CET | 49749 | 443 | 192.168.2.4 | 116.202.4.223 |
| Mar 13, 2025 17:57:31.885732889 CET | 443 | 49749 | 116.202.4.223 | 192.168.2.4 |
| Mar 13, 2025 17:57:31.885827065 CET | 49749 | 443 | 192.168.2.4 | 116.202.4.223 |
| Mar 13, 2025 17:57:31.885900021 CET | 49749 | 443 | 192.168.2.4 | 116.202.4.223 |
| Mar 13, 2025 17:57:31.885940075 CET | 443 | 49749 | 116.202.4.223 | 192.168.2.4 |
| Mar 13, 2025 17:57:31.885992050 CET | 49749 | 443 | 192.168.2.4 | 116.202.4.223 |
| Mar 13, 2025 17:57:31.886941910 CET | 49750 | 443 | 192.168.2.4 | 149.154.167.99 |
| Mar 13, 2025 17:57:31.886981964 CET | 443 | 49750 | 149.154.167.99 | 192.168.2.4 |
| Mar 13, 2025 17:57:31.887052059 CET | 49750 | 443 | 192.168.2.4 | 149.154.167.99 |
| Mar 13, 2025 17:57:31.887258053 CET | 49750 | 443 | 192.168.2.4 | 149.154.167.99 |
| Mar 13, 2025 17:57:31.887268066 CET | 443 | 49750 | 149.154.167.99 | 192.168.2.4 |
| Mar 13, 2025 17:57:33.600135088 CET | 443 | 49750 | 149.154.167.99 | 192.168.2.4 |
| Mar 13, 2025 17:57:33.600243092 CET | 49750 | 443 | 192.168.2.4 | 149.154.167.99 |
| Mar 13, 2025 17:57:33.600843906 CET | 49750 | 443 | 192.168.2.4 | 149.154.167.99 |
| Mar 13, 2025 17:57:33.600855112 CET | 443 | 49750 | 149.154.167.99 | 192.168.2.4 |
| Mar 13, 2025 17:57:33.602622986 CET | 49750 | 443 | 192.168.2.4 | 149.154.167.99 |
| Mar 13, 2025 17:57:33.602627993 CET | 443 | 49750 | 149.154.167.99 | 192.168.2.4 |
| Mar 13, 2025 17:57:34.942665100 CET | 443 | 49750 | 149.154.167.99 | 192.168.2.4 |
| Mar 13, 2025 17:57:34.942692995 CET | 443 | 49750 | 149.154.167.99 | 192.168.2.4 |
| Mar 13, 2025 17:57:34.942733049 CET | 443 | 49750 | 149.154.167.99 | 192.168.2.4 |
| Mar 13, 2025 17:57:34.942759991 CET | 443 | 49750 | 149.154.167.99 | 192.168.2.4 |
| Mar 13, 2025 17:57:34.942804098 CET | 49750 | 443 | 192.168.2.4 | 149.154.167.99 |
| Mar 13, 2025 17:57:34.942862988 CET | 49750 | 443 | 192.168.2.4 | 149.154.167.99 |
| Mar 13, 2025 17:57:34.943526983 CET | 49750 | 443 | 192.168.2.4 | 149.154.167.99 |
| Mar 13, 2025 17:57:34.943543911 CET | 443 | 49750 | 149.154.167.99 | 192.168.2.4 |
| Mar 13, 2025 17:57:34.946594000 CET | 49751 | 443 | 192.168.2.4 | 94.130.189.58 |
| Mar 13, 2025 17:57:34.946634054 CET | 443 | 49751 | 94.130.189.58 | 192.168.2.4 |
| Mar 13, 2025 17:57:34.946738958 CET | 49751 | 443 | 192.168.2.4 | 94.130.189.58 |
| Mar 13, 2025 17:57:34.947014093 CET | 49751 | 443 | 192.168.2.4 | 94.130.189.58 |
| Mar 13, 2025 17:57:34.947026014 CET | 443 | 49751 | 94.130.189.58 | 192.168.2.4 |
| Mar 13, 2025 17:57:37.883702993 CET | 443 | 49751 | 94.130.189.58 | 192.168.2.4 |
| Mar 13, 2025 17:57:37.883780956 CET | 49751 | 443 | 192.168.2.4 | 94.130.189.58 |
| Mar 13, 2025 17:57:37.884537935 CET | 49751 | 443 | 192.168.2.4 | 94.130.189.58 |
| Mar 13, 2025 17:57:37.884768963 CET | 443 | 49751 | 94.130.189.58 | 192.168.2.4 |
| Mar 13, 2025 17:57:37.884824991 CET | 49751 | 443 | 192.168.2.4 | 94.130.189.58 |
| Mar 13, 2025 17:57:37.885525942 CET | 49752 | 443 | 192.168.2.4 | 94.130.189.58 |
| Mar 13, 2025 17:57:37.885587931 CET | 443 | 49752 | 94.130.189.58 | 192.168.2.4 |
| Mar 13, 2025 17:57:37.885658026 CET | 49752 | 443 | 192.168.2.4 | 94.130.189.58 |
| Mar 13, 2025 17:57:37.886339903 CET | 49752 | 443 | 192.168.2.4 | 94.130.189.58 |
| Mar 13, 2025 17:57:37.886358976 CET | 443 | 49752 | 94.130.189.58 | 192.168.2.4 |
| Mar 13, 2025 17:57:40.560065031 CET | 443 | 49752 | 94.130.189.58 | 192.168.2.4 |
| Mar 13, 2025 17:57:40.560136080 CET | 49752 | 443 | 192.168.2.4 | 94.130.189.58 |
| Mar 13, 2025 17:57:40.560776949 CET | 49752 | 443 | 192.168.2.4 | 94.130.189.58 |
| Mar 13, 2025 17:57:40.560894966 CET | 443 | 49752 | 94.130.189.58 | 192.168.2.4 |
| Mar 13, 2025 17:57:40.560950041 CET | 49752 | 443 | 192.168.2.4 | 94.130.189.58 |
| Mar 13, 2025 17:57:40.561410904 CET | 49753 | 443 | 192.168.2.4 | 94.130.189.58 |
| Mar 13, 2025 17:57:40.561455965 CET | 443 | 49753 | 94.130.189.58 | 192.168.2.4 |
| Mar 13, 2025 17:57:40.561517000 CET | 49753 | 443 | 192.168.2.4 | 94.130.189.58 |
| Mar 13, 2025 17:57:40.561872959 CET | 49753 | 443 | 192.168.2.4 | 94.130.189.58 |
| Mar 13, 2025 17:57:40.561899900 CET | 443 | 49753 | 94.130.189.58 | 192.168.2.4 |
| Mar 13, 2025 17:57:40.561992884 CET | 49753 | 443 | 192.168.2.4 | 94.130.189.58 |
| Mar 13, 2025 17:57:40.666836023 CET | 49754 | 443 | 192.168.2.4 | 149.154.167.99 |
| Mar 13, 2025 17:57:40.666876078 CET | 443 | 49754 | 149.154.167.99 | 192.168.2.4 |
| Mar 13, 2025 17:57:40.666984081 CET | 49754 | 443 | 192.168.2.4 | 149.154.167.99 |
| Mar 13, 2025 17:57:40.667360067 CET | 49754 | 443 | 192.168.2.4 | 149.154.167.99 |
| Mar 13, 2025 17:57:40.667372942 CET | 443 | 49754 | 149.154.167.99 | 192.168.2.4 |
| Mar 13, 2025 17:57:42.158335924 CET | 443 | 49754 | 149.154.167.99 | 192.168.2.4 |
| Mar 13, 2025 17:57:42.158416033 CET | 49754 | 443 | 192.168.2.4 | 149.154.167.99 |
| Mar 13, 2025 17:57:42.158999920 CET | 49754 | 443 | 192.168.2.4 | 149.154.167.99 |
| Mar 13, 2025 17:57:42.159010887 CET | 443 | 49754 | 149.154.167.99 | 192.168.2.4 |
| Mar 13, 2025 17:57:42.160782099 CET | 49754 | 443 | 192.168.2.4 | 149.154.167.99 |
| Mar 13, 2025 17:57:42.160787106 CET | 443 | 49754 | 149.154.167.99 | 192.168.2.4 |
| Mar 13, 2025 17:57:42.780863047 CET | 443 | 49754 | 149.154.167.99 | 192.168.2.4 |
| Mar 13, 2025 17:57:42.780894995 CET | 443 | 49754 | 149.154.167.99 | 192.168.2.4 |
| Mar 13, 2025 17:57:42.780946970 CET | 443 | 49754 | 149.154.167.99 | 192.168.2.4 |
| Mar 13, 2025 17:57:42.780976057 CET | 443 | 49754 | 149.154.167.99 | 192.168.2.4 |
| Mar 13, 2025 17:57:42.780976057 CET | 49754 | 443 | 192.168.2.4 | 149.154.167.99 |
| Mar 13, 2025 17:57:42.781002045 CET | 49754 | 443 | 192.168.2.4 | 149.154.167.99 |
| Mar 13, 2025 17:57:42.781048059 CET | 49754 | 443 | 192.168.2.4 | 149.154.167.99 |
| Mar 13, 2025 17:57:42.781255960 CET | 49754 | 443 | 192.168.2.4 | 149.154.167.99 |
| Mar 13, 2025 17:57:42.781275034 CET | 443 | 49754 | 149.154.167.99 | 192.168.2.4 |
| Mar 13, 2025 17:57:42.782561064 CET | 49755 | 443 | 192.168.2.4 | 94.130.189.58 |
| Mar 13, 2025 17:57:42.782591105 CET | 443 | 49755 | 94.130.189.58 | 192.168.2.4 |
| Mar 13, 2025 17:57:42.782665014 CET | 49755 | 443 | 192.168.2.4 | 94.130.189.58 |
| Mar 13, 2025 17:57:42.782901049 CET | 49755 | 443 | 192.168.2.4 | 94.130.189.58 |
| Mar 13, 2025 17:57:42.782912016 CET | 443 | 49755 | 94.130.189.58 | 192.168.2.4 |
| Mar 13, 2025 17:57:45.476777077 CET | 443 | 49755 | 94.130.189.58 | 192.168.2.4 |
| Mar 13, 2025 17:57:45.476831913 CET | 49755 | 443 | 192.168.2.4 | 94.130.189.58 |
| Mar 13, 2025 17:57:45.477173090 CET | 49755 | 443 | 192.168.2.4 | 94.130.189.58 |
| Mar 13, 2025 17:57:45.477294922 CET | 443 | 49755 | 94.130.189.58 | 192.168.2.4 |
| Mar 13, 2025 17:57:45.477344990 CET | 49755 | 443 | 192.168.2.4 | 94.130.189.58 |
| Mar 13, 2025 17:57:45.477628946 CET | 49756 | 443 | 192.168.2.4 | 94.130.189.58 |
| Mar 13, 2025 17:57:45.477684021 CET | 443 | 49756 | 94.130.189.58 | 192.168.2.4 |
| Mar 13, 2025 17:57:45.477761030 CET | 49756 | 443 | 192.168.2.4 | 94.130.189.58 |
| Mar 13, 2025 17:57:45.478032112 CET | 49756 | 443 | 192.168.2.4 | 94.130.189.58 |
| Mar 13, 2025 17:57:45.478046894 CET | 443 | 49756 | 94.130.189.58 | 192.168.2.4 |
| Mar 13, 2025 17:57:48.248529911 CET | 443 | 49756 | 94.130.189.58 | 192.168.2.4 |
| Mar 13, 2025 17:57:48.248666048 CET | 49756 | 443 | 192.168.2.4 | 94.130.189.58 |
| Mar 13, 2025 17:57:48.249032974 CET | 49756 | 443 | 192.168.2.4 | 94.130.189.58 |
| Mar 13, 2025 17:57:48.249162912 CET | 443 | 49756 | 94.130.189.58 | 192.168.2.4 |
| Mar 13, 2025 17:57:48.249474049 CET | 49756 | 443 | 192.168.2.4 | 94.130.189.58 |
| Mar 13, 2025 17:57:48.249528885 CET | 49757 | 443 | 192.168.2.4 | 94.130.189.58 |
| Mar 13, 2025 17:57:48.249564886 CET | 443 | 49757 | 94.130.189.58 | 192.168.2.4 |
| Mar 13, 2025 17:57:48.249653101 CET | 49757 | 443 | 192.168.2.4 | 94.130.189.58 |
| Mar 13, 2025 17:57:48.249732018 CET | 49757 | 443 | 192.168.2.4 | 94.130.189.58 |
| Mar 13, 2025 17:57:48.249764919 CET | 443 | 49757 | 94.130.189.58 | 192.168.2.4 |
| Mar 13, 2025 17:57:48.251513958 CET | 49758 | 443 | 192.168.2.4 | 104.73.234.102 |
| Mar 13, 2025 17:57:48.251553059 CET | 443 | 49758 | 104.73.234.102 | 192.168.2.4 |
| Mar 13, 2025 17:57:48.251580000 CET | 49757 | 443 | 192.168.2.4 | 94.130.189.58 |
| Mar 13, 2025 17:57:48.251617908 CET | 49758 | 443 | 192.168.2.4 | 104.73.234.102 |
| Mar 13, 2025 17:57:48.251836061 CET | 49758 | 443 | 192.168.2.4 | 104.73.234.102 |
| Mar 13, 2025 17:57:48.251848936 CET | 443 | 49758 | 104.73.234.102 | 192.168.2.4 |
| Mar 13, 2025 17:57:49.784418106 CET | 443 | 49758 | 104.73.234.102 | 192.168.2.4 |
| Mar 13, 2025 17:57:49.784512043 CET | 49758 | 443 | 192.168.2.4 | 104.73.234.102 |
| Mar 13, 2025 17:57:49.843489885 CET | 49758 | 443 | 192.168.2.4 | 104.73.234.102 |
| Mar 13, 2025 17:57:49.843511105 CET | 443 | 49758 | 104.73.234.102 | 192.168.2.4 |
| Mar 13, 2025 17:57:49.845390081 CET | 49758 | 443 | 192.168.2.4 | 104.73.234.102 |
| Mar 13, 2025 17:57:49.845401049 CET | 443 | 49758 | 104.73.234.102 | 192.168.2.4 |
| Mar 13, 2025 17:57:50.726402044 CET | 443 | 49758 | 104.73.234.102 | 192.168.2.4 |
| Mar 13, 2025 17:57:50.726428032 CET | 443 | 49758 | 104.73.234.102 | 192.168.2.4 |
| Mar 13, 2025 17:57:50.726443052 CET | 443 | 49758 | 104.73.234.102 | 192.168.2.4 |
| Mar 13, 2025 17:57:50.726476908 CET | 49758 | 443 | 192.168.2.4 | 104.73.234.102 |
| Mar 13, 2025 17:57:50.726499081 CET | 443 | 49758 | 104.73.234.102 | 192.168.2.4 |
| Mar 13, 2025 17:57:50.726531029 CET | 49758 | 443 | 192.168.2.4 | 104.73.234.102 |
| Mar 13, 2025 17:57:50.726562023 CET | 49758 | 443 | 192.168.2.4 | 104.73.234.102 |
| Mar 13, 2025 17:57:50.853735924 CET | 443 | 49758 | 104.73.234.102 | 192.168.2.4 |
| Mar 13, 2025 17:57:50.853758097 CET | 443 | 49758 | 104.73.234.102 | 192.168.2.4 |
| Mar 13, 2025 17:57:50.853838921 CET | 49758 | 443 | 192.168.2.4 | 104.73.234.102 |
| Mar 13, 2025 17:57:50.853858948 CET | 443 | 49758 | 104.73.234.102 | 192.168.2.4 |
| Mar 13, 2025 17:57:50.853904963 CET | 49758 | 443 | 192.168.2.4 | 104.73.234.102 |
| Mar 13, 2025 17:57:50.880563974 CET | 443 | 49758 | 104.73.234.102 | 192.168.2.4 |
| Mar 13, 2025 17:57:50.880656958 CET | 49758 | 443 | 192.168.2.4 | 104.73.234.102 |
| Mar 13, 2025 17:57:50.881834984 CET | 443 | 49758 | 104.73.234.102 | 192.168.2.4 |
| Mar 13, 2025 17:57:50.881897926 CET | 49758 | 443 | 192.168.2.4 | 104.73.234.102 |
| Mar 13, 2025 17:57:50.881905079 CET | 443 | 49758 | 104.73.234.102 | 192.168.2.4 |
| Mar 13, 2025 17:57:50.881917000 CET | 443 | 49758 | 104.73.234.102 | 192.168.2.4 |
| Mar 13, 2025 17:57:50.881958008 CET | 49758 | 443 | 192.168.2.4 | 104.73.234.102 |
| Mar 13, 2025 17:57:50.882138968 CET | 49758 | 443 | 192.168.2.4 | 104.73.234.102 |
| Mar 13, 2025 17:57:50.882149935 CET | 443 | 49758 | 104.73.234.102 | 192.168.2.4 |
| Mar 13, 2025 17:57:50.882158995 CET | 49758 | 443 | 192.168.2.4 | 104.73.234.102 |
| Mar 13, 2025 17:57:50.882200003 CET | 49758 | 443 | 192.168.2.4 | 104.73.234.102 |
| Mar 13, 2025 17:57:50.890517950 CET | 49759 | 443 | 192.168.2.4 | 116.202.4.223 |
| Mar 13, 2025 17:57:50.890573025 CET | 443 | 49759 | 116.202.4.223 | 192.168.2.4 |
| Mar 13, 2025 17:57:50.890698910 CET | 49759 | 443 | 192.168.2.4 | 116.202.4.223 |
| Mar 13, 2025 17:57:50.890985012 CET | 49759 | 443 | 192.168.2.4 | 116.202.4.223 |
| Mar 13, 2025 17:57:50.891002893 CET | 443 | 49759 | 116.202.4.223 | 192.168.2.4 |
| Mar 13, 2025 17:57:58.247931004 CET | 443 | 49759 | 116.202.4.223 | 192.168.2.4 |
| Mar 13, 2025 17:57:58.248009920 CET | 443 | 49759 | 116.202.4.223 | 192.168.2.4 |
| Mar 13, 2025 17:57:58.248048067 CET | 49759 | 443 | 192.168.2.4 | 116.202.4.223 |
| Mar 13, 2025 17:57:58.248126030 CET | 49759 | 443 | 192.168.2.4 | 116.202.4.223 |
| Mar 13, 2025 17:57:58.248429060 CET | 49759 | 443 | 192.168.2.4 | 116.202.4.223 |
| Mar 13, 2025 17:57:58.248473883 CET | 443 | 49759 | 116.202.4.223 | 192.168.2.4 |
| Mar 13, 2025 17:57:58.248972893 CET | 49760 | 443 | 192.168.2.4 | 116.202.4.223 |
| Mar 13, 2025 17:57:58.249023914 CET | 443 | 49760 | 116.202.4.223 | 192.168.2.4 |
| Mar 13, 2025 17:57:58.249111891 CET | 49760 | 443 | 192.168.2.4 | 116.202.4.223 |
| Mar 13, 2025 17:57:58.249342918 CET | 49760 | 443 | 192.168.2.4 | 116.202.4.223 |
| Mar 13, 2025 17:57:58.249372959 CET | 443 | 49760 | 116.202.4.223 | 192.168.2.4 |
| Mar 13, 2025 17:58:05.686486959 CET | 443 | 49760 | 116.202.4.223 | 192.168.2.4 |
| Mar 13, 2025 17:58:05.686517954 CET | 443 | 49760 | 116.202.4.223 | 192.168.2.4 |
| Mar 13, 2025 17:58:05.686618090 CET | 49760 | 443 | 192.168.2.4 | 116.202.4.223 |
| Mar 13, 2025 17:58:05.686647892 CET | 49760 | 443 | 192.168.2.4 | 116.202.4.223 |
| Mar 13, 2025 17:58:05.687444925 CET | 49760 | 443 | 192.168.2.4 | 116.202.4.223 |
| Mar 13, 2025 17:58:05.687467098 CET | 443 | 49760 | 116.202.4.223 | 192.168.2.4 |
| Mar 13, 2025 17:58:05.688127995 CET | 49761 | 443 | 192.168.2.4 | 116.202.4.223 |
| Mar 13, 2025 17:58:05.688159943 CET | 443 | 49761 | 116.202.4.223 | 192.168.2.4 |
| Mar 13, 2025 17:58:05.688235998 CET | 49761 | 443 | 192.168.2.4 | 116.202.4.223 |
| Mar 13, 2025 17:58:05.688523054 CET | 49761 | 443 | 192.168.2.4 | 116.202.4.223 |
| Mar 13, 2025 17:58:05.688561916 CET | 443 | 49761 | 116.202.4.223 | 192.168.2.4 |
| Mar 13, 2025 17:58:05.688615084 CET | 49761 | 443 | 192.168.2.4 | 116.202.4.223 |
| Mar 13, 2025 17:58:05.690136909 CET | 49762 | 443 | 192.168.2.4 | 149.154.167.99 |
| Mar 13, 2025 17:58:05.690171003 CET | 443 | 49762 | 149.154.167.99 | 192.168.2.4 |
| Mar 13, 2025 17:58:05.690241098 CET | 49762 | 443 | 192.168.2.4 | 149.154.167.99 |
| Mar 13, 2025 17:58:05.690779924 CET | 49762 | 443 | 192.168.2.4 | 149.154.167.99 |
| Mar 13, 2025 17:58:05.690794945 CET | 443 | 49762 | 149.154.167.99 | 192.168.2.4 |
| Mar 13, 2025 17:58:07.172420979 CET | 443 | 49762 | 149.154.167.99 | 192.168.2.4 |
| Mar 13, 2025 17:58:07.172614098 CET | 49762 | 443 | 192.168.2.4 | 149.154.167.99 |
| Mar 13, 2025 17:58:07.173032045 CET | 49762 | 443 | 192.168.2.4 | 149.154.167.99 |
| Mar 13, 2025 17:58:07.173043966 CET | 443 | 49762 | 149.154.167.99 | 192.168.2.4 |
| Mar 13, 2025 17:58:07.174954891 CET | 49762 | 443 | 192.168.2.4 | 149.154.167.99 |
| Mar 13, 2025 17:58:07.174962997 CET | 443 | 49762 | 149.154.167.99 | 192.168.2.4 |
| Mar 13, 2025 17:58:08.259567976 CET | 443 | 49762 | 149.154.167.99 | 192.168.2.4 |
| Mar 13, 2025 17:58:08.259618044 CET | 443 | 49762 | 149.154.167.99 | 192.168.2.4 |
| Mar 13, 2025 17:58:08.259651899 CET | 443 | 49762 | 149.154.167.99 | 192.168.2.4 |
| Mar 13, 2025 17:58:08.259673119 CET | 49762 | 443 | 192.168.2.4 | 149.154.167.99 |
| Mar 13, 2025 17:58:08.259691954 CET | 443 | 49762 | 149.154.167.99 | 192.168.2.4 |
| Mar 13, 2025 17:58:08.259706974 CET | 49762 | 443 | 192.168.2.4 | 149.154.167.99 |
| Mar 13, 2025 17:58:08.259742022 CET | 49762 | 443 | 192.168.2.4 | 149.154.167.99 |
| Mar 13, 2025 17:58:08.259768963 CET | 443 | 49762 | 149.154.167.99 | 192.168.2.4 |
| Mar 13, 2025 17:58:08.259824991 CET | 49762 | 443 | 192.168.2.4 | 149.154.167.99 |
| Mar 13, 2025 17:58:08.260124922 CET | 49762 | 443 | 192.168.2.4 | 149.154.167.99 |
| Mar 13, 2025 17:58:08.260139942 CET | 443 | 49762 | 149.154.167.99 | 192.168.2.4 |
| Mar 13, 2025 17:58:08.261616945 CET | 49763 | 443 | 192.168.2.4 | 94.130.189.58 |
| Mar 13, 2025 17:58:08.261673927 CET | 443 | 49763 | 94.130.189.58 | 192.168.2.4 |
| Mar 13, 2025 17:58:08.261761904 CET | 49763 | 443 | 192.168.2.4 | 94.130.189.58 |
| Mar 13, 2025 17:58:08.262108088 CET | 49763 | 443 | 192.168.2.4 | 94.130.189.58 |
| Mar 13, 2025 17:58:08.262126923 CET | 443 | 49763 | 94.130.189.58 | 192.168.2.4 |
| Mar 13, 2025 17:58:10.945246935 CET | 443 | 49763 | 94.130.189.58 | 192.168.2.4 |
| Mar 13, 2025 17:58:10.945322990 CET | 49763 | 443 | 192.168.2.4 | 94.130.189.58 |
| Mar 13, 2025 17:58:10.945729971 CET | 49763 | 443 | 192.168.2.4 | 94.130.189.58 |
| Mar 13, 2025 17:58:10.945908070 CET | 443 | 49763 | 94.130.189.58 | 192.168.2.4 |
| Mar 13, 2025 17:58:10.945976019 CET | 49763 | 443 | 192.168.2.4 | 94.130.189.58 |
| Mar 13, 2025 17:58:10.946430922 CET | 49764 | 443 | 192.168.2.4 | 94.130.189.58 |
| Mar 13, 2025 17:58:10.946471930 CET | 443 | 49764 | 94.130.189.58 | 192.168.2.4 |
| Mar 13, 2025 17:58:10.946563005 CET | 49764 | 443 | 192.168.2.4 | 94.130.189.58 |
| Mar 13, 2025 17:58:10.947371960 CET | 49764 | 443 | 192.168.2.4 | 94.130.189.58 |
| Mar 13, 2025 17:58:10.947386026 CET | 443 | 49764 | 94.130.189.58 | 192.168.2.4 |
| Mar 13, 2025 17:58:13.791251898 CET | 443 | 49764 | 94.130.189.58 | 192.168.2.4 |
| Mar 13, 2025 17:58:13.791327953 CET | 49764 | 443 | 192.168.2.4 | 94.130.189.58 |
| Mar 13, 2025 17:58:13.791666985 CET | 49764 | 443 | 192.168.2.4 | 94.130.189.58 |
| Mar 13, 2025 17:58:13.791800976 CET | 443 | 49764 | 94.130.189.58 | 192.168.2.4 |
| Mar 13, 2025 17:58:13.791878939 CET | 49764 | 443 | 192.168.2.4 | 94.130.189.58 |
| Mar 13, 2025 17:58:13.792182922 CET | 49765 | 443 | 192.168.2.4 | 94.130.189.58 |
| Mar 13, 2025 17:58:13.792227983 CET | 443 | 49765 | 94.130.189.58 | 192.168.2.4 |
| Mar 13, 2025 17:58:13.792310953 CET | 49765 | 443 | 192.168.2.4 | 94.130.189.58 |
| Mar 13, 2025 17:58:13.792393923 CET | 49765 | 443 | 192.168.2.4 | 94.130.189.58 |
| Mar 13, 2025 17:58:13.792418003 CET | 443 | 49765 | 94.130.189.58 | 192.168.2.4 |
| Mar 13, 2025 17:58:13.792467117 CET | 49765 | 443 | 192.168.2.4 | 94.130.189.58 |
| Mar 13, 2025 17:58:13.793806076 CET | 49766 | 443 | 192.168.2.4 | 104.73.234.102 |
| Mar 13, 2025 17:58:13.793829918 CET | 443 | 49766 | 104.73.234.102 | 192.168.2.4 |
| Mar 13, 2025 17:58:13.793900013 CET | 49766 | 443 | 192.168.2.4 | 104.73.234.102 |
| Mar 13, 2025 17:58:13.794090986 CET | 49766 | 443 | 192.168.2.4 | 104.73.234.102 |
| Mar 13, 2025 17:58:13.794106007 CET | 443 | 49766 | 104.73.234.102 | 192.168.2.4 |
| Mar 13, 2025 17:58:15.422239065 CET | 443 | 49766 | 104.73.234.102 | 192.168.2.4 |
| Mar 13, 2025 17:58:15.422324896 CET | 49766 | 443 | 192.168.2.4 | 104.73.234.102 |
| Mar 13, 2025 17:58:15.422844887 CET | 49766 | 443 | 192.168.2.4 | 104.73.234.102 |
| Mar 13, 2025 17:58:15.422849894 CET | 443 | 49766 | 104.73.234.102 | 192.168.2.4 |
| Mar 13, 2025 17:58:15.424676895 CET | 49766 | 443 | 192.168.2.4 | 104.73.234.102 |
| Mar 13, 2025 17:58:15.424683094 CET | 443 | 49766 | 104.73.234.102 | 192.168.2.4 |
| Mar 13, 2025 17:58:16.287408113 CET | 443 | 49766 | 104.73.234.102 | 192.168.2.4 |
| Mar 13, 2025 17:58:16.287441969 CET | 443 | 49766 | 104.73.234.102 | 192.168.2.4 |
| Mar 13, 2025 17:58:16.287507057 CET | 443 | 49766 | 104.73.234.102 | 192.168.2.4 |
| Mar 13, 2025 17:58:16.287657976 CET | 49766 | 443 | 192.168.2.4 | 104.73.234.102 |
| Mar 13, 2025 17:58:16.287657976 CET | 49766 | 443 | 192.168.2.4 | 104.73.234.102 |
| Mar 13, 2025 17:58:16.287688017 CET | 443 | 49766 | 104.73.234.102 | 192.168.2.4 |
| Mar 13, 2025 17:58:16.287753105 CET | 49766 | 443 | 192.168.2.4 | 104.73.234.102 |
| Mar 13, 2025 17:58:16.410489082 CET | 443 | 49766 | 104.73.234.102 | 192.168.2.4 |
| Mar 13, 2025 17:58:16.410514116 CET | 443 | 49766 | 104.73.234.102 | 192.168.2.4 |
| Mar 13, 2025 17:58:16.410597086 CET | 49766 | 443 | 192.168.2.4 | 104.73.234.102 |
| Mar 13, 2025 17:58:16.410614967 CET | 443 | 49766 | 104.73.234.102 | 192.168.2.4 |
| Mar 13, 2025 17:58:16.410665035 CET | 49766 | 443 | 192.168.2.4 | 104.73.234.102 |
| Mar 13, 2025 17:58:16.419007063 CET | 443 | 49766 | 104.73.234.102 | 192.168.2.4 |
| Mar 13, 2025 17:58:16.419111967 CET | 49766 | 443 | 192.168.2.4 | 104.73.234.102 |
| Mar 13, 2025 17:58:16.423544884 CET | 443 | 49766 | 104.73.234.102 | 192.168.2.4 |
| Mar 13, 2025 17:58:16.423624992 CET | 443 | 49766 | 104.73.234.102 | 192.168.2.4 |
| Mar 13, 2025 17:58:16.423626900 CET | 49766 | 443 | 192.168.2.4 | 104.73.234.102 |
| Mar 13, 2025 17:58:16.423686981 CET | 49766 | 443 | 192.168.2.4 | 104.73.234.102 |
| Mar 13, 2025 17:58:16.424150944 CET | 49766 | 443 | 192.168.2.4 | 104.73.234.102 |
| Mar 13, 2025 17:58:16.424170017 CET | 443 | 49766 | 104.73.234.102 | 192.168.2.4 |
| Mar 13, 2025 17:58:16.424180031 CET | 49766 | 443 | 192.168.2.4 | 104.73.234.102 |
| Mar 13, 2025 17:58:16.424226999 CET | 49766 | 443 | 192.168.2.4 | 104.73.234.102 |
| Mar 13, 2025 17:58:16.432024956 CET | 49767 | 443 | 192.168.2.4 | 116.202.4.223 |
| Mar 13, 2025 17:58:16.432085991 CET | 443 | 49767 | 116.202.4.223 | 192.168.2.4 |
| Mar 13, 2025 17:58:16.432189941 CET | 49767 | 443 | 192.168.2.4 | 116.202.4.223 |
| Mar 13, 2025 17:58:16.432429075 CET | 49767 | 443 | 192.168.2.4 | 116.202.4.223 |
| Mar 13, 2025 17:58:16.432446003 CET | 443 | 49767 | 116.202.4.223 | 192.168.2.4 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Mar 13, 2025 17:56:15.047991037 CET | 54032 | 53 | 192.168.2.4 | 1.1.1.1 |
| Mar 13, 2025 17:56:15.054508924 CET | 53 | 54032 | 1.1.1.1 | 192.168.2.4 |
| Mar 13, 2025 17:56:18.025444031 CET | 52244 | 53 | 192.168.2.4 | 1.1.1.1 |
| Mar 13, 2025 17:56:18.044212103 CET | 53 | 52244 | 1.1.1.1 | 192.168.2.4 |
| Mar 13, 2025 17:56:23.974246979 CET | 61662 | 53 | 192.168.2.4 | 1.1.1.1 |
| Mar 13, 2025 17:56:23.982294083 CET | 53 | 61662 | 1.1.1.1 | 192.168.2.4 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Mar 13, 2025 17:56:15.047991037 CET | 192.168.2.4 | 1.1.1.1 | 0x68b3 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Mar 13, 2025 17:56:18.025444031 CET | 192.168.2.4 | 1.1.1.1 | 0xce5a | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Mar 13, 2025 17:56:23.974246979 CET | 192.168.2.4 | 1.1.1.1 | 0xd752 | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Mar 13, 2025 17:56:15.054508924 CET | 1.1.1.1 | 192.168.2.4 | 0x68b3 | No error (0) | 149.154.167.99 | A (IP address) | IN (0x0001) | false | ||
| Mar 13, 2025 17:56:18.044212103 CET | 1.1.1.1 | 192.168.2.4 | 0xce5a | No error (0) | 94.130.189.58 | A (IP address) | IN (0x0001) | false | ||
| Mar 13, 2025 17:56:23.982294083 CET | 1.1.1.1 | 192.168.2.4 | 0xd752 | No error (0) | 104.73.234.102 | A (IP address) | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.4 | 49728 | 116.202.4.223 | 443 | 7856 | C:\Users\user\Desktop\Portals.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Mar 13, 2025 17:56:34.029870987 CET | 163 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.4 | 49731 | 116.202.4.223 | 443 | 7856 | C:\Users\user\Desktop\Portals.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Mar 13, 2025 17:56:41.444678068 CET | 163 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 2 | 192.168.2.4 | 49738 | 116.202.4.223 | 443 | 7856 | C:\Users\user\Desktop\Portals.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Mar 13, 2025 17:56:59.074902058 CET | 163 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 3 | 192.168.2.4 | 49739 | 116.202.4.223 | 443 | 7856 | C:\Users\user\Desktop\Portals.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Mar 13, 2025 17:57:06.421541929 CET | 163 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 4 | 192.168.2.4 | 49747 | 116.202.4.223 | 443 | 7856 | C:\Users\user\Desktop\Portals.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Mar 13, 2025 17:57:24.478616953 CET | 163 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 5 | 192.168.2.4 | 49748 | 116.202.4.223 | 443 | 7856 | C:\Users\user\Desktop\Portals.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Mar 13, 2025 17:57:31.884393930 CET | 163 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 6 | 192.168.2.4 | 49759 | 116.202.4.223 | 443 | 7856 | C:\Users\user\Desktop\Portals.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Mar 13, 2025 17:57:58.247931004 CET | 163 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 7 | 192.168.2.4 | 49760 | 116.202.4.223 | 443 | 7856 | C:\Users\user\Desktop\Portals.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Mar 13, 2025 17:58:05.686486959 CET | 163 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.4 | 49717 | 149.154.167.99 | 443 | 7856 | C:\Users\user\Desktop\Portals.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-13 16:56:16 UTC | 85 | OUT | |
| 2025-03-13 16:56:18 UTC | 511 | IN | |
| 2025-03-13 16:56:18 UTC | 12330 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.4 | 49726 | 104.73.234.102 | 443 | 7856 | C:\Users\user\Desktop\Portals.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-13 16:56:25 UTC | 119 | OUT | |
| 2025-03-13 16:56:26 UTC | 1962 | IN | |
| 2025-03-13 16:56:26 UTC | 14422 | IN | |
| 2025-03-13 16:56:26 UTC | 16384 | IN | |
| 2025-03-13 16:56:26 UTC | 3762 | IN | |
| 2025-03-13 16:56:26 UTC | 3534 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 2 | 192.168.2.4 | 49733 | 149.154.167.99 | 443 | 7856 | C:\Users\user\Desktop\Portals.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-13 16:56:42 UTC | 143 | OUT | |
| 2025-03-13 16:56:43 UTC | 369 | IN | |
| 2025-03-13 16:56:43 UTC | 12330 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 3 | 192.168.2.4 | 49737 | 104.73.234.102 | 443 | 7856 | C:\Users\user\Desktop\Portals.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-13 16:56:50 UTC | 215 | OUT | |
| 2025-03-13 16:56:51 UTC | 1778 | IN | |
| 2025-03-13 16:56:51 UTC | 14606 | IN | |
| 2025-03-13 16:56:51 UTC | 16384 | IN | |
| 2025-03-13 16:56:51 UTC | 3578 | IN | |
| 2025-03-13 16:56:51 UTC | 3534 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 4 | 192.168.2.4 | 49741 | 149.154.167.99 | 443 | 7856 | C:\Users\user\Desktop\Portals.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-13 16:57:08 UTC | 143 | OUT | |
| 2025-03-13 16:57:09 UTC | 369 | IN | |
| 2025-03-13 16:57:09 UTC | 12330 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 5 | 192.168.2.4 | 49746 | 104.73.234.102 | 443 | 7856 | C:\Users\user\Desktop\Portals.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-13 16:57:16 UTC | 215 | OUT | |
| 2025-03-13 16:57:16 UTC | 1778 | IN | |
| 2025-03-13 16:57:16 UTC | 14606 | IN | |
| 2025-03-13 16:57:17 UTC | 16384 | IN | |
| 2025-03-13 16:57:17 UTC | 3578 | IN | |
| 2025-03-13 16:57:17 UTC | 3534 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 6 | 192.168.2.4 | 49750 | 149.154.167.99 | 443 | 7856 | C:\Users\user\Desktop\Portals.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-13 16:57:33 UTC | 143 | OUT | |
| 2025-03-13 16:57:34 UTC | 369 | IN | |
| 2025-03-13 16:57:34 UTC | 12329 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 7 | 192.168.2.4 | 49754 | 149.154.167.99 | 443 | 7856 | C:\Users\user\Desktop\Portals.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-13 16:57:42 UTC | 143 | OUT | |
| 2025-03-13 16:57:42 UTC | 369 | IN | |
| 2025-03-13 16:57:42 UTC | 12328 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 8 | 192.168.2.4 | 49758 | 104.73.234.102 | 443 | 7856 | C:\Users\user\Desktop\Portals.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-13 16:57:49 UTC | 215 | OUT | |
| 2025-03-13 16:57:50 UTC | 1778 | IN | |
| 2025-03-13 16:57:50 UTC | 14606 | IN | |
| 2025-03-13 16:57:50 UTC | 16384 | IN | |
| 2025-03-13 16:57:50 UTC | 3578 | IN | |
| 2025-03-13 16:57:50 UTC | 3534 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 9 | 192.168.2.4 | 49762 | 149.154.167.99 | 443 | 7856 | C:\Users\user\Desktop\Portals.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-13 16:58:07 UTC | 143 | OUT | |
| 2025-03-13 16:58:08 UTC | 369 | IN | |
| 2025-03-13 16:58:08 UTC | 12329 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 10 | 192.168.2.4 | 49766 | 104.73.234.102 | 443 | 7856 | C:\Users\user\Desktop\Portals.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-13 16:58:15 UTC | 215 | OUT | |
| 2025-03-13 16:58:16 UTC | 1778 | IN | |
| 2025-03-13 16:58:16 UTC | 14606 | IN | |
| 2025-03-13 16:58:16 UTC | 16384 | IN | |
| 2025-03-13 16:58:16 UTC | 3578 | IN | |
| 2025-03-13 16:58:16 UTC | 3534 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 12:56:12 |
| Start date: | 13/03/2025 |
| Path: | C:\Users\user\Desktop\Portals.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x910000 |
| File size: | 152'576 bytes |
| MD5 hash: | 1F2C4AC075B7A79917C290F0B9FD27B6 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | low |
| Has exited: | true |
| Target ID: | 1 |
| Start time: | 12:56:13 |
| Start date: | 13/03/2025 |
| Path: | C:\Users\user\Desktop\Portals.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x970000 |
| File size: | 152'576 bytes |
| MD5 hash: | 1F2C4AC075B7A79917C290F0B9FD27B6 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
| Has exited: | false |
| Target ID: | 3 |
| Start time: | 12:56:13 |
| Start date: | 13/03/2025 |
| Path: | C:\Windows\SysWOW64\WerFault.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xd50000 |
| File size: | 483'680 bytes |
| MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |