Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	March 3, 2022, 5:08 p.m.	March 3, 2022, 5:12 p.m.

Size	604.0KB
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`6cc3dc76cafdf5e34067999a76d7d9eb`
SHA256	`ade4d52dac792f27b4ad48d0ff5b23308e96fb4361ae577e04e27ef6b2065797`
CRC32	`E6EFE55E`
ssdeep	`12288:ZxpNJJJ2NHPoczJOOtIhxf3foRXIa5EPwvA:Zx2gczJOFf3fnaFvA`
Yara	Malicious_Packer_Zero - Malicious Packer PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsPE32 - (no description) IsDLL - (no description) Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file

rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\DyMNglRY5B4abPy1hH.dll,DllRegisterServer
2860
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\DyMNglRY5B4abPy1hH.dll,DllRegisterClass
2776
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\DyMNglRY5B4abPy1hH.dll,DllUnregisterClass
2952
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\DyMNglRY5B4abPy1hH.dll,DllUnregisterServer
3040
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\DyMNglRY5B4abPy1hH.dll,
2116

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
103.41.204.169	Active	Moloch
116.124.128.206	Active	Moloch
128.199.192.135	Active	Moloch
139.196.72.155	Active	Moloch
159.69.237.188	Active	Moloch
168.119.39.118	Active	Moloch
185.148.168.15	Active	Moloch
185.168.130.138	Active	Moloch
185.184.25.78	Active	Moloch
186.250.48.5	Active	Moloch
190.90.233.66	Active	Moloch
194.9.172.107	Active	Moloch
195.77.239.39	Active	Moloch
198.199.98.78	Active	Moloch
37.44.244.177	Active	Moloch
37.59.209.141	Active	Moloch
54.37.228.122	Active	Moloch
54.38.242.185	Active	Moloch
68.183.93.250	Active	Moloch
78.47.204.80	Active	Moloch
87.106.97.83	Active	Moloch
93.104.209.107	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
TCP 168.119.39.118:443 -> 192.168.56.101:49173	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49172 -> 168.119.39.118:443	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 192.168.56.101:49171 -> 168.119.39.118:443	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 192.168.56.101:49168 -> 186.250.48.5:80	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 192.168.56.101:49175 -> 185.168.130.138:443	2404308	ET CNC Feodo Tracker Reported CnC Server group 9	A Network Trojan was detected
TCP 186.250.48.5:80 -> 192.168.56.101:49169	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49175 -> 185.168.130.138:443	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 185.184.25.78:8080 -> 192.168.56.101:49194	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 198.199.98.78:8080 -> 192.168.56.101:49186	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 185.168.130.138:443 -> 192.168.56.101:49177	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49197 -> 116.124.128.206:8080	2404302	ET CNC Feodo Tracker Reported CnC Server group 3	A Network Trojan was detected
TCP 192.168.56.101:49197 -> 116.124.128.206:8080	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 192.168.56.101:49196 -> 116.124.128.206:8080	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 192.168.56.101:49192 -> 185.184.25.78:8080	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 192.168.56.101:49201 -> 139.196.72.155:8080	2404304	ET CNC Feodo Tracker Reported CnC Server group 5	A Network Trojan was detected
TCP 116.124.128.206:8080 -> 192.168.56.101:49198	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49193 -> 185.184.25.78:8080	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 192.168.56.101:49201 -> 139.196.72.155:8080	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 192.168.56.101:49185 -> 198.199.98.78:8080	2404311	ET CNC Feodo Tracker Reported CnC Server group 12	A Network Trojan was detected
TCP 192.168.56.101:49205 -> 128.199.192.135:8080	2404303	ET CNC Feodo Tracker Reported CnC Server group 4	A Network Trojan was detected
TCP 192.168.56.101:49185 -> 198.199.98.78:8080	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 192.168.56.101:49200 -> 139.196.72.155:8080	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 192.168.56.101:49205 -> 128.199.192.135:8080	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 192.168.56.101:49188 -> 87.106.97.83:7080	2404322	ET CNC Feodo Tracker Reported CnC Server group 23	A Network Trojan was detected
TCP 139.196.72.155:8080 -> 192.168.56.101:49202	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49204 -> 128.199.192.135:8080	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 128.199.192.135:8080 -> 192.168.56.101:49206	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49167 -> 186.250.48.5:80	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 192.168.56.101:49176 -> 185.168.130.138:443	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 192.168.56.101:49184 -> 198.199.98.78:8080	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic

Suricata TLS

No Suricata TLS

Queries for the computername (1 event)

Time & API	Arguments	Status	Return	Repeated
GetComputerNameA March 3, 2022, 5:08 p.m.	computer_name: TEST22-PC	1	1	0

Checks if process is being debugged by a debugger (4 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent March 3, 2022, 5:08 p.m.			0	0
IsDebuggerPresent March 3, 2022, 5:08 p.m.			0	0
IsDebuggerPresent March 3, 2022, 5:08 p.m.			0	0
IsDebuggerPresent March 3, 2022, 5:08 p.m.			0	0

The file contains an unknown PE resource name possibly indicative of a packer (1 event)

resource name

ЛЗЦЫЙШП

Communication to multiple IPs on high port numbers possibly indicative of a peer-to-peer (P2P) or non-standard command and control protocol (5 events)

ip	116.124.128.206
ip	128.199.192.135
ip	139.196.72.155
ip	185.184.25.78
ip	198.199.98.78

Allocates read-write-execute memory (usually to unpack itself) (39 events)

Time & API	Arguments	Status
NtProtectVirtualMemory March 3, 2022, 5:08 p.m.	process_identifier: 2776 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x1003e000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 3, 2022, 5:08 p.m.	process_identifier: 2776 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73e01000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 3, 2022, 5:08 p.m.	process_identifier: 2776 region_size: 143360 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00320000 allocation_type: 12289 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtProtectVirtualMemory March 3, 2022, 5:08 p.m.	process_identifier: 2776 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73d20000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 3, 2022, 5:08 p.m.	process_identifier: 2776 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73d91000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 3, 2022, 5:08 p.m.	process_identifier: 2776 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73cd4000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 3, 2022, 5:08 p.m.	process_identifier: 2776 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73d92000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 3, 2022, 5:08 p.m.	process_identifier: 2776 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x742e1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 3, 2022, 5:08 p.m.	process_identifier: 2860 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x1003e000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 3, 2022, 5:08 p.m.	process_identifier: 2860 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73e01000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 3, 2022, 5:08 p.m.	process_identifier: 2860 region_size: 143360 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00380000 allocation_type: 12289 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtProtectVirtualMemory March 3, 2022, 5:08 p.m.	process_identifier: 2860 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73d20000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 3, 2022, 5:08 p.m.	process_identifier: 2860 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73d91000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 3, 2022, 5:08 p.m.	process_identifier: 2860 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73c34000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 3, 2022, 5:08 p.m.	process_identifier: 2860 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73d92000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 3, 2022, 5:08 p.m.	process_identifier: 2860 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x746d1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 3, 2022, 5:08 p.m.	process_identifier: 2860 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x742e1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 3, 2022, 5:08 p.m.	process_identifier: 2860 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76941000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 3, 2022, 5:08 p.m.	process_identifier: 2860 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75291000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 3, 2022, 5:08 p.m.	process_identifier: 2860 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x750c1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 3, 2022, 5:08 p.m.	process_identifier: 2860 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76451000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 3, 2022, 5:08 p.m.	process_identifier: 2860 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73c71000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 3, 2022, 5:08 p.m.	process_identifier: 2860 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73b91000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 3, 2022, 5:08 p.m.	process_identifier: 2952 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x1003e000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 3, 2022, 5:08 p.m.	process_identifier: 2952 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73e01000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 3, 2022, 5:08 p.m.	process_identifier: 2952 region_size: 143360 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003e0000 allocation_type: 12289 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtProtectVirtualMemory March 3, 2022, 5:08 p.m.	process_identifier: 2952 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73d90000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 3, 2022, 5:08 p.m.	process_identifier: 2952 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73ca1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 3, 2022, 5:08 p.m.	process_identifier: 2952 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73c64000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 3, 2022, 5:08 p.m.	process_identifier: 2952 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73ca2000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 3, 2022, 5:08 p.m.	process_identifier: 2952 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x746d1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 3, 2022, 5:08 p.m.	process_identifier: 3040 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x1003e000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 3, 2022, 5:08 p.m.	process_identifier: 3040 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73e01000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 3, 2022, 5:08 p.m.	process_identifier: 3040 region_size: 143360 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00310000 allocation_type: 12289 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtProtectVirtualMemory March 3, 2022, 5:08 p.m.	process_identifier: 3040 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73d20000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 3, 2022, 5:08 p.m.	process_identifier: 3040 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73d91000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 3, 2022, 5:08 p.m.	process_identifier: 3040 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73cd4000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 3, 2022, 5:08 p.m.	process_identifier: 3040 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73d92000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 3, 2022, 5:08 p.m.	process_identifier: 3040 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x742e1000 process_handle: 0xffffffff	1

Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (2 events)

Time & API	Arguments	Status	Return	Repeated
Process32NextW March 3, 2022, 5:08 p.m.	snapshot_handle: 0x00000160 process_name: wsqmcons.exe process_identifier: 2552	1	1	0
Process32NextW March 3, 2022, 5:08 p.m.	snapshot_handle: 0x00000160 process_name: rundll32.exe process_identifier: 2860	1	1	0

Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory March 3, 2022, 5:08 p.m.	process_identifier: 2776 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 139264 protection: 32 (PAGE_EXECUTE_READ) base_address: 0x00361000 process_handle: 0xffffffff	1	0	0

Expresses interest in specific running processes (1 event)

process

rundll32.exe

Communicates with host for which no DNS query was performed (22 events)

host	103.41.204.169
host	116.124.128.206
host	128.199.192.135
host	139.196.72.155
host	159.69.237.188
host	168.119.39.118
host	185.148.168.15
host	185.168.130.138
host	185.184.25.78
host	186.250.48.5
host	190.90.233.66
host	194.9.172.107
host	195.77.239.39
host	198.199.98.78
host	37.44.244.177
host	37.59.209.141
host	54.37.228.122
host	54.38.242.185
host	68.183.93.250
host	78.47.204.80
host	87.106.97.83
host	93.104.209.107

File has been identified by 12 AntiVirus engines on VirusTotal as malicious (12 events)

Elastic	malicious (high confidence)
FireEye	Generic.mg.6cc3dc76cafdf5e3
Cyren	W32/Emotet.EGJ.gen!Eldorado
ESET-NOD32	a variant of Win32/GenKryptik.FRMF
Kaspersky	VHO:Trojan-Banker.Win32.Emotet.gen
Avast	Win32:BotX-gen [Trj]
Sophos	ML/PE-A
Antiy-AVL	Trojan/Generic.ASCommon.21F
AhnLab-V3	Trojan/Win.Emotet.C4991478
Rising	Trojan.Emotet!8.B95 (C64:YzY0Oh0vshRw7Vz3)
Fortinet	W32/Emotet.C!tr
AVG	Win32:BotX-gen [Trj]

Generates some ICMP traffic

Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (22 events)

dead_host	192.168.56.101:49191
dead_host	87.106.97.83:7080
dead_host	192.168.56.101:49211
dead_host	68.183.93.250:443
dead_host	159.69.237.188:443
dead_host	78.47.204.80:443
dead_host	103.41.204.169:8080
dead_host	192.168.56.101:49208
dead_host	190.90.233.66:443
dead_host	195.77.239.39:8080
dead_host	192.168.56.101:49181
dead_host	192.168.56.101:49189
dead_host	54.38.242.185:443
dead_host	54.37.228.122:443
dead_host	192.168.56.101:49209
dead_host	192.168.56.101:49182
dead_host	37.44.244.177:8080
dead_host	192.168.56.101:49179
dead_host	192.168.56.101:49210
dead_host	93.104.209.107:8080
dead_host	185.148.168.15:8080
dead_host	194.9.172.107:8080

DyMNglRY5B4abPy1hH

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All