Windows
Analysis Report
YWwcRHSpbw.exe
Overview
General Information
Sample name: | YWwcRHSpbw.exerenamed because original name is a hash value |
Original sample name: | 26ce123ca4fb973543d48c2da9ece87e.exe |
Analysis ID: | 1417238 |
MD5: | 26ce123ca4fb973543d48c2da9ece87e |
SHA1: | ab474a3c06831b4f673f400f912f77cd3fd154fd |
SHA256: | 2952319efa611dd3cd0704bd8bf3f6bce423cd88aace8e28e51b19c672d209cf |
Tags: | exe |
Infos: | |
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- YWwcRHSpbw.exe (PID: 6280 cmdline:
"C:\Users\ user\Deskt op\YWwcRHS pbw.exe" MD5: 26CE123CA4FB973543D48C2DA9ECE87E) - explorer.exe (PID: 3504 cmdline:
C:\Windows \Explorer. EXE MD5: 662F4F92FDE3557E86D110526BB578D5)
- twiufas (PID: 7604 cmdline:
C:\Users\u ser\AppDat a\Roaming\ twiufas MD5: 26CE123CA4FB973543D48C2DA9ECE87E)
- twiufas (PID: 8064 cmdline:
C:\Users\u ser\AppDat a\Roaming\ twiufas MD5: 26CE123CA4FB973543D48C2DA9ECE87E)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
SmokeLoader | The SmokeLoader family is a generic backdoor with a range of capabilities which depend on the modules included in any given build of the malware. The malware is delivered in a variety of ways and is broadly associated with criminal activity. The malware frequently tries to hide its C2 activity by generating requests to legitimate sites such as microsoft.com, bing.com, adobe.com, and others. Typically the actual Download returns an HTTP 404 but still contains data in the Response Body. |
{"Version": 2022, "C2 list": ["http://nidoe.org/tmp/index.php", "http://sodez.ru/tmp/index.php", "http://uama.com.ua/tmp/index.php", "http://talesofpirates.net/tmp/index.php"]}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
Windows_Trojan_Smokeloader_3687686f | unknown | unknown |
| |
JoeSecurity_SmokeLoader_2 | Yara detected SmokeLoader | Joe Security | ||
Windows_Trojan_Smokeloader_4e31426e | unknown | unknown |
| |
JoeSecurity_SmokeLoader_2 | Yara detected SmokeLoader | Joe Security | ||
Windows_Trojan_Smokeloader_4e31426e | unknown | unknown |
| |
Click to see the 13 entries |
System Summary |
---|
Source: | Author: Max Altgelt (Nextron Systems): |
Timestamp: | 03/28/24-20:00:21.318246 |
SID: | 2039103 |
Source Port: | 49724 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 03/28/24-20:00:24.523097 |
SID: | 2039103 |
Source Port: | 49727 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 03/28/24-20:01:15.381599 |
SID: | 2039103 |
Source Port: | 49739 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 03/28/24-20:00:35.719655 |
SID: | 2039103 |
Source Port: | 49733 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 03/28/24-20:00:14.748860 |
SID: | 2039103 |
Source Port: | 49718 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 03/28/24-19:58:54.404720 |
SID: | 2039103 |
Source Port: | 49710 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 03/28/24-20:00:55.495696 |
SID: | 2039103 |
Source Port: | 49736 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 03/28/24-20:00:34.772533 |
SID: | 2039103 |
Source Port: | 49732 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 03/28/24-20:01:33.861830 |
SID: | 2039103 |
Source Port: | 49741 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 03/28/24-20:00:23.131958 |
SID: | 2039103 |
Source Port: | 49726 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 03/28/24-20:00:50.046098 |
SID: | 2039103 |
Source Port: | 49735 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 03/28/24-19:58:53.441397 |
SID: | 2039103 |
Source Port: | 49709 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 03/28/24-19:58:56.497783 |
SID: | 2039103 |
Source Port: | 49712 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 03/28/24-20:00:31.831114 |
SID: | 2039103 |
Source Port: | 49730 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 03/28/24-19:59:00.605756 |
SID: | 2039103 |
Source Port: | 49715 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 03/28/24-20:02:29.387636 |
SID: | 2039103 |
Source Port: | 49746 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 03/28/24-20:00:30.844195 |
SID: | 2039103 |
Source Port: | 49729 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 03/28/24-20:01:52.917941 |
SID: | 2039103 |
Source Port: | 49743 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 03/28/24-20:01:09.758971 |
SID: | 2039103 |
Source Port: | 49738 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 03/28/24-20:00:17.914443 |
SID: | 2039103 |
Source Port: | 49721 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 03/28/24-20:01:21.239438 |
SID: | 2039103 |
Source Port: | 49740 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 03/28/24-19:58:55.357484 |
SID: | 2039103 |
Source Port: | 49711 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 03/28/24-20:00:33.098407 |
SID: | 2039103 |
Source Port: | 49731 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 03/28/24-20:01:43.045246 |
SID: | 2039103 |
Source Port: | 49742 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 03/28/24-20:01:01.282543 |
SID: | 2039103 |
Source Port: | 49737 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 03/28/24-20:02:19.687654 |
SID: | 2039103 |
Source Port: | 49745 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 03/28/24-19:58:59.643445 |
SID: | 2039103 |
Source Port: | 49714 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 03/28/24-20:00:13.724586 |
SID: | 2039103 |
Source Port: | 49717 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 03/28/24-20:00:20.073096 |
SID: | 2039103 |
Source Port: | 49723 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 03/28/24-19:58:52.687019 |
SID: | 2039103 |
Source Port: | 49708 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 03/28/24-20:02:07.725194 |
SID: | 2039103 |
Source Port: | 49744 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 03/28/24-20:00:15.932204 |
SID: | 2039103 |
Source Port: | 49719 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 03/28/24-19:58:58.694495 |
SID: | 2039103 |
Source Port: | 49713 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 03/28/24-20:00:16.875290 |
SID: | 2039103 |
Source Port: | 49720 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 03/28/24-20:00:18.969488 |
SID: | 2039103 |
Source Port: | 49722 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 03/28/24-20:00:25.956570 |
SID: | 2039103 |
Source Port: | 49728 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 03/28/24-20:00:41.915869 |
SID: | 2039103 |
Source Port: | 49734 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 03/28/24-20:00:22.261540 |
SID: | 2039103 |
Source Port: | 49725 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: |
Source: | Avira: |
Source: | Malware Configuration Extractor: |
Source: | ReversingLabs: |
Source: | ReversingLabs: |
Source: | Joe Sandbox ML: |
Source: | Joe Sandbox ML: |
Source: | Static PE information: |
Source: | File opened: | Jump to behavior |
Source: | Binary string: | ||
Source: | Binary string: |
Networking |
---|
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: |
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior |
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: |
Source: | IP Address: |
Source: | ASN Name: | ||
Source: | ASN Name: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Key, Mouse, Clipboard, Microphone and Screen Capturing |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Process Stats: |
Source: | Code function: | 1_2_004013ED | |
Source: | Code function: | 1_2_00401507 | |
Source: | Code function: | 1_2_00401518 | |
Source: | Code function: | 1_2_0040141C | |
Source: | Code function: | 1_2_0040151C | |
Source: | Code function: | 1_2_0040142C | |
Source: | Code function: | 1_2_004032D5 | |
Source: | Code function: | 1_2_004014E2 | |
Source: | Code function: | 1_2_004013EC | |
Source: | Code function: | 1_2_004014ED | |
Source: | Code function: | 1_2_004013F9 | |
Source: | Code function: | 1_2_00402381 | |
Source: | Code function: | 11_2_004013ED | |
Source: | Code function: | 11_2_00401507 | |
Source: | Code function: | 11_2_00401518 | |
Source: | Code function: | 11_2_0040141C | |
Source: | Code function: | 11_2_0040151C | |
Source: | Code function: | 11_2_0040142C | |
Source: | Code function: | 11_2_004032D5 | |
Source: | Code function: | 11_2_004014E2 | |
Source: | Code function: | 11_2_004013EC | |
Source: | Code function: | 11_2_004014ED | |
Source: | Code function: | 11_2_004013F9 | |
Source: | Code function: | 11_2_00402381 | |
Source: | Code function: | 14_2_004013ED | |
Source: | Code function: | 14_2_00401507 | |
Source: | Code function: | 14_2_00401518 | |
Source: | Code function: | 14_2_0040141C | |
Source: | Code function: | 14_2_0040151C | |
Source: | Code function: | 14_2_0040142C | |
Source: | Code function: | 14_2_004014E2 | |
Source: | Code function: | 14_2_004013EC | |
Source: | Code function: | 14_2_004014ED | |
Source: | Code function: | 14_2_004013F9 | |
Source: | Code function: | 14_2_00402381 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Classification label: |
Source: | Code function: | 1_2_00B24F9A |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | ReversingLabs: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Key value queried: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Data Obfuscation |
---|
Source: | Unpacked PE file: | ||
Source: | Unpacked PE file: | ||
Source: | Unpacked PE file: |
Source: | Code function: | 1_2_00401211 | |
Source: | Code function: | 1_2_00401737 | |
Source: | Code function: | 1_2_004032BE | |
Source: | Code function: | 1_2_00B2C9BE | |
Source: | Code function: | 1_2_00B293DB | |
Source: | Code function: | 1_2_00B25C43 | |
Source: | Code function: | 1_2_00B2C645 | |
Source: | Code function: | 1_2_02721278 | |
Source: | Code function: | 11_2_00401211 | |
Source: | Code function: | 11_2_00401737 | |
Source: | Code function: | 11_2_004032BE | |
Source: | Code function: | 11_2_00C5519B | |
Source: | Code function: | 11_2_00C5BB9D | |
Source: | Code function: | 11_2_00C5BF16 | |
Source: | Code function: | 11_2_00C58933 | |
Source: | Code function: | 11_2_02621278 | |
Source: | Code function: | 14_2_00401211 | |
Source: | Code function: | 14_2_00401737 | |
Source: | Code function: | 14_2_004032BE | |
Source: | Code function: | 14_2_00C71278 | |
Source: | Code function: | 14_2_00E2DBDB | |
Source: | Code function: | 14_2_00E311BE | |
Source: | Code function: | 14_2_00E30E45 | |
Source: | Code function: | 14_2_00E2A443 |
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to dropped file |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | File deleted: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | System information queried: | Jump to behavior |
Source: | Process information queried: | Jump to behavior |
Anti Debugging |
---|
Source: | System information queried: | Jump to behavior | ||
Source: | System information queried: | Jump to behavior | ||
Source: | System information queried: | Jump to behavior |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Source: | Code function: | 1_2_00B24877 | |
Source: | Code function: | 1_2_0272092B | |
Source: | Code function: | 1_2_02720D90 | |
Source: | Code function: | 11_2_00C53DCF | |
Source: | Code function: | 11_2_0262092B | |
Source: | Code function: | 11_2_02620D90 | |
Source: | Code function: | 14_2_00C70D90 | |
Source: | Code function: | 14_2_00C7092B | |
Source: | Code function: | 14_2_00E29077 |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | File created: | Jump to dropped file |
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior |
Source: | Thread created: | Jump to behavior | ||
Source: | Thread created: | Jump to behavior | ||
Source: | Thread created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Exploitation for Client Execution | 1 DLL Side-Loading | 32 Process Injection | 11 Masquerading | OS Credential Dumping | 411 Security Software Discovery | Remote Services | Data from Local System | 2 Non-Application Layer Protocol | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 12 Virtualization/Sandbox Evasion | LSASS Memory | 12 Virtualization/Sandbox Evasion | Remote Desktop Protocol | Data from Removable Media | 112 Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 32 Process Injection | Security Account Manager | 3 Process Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Steganography | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Hidden Files and Directories | NTDS | 1 Application Window Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Obfuscated Files or Information | LSA Secrets | 1 File and Directory Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 Software Packing | Cached Domain Credentials | 2 System Information Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 1 DLL Side-Loading | DCSync | Remote System Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 1 File Deletion | Proc Filesystem | System Owner/User Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
82% | ReversingLabs | Win32.Trojan.Privateloader | ||
100% | Avira | HEUR/AGEN.1313018 | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira | HEUR/AGEN.1313018 | ||
100% | Joe Sandbox ML | |||
82% | ReversingLabs | Win32.Trojan.Privateloader |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
nidoe.org | 187.211.208.213 | true | true | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
2.180.10.7 | unknown | Iran (ISLAMIC Republic Of) | 58224 | TCIIR | true | |
187.211.208.213 | nidoe.org | Mexico | 8151 | UninetSAdeCVMX | true |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1417238 |
Start date and time: | 2024-03-28 19:57:36 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 8m 53s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 15 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 1 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | YWwcRHSpbw.exerenamed because original name is a hash value |
Original Sample Name: | 26ce123ca4fb973543d48c2da9ece87e.exe |
Detection: | MAL |
Classification: | mal100.troj.evad.winEXE@3/2@8/2 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 104.96.220.106, 104.96.220.131, 104.96.220.114, 104.96.220.123, 104.96.220.121, 104.96.220.115, 104.96.220.107, 104.96.220.105, 104.96.220.128
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, a767.dspw65.akamai.net, wu-bg-shim.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, download.windowsupdate.com.edgesuite.net
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtEnumerateKey calls found.
- Report size getting too big, too many NtOpenKey calls found.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- VT rate limit hit for: YWwcRHSpbw.exe
Time | Type | Description |
---|---|---|
18:58:48 | Task Scheduler | |
19:58:33 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
2.180.10.7 | Get hash | malicious | LummaC, Glupteba, LummaC Stealer, Mars Stealer, SmokeLoader, Socks5Systemz, Stealc | Browse |
| |
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | LummaC, Glupteba, LummaC Stealer, SmokeLoader, Stealc, Xmrig | Browse |
| ||
Get hash | malicious | LummaC, Babuk, Clipboard Hijacker, Djvu, Glupteba, LummaC Stealer, PureLog Stealer | Browse |
| ||
Get hash | malicious | LummaC, Babuk, Clipboard Hijacker, Djvu, Glupteba, LummaC Stealer, SmokeLoader | Browse |
| ||
Get hash | malicious | Amadey, SmokeLoader | Browse |
| ||
Get hash | malicious | LummaC, Clipboard Hijacker, Djvu, PureLog Stealer, RedLine, RisePro Stealer, SmokeLoader | Browse |
| ||
Get hash | malicious | LummaC, Glupteba, PureLog Stealer, RisePro Stealer, SmokeLoader, Stealc, zgRAT | Browse |
| ||
Get hash | malicious | LummaC, Glupteba, SmokeLoader, Socks5Systemz, Stealc | Browse |
| ||
Get hash | malicious | LummaC, Clipboard Hijacker, LummaC Stealer, SmokeLoader | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
nidoe.org | Get hash | malicious | Amadey, Glupteba, Mars Stealer, PureLog Stealer, RedLine, RisePro Stealer, SmokeLoader | Browse |
| |
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | LummaC, Glupteba, LummaC Stealer, Mars Stealer, PureLog Stealer, SmokeLoader, Socks5Systemz | Browse |
| ||
Get hash | malicious | LummaC, Glupteba, LummaC Stealer, Mars Stealer, PureLog Stealer, SmokeLoader, Socks5Systemz | Browse |
| ||
Get hash | malicious | LummaC, Glupteba, LummaC Stealer, Mars Stealer, SmokeLoader, Socks5Systemz, Stealc | Browse |
| ||
Get hash | malicious | LummaC, Glupteba, LummaC Stealer, Mars Stealer, PureLog Stealer, SmokeLoader, Socks5Systemz | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
UninetSAdeCVMX | Get hash | malicious | LummaC, Babuk, Clipboard Hijacker, Djvu, Glupteba, LummaC Stealer, SmokeLoader | Browse |
| |
Get hash | malicious | LummaC, Babuk, Clipboard Hijacker, Djvu, Glupteba, LummaC Stealer, SmokeLoader | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Moobot | Browse |
| ||
TCIIR | Get hash | malicious | Mirai | Browse |
| |
Get hash | malicious | Amadey, Glupteba, Mars Stealer, PureLog Stealer, RedLine, RisePro Stealer, SmokeLoader | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | LummaC, Babuk, Clipboard Hijacker, Djvu, LummaC Stealer, PureLog Stealer, SmokeLoader | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai, Moobot | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai, Moobot | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai, Gafgyt | Browse |
|
Process: | C:\Windows\explorer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 316416 |
Entropy (8bit): | 5.867681128250901 |
Encrypted: | false |
SSDEEP: | 6144:0L8EEnOV4QFDXk44lMZzx+dzj8aYI0FjT:0BEn+FDXXZVKzgQ0F3 |
MD5: | 26CE123CA4FB973543D48C2DA9ECE87E |
SHA1: | AB474A3C06831B4F673F400F912F77CD3FD154FD |
SHA-256: | 2952319EFA611DD3CD0704BD8BF3F6BCE423CD88AACE8E28E51B19C672D209CF |
SHA-512: | 502AA5D8C6C1A2902F22048D862B7D92A008D5A5C34862BD876851275E8217AFAD479BF02810DE60B06F5BA6A557E758D12DD67418F927C784BB464553EB22B7 |
Malicious: | true |
Antivirus: |
|
Reputation: | low |
Preview: |
Process: | C:\Windows\explorer.exe |
File Type: | |
Category: | modified |
Size (bytes): | 26 |
Entropy (8bit): | 3.95006375643621 |
Encrypted: | false |
SSDEEP: | 3:ggPYV:rPYV |
MD5: | 187F488E27DB4AF347237FE461A079AD |
SHA1: | 6693BA299EC1881249D59262276A0D2CB21F8E64 |
SHA-256: | 255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309 |
SHA-512: | 89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E |
Malicious: | true |
Reputation: | high, very likely benign file |
Preview: |
File type: | |
Entropy (8bit): | 5.867681128250901 |
TrID: |
|
File name: | YWwcRHSpbw.exe |
File size: | 316'416 bytes |
MD5: | 26ce123ca4fb973543d48c2da9ece87e |
SHA1: | ab474a3c06831b4f673f400f912f77cd3fd154fd |
SHA256: | 2952319efa611dd3cd0704bd8bf3f6bce423cd88aace8e28e51b19c672d209cf |
SHA512: | 502aa5d8c6c1a2902f22048d862b7d92a008d5a5c34862bd876851275e8217afad479bf02810de60b06f5ba6a557e758d12dd67418f927c784bb464553eb22b7 |
SSDEEP: | 6144:0L8EEnOV4QFDXk44lMZzx+dzj8aYI0FjT:0BEn+FDXXZVKzgQ0F3 |
TLSH: | 80648D1372D2FC60E66247F28D2DCAE8223EF9628E556B6733586F0F34711A1E263751 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...............................................................................................................PE..L....'(d........... |
Icon Hash: | 63796de971436e0f |
Entrypoint: | 0x403fb6 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | TERMINAL_SERVER_AWARE |
Time Stamp: | 0x642827F1 [Sat Apr 1 12:47:45 2023 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 1 |
File Version Major: | 5 |
File Version Minor: | 1 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 1 |
Import Hash: | 72e186f4643d828245a9b4274ecaa3d8 |
Instruction |
---|
call 00007F3CFCB293C0h |
jmp 00007F3CFCB23ED5h |
push 00000014h |
push 00417748h |
call 00007F3CFCB271D9h |
call 00007F3CFCB29591h |
movzx esi, ax |
push 00000002h |
call 00007F3CFCB29353h |
pop ecx |
mov eax, 00005A4Dh |
cmp word ptr [00400000h], ax |
je 00007F3CFCB23ED6h |
xor ebx, ebx |
jmp 00007F3CFCB23F05h |
mov eax, dword ptr [0040003Ch] |
cmp dword ptr [eax+00400000h], 00004550h |
jne 00007F3CFCB23EBDh |
mov ecx, 0000010Bh |
cmp word ptr [eax+00400018h], cx |
jne 00007F3CFCB23EAFh |
xor ebx, ebx |
cmp dword ptr [eax+00400074h], 0Eh |
jbe 00007F3CFCB23EDBh |
cmp dword ptr [eax+004000E8h], ebx |
setne bl |
mov dword ptr [ebp-1Ch], ebx |
call 00007F3CFCB28DC6h |
test eax, eax |
jne 00007F3CFCB23EDAh |
push 0000001Ch |
call 00007F3CFCB23FB1h |
pop ecx |
call 00007F3CFCB2632Ah |
test eax, eax |
jne 00007F3CFCB23EDAh |
push 00000010h |
call 00007F3CFCB23FA0h |
pop ecx |
call 00007F3CFCB293CCh |
and dword ptr [ebp-04h], 00000000h |
call 00007F3CFCB2848Ch |
test eax, eax |
jns 00007F3CFCB23EDAh |
push 0000001Bh |
call 00007F3CFCB23F86h |
pop ecx |
call dword ptr [004100C0h] |
mov dword ptr [00AE35D0h], eax |
call 00007F3CFCB293E7h |
mov dword ptr [0043CE2Ch], eax |
call 00007F3CFCB28D8Ah |
test eax, eax |
jns 00007F3CFCB23EDAh |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x17b54 | 0x50 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x6e4000 | 0x11938 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x10200 | 0x38 | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x17050 | 0x40 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x10000 | 0x19c | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0xefb0 | 0xf000 | 627c2bbc84c23470c81e72aa908663ba | False | 0.6009602864583333 | data | 6.726451166516608 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x10000 | 0x84ce | 0x8600 | 50382fe5b666a3a8eaee0ca0ca4b28a5 | False | 0.44656599813432835 | data | 5.0632413479490905 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x19000 | 0x6ca5d4 | 0x24000 | 450eac5f42dcc1888c0e19268509add2 | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0x6e4000 | 0x11938 | 0x11a00 | 66d8ea407932d617d10e27e35c5382d0 | False | 0.342863475177305 | data | 4.387804298100789 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
CODADUVUKOLELIHUCIFIC | 0x6ee090 | 0x9e7 | ASCII text, with very long lines (2535), with no line terminators | Romanian | Romania | 0.6055226824457594 |
RT_CURSOR | 0x6eea78 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 0 | 0.2953091684434968 | ||
RT_CURSOR | 0x6ef920 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 0 | 0.46705776173285196 | ||
RT_CURSOR | 0x6f01c8 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 0 | 0.5361271676300579 | ||
RT_CURSOR | 0x6f0760 | 0x130 | Device independent bitmap graphic, 32 x 64 x 1, image size 0 | 0.4375 | ||
RT_CURSOR | 0x6f0890 | 0xb0 | Device independent bitmap graphic, 16 x 32 x 1, image size 0 | 0.44886363636363635 | ||
RT_CURSOR | 0x6f0968 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 0 | 0.27238805970149255 | ||
RT_CURSOR | 0x6f1810 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 0 | 0.375 | ||
RT_CURSOR | 0x6f20b8 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 0 | 0.5057803468208093 | ||
RT_CURSOR | 0x6f2650 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 0 | 0.30943496801705755 | ||
RT_CURSOR | 0x6f34f8 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 0 | 0.427797833935018 | ||
RT_CURSOR | 0x6f3da0 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 0 | 0.5469653179190751 | ||
RT_ICON | 0x6e4750 | 0x6c8 | Device independent bitmap graphic, 24 x 48 x 8, image size 0 | Romanian | Romania | 0.5305299539170507 |
RT_ICON | 0x6e4e18 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | Romanian | Romania | 0.4099585062240664 |
RT_ICON | 0x6e73c0 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | Romanian | Romania | 0.44858156028368795 |
RT_ICON | 0x6e7858 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors | Romanian | Romania | 0.5157249466950959 |
RT_ICON | 0x6e8700 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors | Romanian | Romania | 0.5117328519855595 |
RT_ICON | 0x6e8fa8 | 0x6c8 | Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colors | Romanian | Romania | 0.45852534562211983 |
RT_ICON | 0x6e9670 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors | Romanian | Romania | 0.4761560693641618 |
RT_ICON | 0x6e9bd8 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9216 | Romanian | Romania | 0.28101659751037344 |
RT_ICON | 0x6ec180 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4096 | Romanian | Romania | 0.3074577861163227 |
RT_ICON | 0x6ed228 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 2304 | Romanian | Romania | 0.3368852459016393 |
RT_ICON | 0x6edbb0 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1024 | Romanian | Romania | 0.37145390070921985 |
RT_STRING | 0x6f4528 | 0x326 | data | Romanian | Romania | 0.47766749379652607 |
RT_STRING | 0x6f4850 | 0x312 | data | Romanian | Romania | 0.47837150127226463 |
RT_STRING | 0x6f4b68 | 0x78a | data | Romanian | Romania | 0.42072538860103625 |
RT_STRING | 0x6f52f8 | 0x63e | data | Romanian | Romania | 0.4292866082603254 |
RT_GROUP_CURSOR | 0x6f0730 | 0x30 | data | 0.9375 | ||
RT_GROUP_CURSOR | 0x6f0940 | 0x22 | data | 1.0588235294117647 | ||
RT_GROUP_CURSOR | 0x6f2620 | 0x30 | data | 0.9375 | ||
RT_GROUP_CURSOR | 0x6f4308 | 0x30 | data | 0.9375 | ||
RT_GROUP_ICON | 0x6e7828 | 0x30 | data | Romanian | Romania | 0.9375 |
RT_GROUP_ICON | 0x6ee018 | 0x76 | data | Romanian | Romania | 0.6694915254237288 |
RT_VERSION | 0x6f4338 | 0x1f0 | MS Windows COFF PowerPC object file | 0.5564516129032258 |
DLL | Import |
---|---|
KERNEL32.dll | InterlockedIncrement, SetConsoleTextAttribute, ReadConsoleA, GetCurrentProcess, QueryDosDeviceA, CreateDirectoryW, GetFileAttributesExA, GetTickCount, GetCommConfig, GetWindowsDirectoryA, GlobalAlloc, GetVolumeInformationA, TerminateThread, GetLocaleInfoW, GetConsoleAliasExesLengthW, GetVersionExW, GetConsoleAliasW, SetSystemPowerState, GetModuleFileNameW, CreateFileW, GetHandleInformation, FindResourceA, GetCurrentDirectoryW, GetProcAddress, PeekConsoleInputW, RemoveDirectoryA, GetFirmwareEnvironmentVariableW, LoadLibraryA, WriteConsoleA, FindFirstVolumeMountPointW, GetNumberFormatW, GlobalFindAtomW, VirtualProtect, _lopen, GetCurrentProcessId, ResetWriteWatch, AreFileApisANSI, OutputDebugStringW, HeapReAlloc, LoadLibraryExW, GetLastError, GetEnvironmentVariableW, MultiByteToWideChar, EncodePointer, DecodePointer, ReadFile, GetCommandLineA, RaiseException, RtlUnwind, IsProcessorFeaturePresent, HeapFree, HeapAlloc, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, SetLastError, GetCurrentThreadId, EnterCriticalSection, LeaveCriticalSection, FlushFileBuffers, WriteFile, WideCharToMultiByte, GetConsoleCP, GetConsoleMode, DeleteCriticalSection, ExitProcess, GetModuleHandleExW, HeapSize, IsDebuggerPresent, SetFilePointerEx, GetStdHandle, GetFileType, GetStartupInfoW, GetProcessHeap, GetModuleFileNameA, QueryPerformanceCounter, GetSystemTimeAsFileTime, GetEnvironmentStringsW, FreeEnvironmentStringsW, UnhandledExceptionFilter, SetUnhandledExceptionFilter, InitializeCriticalSectionAndSpinCount, Sleep, TerminateProcess, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetModuleHandleW, GetStringTypeW, LCMapStringW, SetStdHandle, WriteConsoleW, CloseHandle |
USER32.dll | CharUpperBuffW, ChangeMenuA, CharLowerA, DrawAnimatedRects |
ADVAPI32.dll | ReadEventLogA |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
Romanian | Romania |
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
03/28/24-20:00:21.318246 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49724 | 80 | 192.168.2.9 | 187.211.208.213 |
03/28/24-20:00:24.523097 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49727 | 80 | 192.168.2.9 | 187.211.208.213 |
03/28/24-20:01:15.381599 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49739 | 80 | 192.168.2.9 | 187.211.208.213 |
03/28/24-20:00:35.719655 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49733 | 80 | 192.168.2.9 | 187.211.208.213 |
03/28/24-20:00:14.748860 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49718 | 80 | 192.168.2.9 | 187.211.208.213 |
03/28/24-19:58:54.404720 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49710 | 80 | 192.168.2.9 | 187.211.208.213 |
03/28/24-20:00:55.495696 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49736 | 80 | 192.168.2.9 | 187.211.208.213 |
03/28/24-20:00:34.772533 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49732 | 80 | 192.168.2.9 | 187.211.208.213 |
03/28/24-20:01:33.861830 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49741 | 80 | 192.168.2.9 | 2.180.10.7 |
03/28/24-20:00:23.131958 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49726 | 80 | 192.168.2.9 | 187.211.208.213 |
03/28/24-20:00:50.046098 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49735 | 80 | 192.168.2.9 | 187.211.208.213 |
03/28/24-19:58:53.441397 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49709 | 80 | 192.168.2.9 | 187.211.208.213 |
03/28/24-19:58:56.497783 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49712 | 80 | 192.168.2.9 | 187.211.208.213 |
03/28/24-20:00:31.831114 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49730 | 80 | 192.168.2.9 | 187.211.208.213 |
03/28/24-19:59:00.605756 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49715 | 80 | 192.168.2.9 | 187.211.208.213 |
03/28/24-20:02:29.387636 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49746 | 80 | 192.168.2.9 | 2.180.10.7 |
03/28/24-20:00:30.844195 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49729 | 80 | 192.168.2.9 | 187.211.208.213 |
03/28/24-20:01:52.917941 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49743 | 80 | 192.168.2.9 | 2.180.10.7 |
03/28/24-20:01:09.758971 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49738 | 80 | 192.168.2.9 | 187.211.208.213 |
03/28/24-20:00:17.914443 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49721 | 80 | 192.168.2.9 | 187.211.208.213 |
03/28/24-20:01:21.239438 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49740 | 80 | 192.168.2.9 | 187.211.208.213 |
03/28/24-19:58:55.357484 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49711 | 80 | 192.168.2.9 | 187.211.208.213 |
03/28/24-20:00:33.098407 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49731 | 80 | 192.168.2.9 | 187.211.208.213 |
03/28/24-20:01:43.045246 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49742 | 80 | 192.168.2.9 | 2.180.10.7 |
03/28/24-20:01:01.282543 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49737 | 80 | 192.168.2.9 | 187.211.208.213 |
03/28/24-20:02:19.687654 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49745 | 80 | 192.168.2.9 | 2.180.10.7 |
03/28/24-19:58:59.643445 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49714 | 80 | 192.168.2.9 | 187.211.208.213 |
03/28/24-20:00:13.724586 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49717 | 80 | 192.168.2.9 | 187.211.208.213 |
03/28/24-20:00:20.073096 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49723 | 80 | 192.168.2.9 | 187.211.208.213 |
03/28/24-19:58:52.687019 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49708 | 80 | 192.168.2.9 | 187.211.208.213 |
03/28/24-20:02:07.725194 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49744 | 80 | 192.168.2.9 | 2.180.10.7 |
03/28/24-20:00:15.932204 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49719 | 80 | 192.168.2.9 | 187.211.208.213 |
03/28/24-19:58:58.694495 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49713 | 80 | 192.168.2.9 | 187.211.208.213 |
03/28/24-20:00:16.875290 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49720 | 80 | 192.168.2.9 | 187.211.208.213 |
03/28/24-20:00:18.969488 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49722 | 80 | 192.168.2.9 | 187.211.208.213 |
03/28/24-20:00:25.956570 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49728 | 80 | 192.168.2.9 | 187.211.208.213 |
03/28/24-20:00:41.915869 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49734 | 80 | 192.168.2.9 | 187.211.208.213 |
03/28/24-20:00:22.261540 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49725 | 80 | 192.168.2.9 | 187.211.208.213 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 28, 2024 19:58:52.521785021 CET | 49708 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 19:58:52.686542034 CET | 80 | 49708 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 19:58:52.686697006 CET | 49708 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 19:58:52.687019110 CET | 49708 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 19:58:52.687057018 CET | 49708 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 19:58:52.850507975 CET | 80 | 49708 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 19:58:53.272588968 CET | 80 | 49708 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 19:58:53.272846937 CET | 49708 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 19:58:53.273248911 CET | 80 | 49708 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 19:58:53.273318052 CET | 49708 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 19:58:53.276834011 CET | 49709 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 19:58:53.436132908 CET | 80 | 49708 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 19:58:53.441117048 CET | 80 | 49709 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 19:58:53.441199064 CET | 49709 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 19:58:53.441396952 CET | 49709 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 19:58:53.441411972 CET | 49709 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 19:58:53.604991913 CET | 80 | 49709 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 19:58:54.237785101 CET | 80 | 49709 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 19:58:54.237907887 CET | 49709 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 19:58:54.238212109 CET | 80 | 49709 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 19:58:54.238260031 CET | 49709 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 19:58:54.240782022 CET | 49710 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 19:58:54.401796103 CET | 80 | 49709 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 19:58:54.404403925 CET | 80 | 49710 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 19:58:54.404504061 CET | 49710 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 19:58:54.404720068 CET | 49710 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 19:58:54.404721022 CET | 49710 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 19:58:54.568447113 CET | 80 | 49710 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 19:58:55.190876007 CET | 80 | 49710 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 19:58:55.191026926 CET | 49710 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 19:58:55.191363096 CET | 80 | 49710 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 19:58:55.191437960 CET | 49710 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 19:58:55.194082022 CET | 49711 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 19:58:55.354171991 CET | 80 | 49710 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 19:58:55.357191086 CET | 80 | 49711 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 19:58:55.357306957 CET | 49711 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 19:58:55.357484102 CET | 49711 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 19:58:55.357517004 CET | 49711 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 19:58:55.520939112 CET | 80 | 49711 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 19:58:56.140192032 CET | 80 | 49711 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 19:58:56.140335083 CET | 49711 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 19:58:56.140836954 CET | 80 | 49711 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 19:58:56.140882969 CET | 49711 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 19:58:56.143328905 CET | 49712 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 19:58:56.303416967 CET | 80 | 49711 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 19:58:56.306577921 CET | 80 | 49712 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 19:58:56.306659937 CET | 49712 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 19:58:56.497782946 CET | 49712 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 19:58:56.497829914 CET | 49712 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 19:58:56.661211967 CET | 80 | 49712 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 19:58:57.269849062 CET | 80 | 49712 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 19:58:57.270443916 CET | 80 | 49712 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 19:58:57.270525932 CET | 49712 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 19:58:58.478096008 CET | 49712 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 19:58:58.530874968 CET | 49713 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 19:58:58.641328096 CET | 80 | 49712 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 19:58:58.694226980 CET | 80 | 49713 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 19:58:58.694314003 CET | 49713 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 19:58:58.694494963 CET | 49713 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 19:58:58.694525957 CET | 49713 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 19:58:58.858249903 CET | 80 | 49713 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 19:58:59.476355076 CET | 80 | 49713 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 19:58:59.476495028 CET | 49713 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 19:58:59.476946115 CET | 80 | 49713 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 19:58:59.476989985 CET | 49713 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 19:58:59.479475975 CET | 49714 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 19:58:59.639666080 CET | 80 | 49713 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 19:58:59.643176079 CET | 80 | 49714 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 19:58:59.643296003 CET | 49714 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 19:58:59.643445015 CET | 49714 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 19:58:59.643466949 CET | 49714 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 19:58:59.807110071 CET | 80 | 49714 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 19:59:00.437947035 CET | 80 | 49714 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 19:59:00.438004017 CET | 80 | 49714 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 19:59:00.438055038 CET | 49714 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 19:59:00.438102961 CET | 49714 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 19:59:00.440826893 CET | 49715 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 19:59:00.602648973 CET | 80 | 49714 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 19:59:00.605456114 CET | 80 | 49715 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 19:59:00.605545044 CET | 49715 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 19:59:00.605756044 CET | 49715 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 19:59:00.605773926 CET | 49715 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 19:59:00.769578934 CET | 80 | 49715 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 19:59:01.385823965 CET | 80 | 49715 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 19:59:01.385919094 CET | 80 | 49715 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 19:59:01.385972023 CET | 49715 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 19:59:01.386006117 CET | 49715 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 19:59:01.549278021 CET | 80 | 49715 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:00:13.560853004 CET | 49717 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:13.724354029 CET | 80 | 49717 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:00:13.724447012 CET | 49717 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:13.724586010 CET | 49717 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:13.724610090 CET | 49717 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:13.888290882 CET | 80 | 49717 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:00:14.507561922 CET | 80 | 49717 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:00:14.507772923 CET | 49717 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:14.508141041 CET | 80 | 49717 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:00:14.508483887 CET | 49717 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:14.585230112 CET | 49718 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:14.670965910 CET | 80 | 49717 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:00:14.748624086 CET | 80 | 49718 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:00:14.748733044 CET | 49718 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:14.748859882 CET | 49718 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:14.748859882 CET | 49718 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:14.912954092 CET | 80 | 49718 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:00:15.522767067 CET | 80 | 49718 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:00:15.523219109 CET | 80 | 49718 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:00:15.523271084 CET | 49718 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:15.523271084 CET | 49718 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:15.686655998 CET | 80 | 49718 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:00:15.767839909 CET | 49719 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:15.931838989 CET | 80 | 49719 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:00:15.931984901 CET | 49719 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:15.932204008 CET | 49719 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:15.932255030 CET | 49719 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:16.095807076 CET | 80 | 49719 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:00:16.512058973 CET | 80 | 49719 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:00:16.512212038 CET | 49719 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:16.512830019 CET | 80 | 49719 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:00:16.512890100 CET | 49719 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:16.677700043 CET | 80 | 49719 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:00:16.710932016 CET | 49720 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:16.874989986 CET | 80 | 49720 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:00:16.875135899 CET | 49720 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:16.875289917 CET | 49720 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:16.875313997 CET | 49720 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:17.039366961 CET | 80 | 49720 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:00:17.650574923 CET | 80 | 49720 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:00:17.650830984 CET | 49720 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:17.651227951 CET | 80 | 49720 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:00:17.651285887 CET | 49720 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:17.745902061 CET | 49721 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:17.815053940 CET | 80 | 49720 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:00:17.910929918 CET | 80 | 49721 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:00:17.911093950 CET | 49721 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:17.914443016 CET | 49721 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:17.914469004 CET | 49721 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:18.078829050 CET | 80 | 49721 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:00:18.702867985 CET | 80 | 49721 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:00:18.703138113 CET | 49721 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:18.703334093 CET | 80 | 49721 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:00:18.703393936 CET | 49721 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:18.804610968 CET | 49722 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:18.867326021 CET | 80 | 49721 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:00:18.969211102 CET | 80 | 49722 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:00:18.969297886 CET | 49722 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:18.969487906 CET | 49722 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:18.969511986 CET | 49722 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:19.133014917 CET | 80 | 49722 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:00:19.758280039 CET | 80 | 49722 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:00:19.758399963 CET | 49722 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:19.758785009 CET | 80 | 49722 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:00:19.758831978 CET | 49722 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:19.909101963 CET | 49723 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:19.921667099 CET | 80 | 49722 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:00:20.072772026 CET | 80 | 49723 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:00:20.072901964 CET | 49723 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:20.073096037 CET | 49723 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:20.073122978 CET | 49723 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:20.236999989 CET | 80 | 49723 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:00:20.860667944 CET | 80 | 49723 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:00:20.860816002 CET | 49723 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:20.861318111 CET | 80 | 49723 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:00:20.861377001 CET | 49723 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:21.024506092 CET | 80 | 49723 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:00:21.153923988 CET | 49724 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:21.317559004 CET | 80 | 49724 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:00:21.317998886 CET | 49724 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:21.318245888 CET | 49724 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:21.318501949 CET | 49724 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:21.481775045 CET | 80 | 49724 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:00:21.900268078 CET | 80 | 49724 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:00:21.900774956 CET | 80 | 49724 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:00:21.900835037 CET | 49724 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:21.901352882 CET | 49724 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:22.064549923 CET | 80 | 49724 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:00:22.094136000 CET | 49725 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:22.258296013 CET | 80 | 49725 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:00:22.261346102 CET | 49725 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:22.261539936 CET | 49725 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:22.261569977 CET | 49725 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:22.424998045 CET | 80 | 49725 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:00:22.854172945 CET | 80 | 49725 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:00:22.854684114 CET | 80 | 49725 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:00:22.854913950 CET | 49725 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:22.854913950 CET | 49725 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:22.968193054 CET | 49726 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:23.020066977 CET | 80 | 49725 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:00:23.131721020 CET | 80 | 49726 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:00:23.131795883 CET | 49726 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:23.131958008 CET | 49726 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:23.131982088 CET | 49726 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:23.295744896 CET | 80 | 49726 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:00:23.911910057 CET | 80 | 49726 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:00:23.912062883 CET | 49726 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:23.912388086 CET | 80 | 49726 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:00:23.912448883 CET | 49726 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:24.075519085 CET | 80 | 49726 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:00:24.359272957 CET | 49727 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:24.522829056 CET | 80 | 49727 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:00:24.522905111 CET | 49727 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:24.523097038 CET | 49727 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:24.523145914 CET | 49727 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:24.686665058 CET | 80 | 49727 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:00:25.305181980 CET | 80 | 49727 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:00:25.305383921 CET | 49727 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:25.305820942 CET | 80 | 49727 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:00:25.305877924 CET | 49727 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:25.468471050 CET | 80 | 49727 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:00:25.792617083 CET | 49728 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:25.956290007 CET | 80 | 49728 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:00:25.956384897 CET | 49728 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:25.956569910 CET | 49728 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:25.956604958 CET | 49728 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:26.120843887 CET | 80 | 49728 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:00:26.739479065 CET | 80 | 49728 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:00:26.740333080 CET | 49728 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:26.740653992 CET | 80 | 49728 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:00:26.741313934 CET | 49728 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:26.904120922 CET | 80 | 49728 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:00:30.680339098 CET | 49729 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:30.843930006 CET | 80 | 49729 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:00:30.844024897 CET | 49729 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:30.844194889 CET | 49729 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:30.844234943 CET | 49729 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:31.007679939 CET | 80 | 49729 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:00:31.425997972 CET | 80 | 49729 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:00:31.426152945 CET | 49729 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:31.426529884 CET | 80 | 49729 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:00:31.426593065 CET | 49729 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:31.590169907 CET | 80 | 49729 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:00:31.667124033 CET | 49730 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:31.830751896 CET | 80 | 49730 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:00:31.830912113 CET | 49730 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:31.831114054 CET | 49730 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:31.831134081 CET | 49730 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:31.994971037 CET | 80 | 49730 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:00:32.607336998 CET | 80 | 49730 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:00:32.607471943 CET | 49730 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:32.607604980 CET | 80 | 49730 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:00:32.607654095 CET | 49730 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:32.771342993 CET | 80 | 49730 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:00:32.934510946 CET | 49731 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:33.098134995 CET | 80 | 49731 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:00:33.098274946 CET | 49731 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:33.098407030 CET | 49731 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:33.098432064 CET | 49731 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:33.264091015 CET | 80 | 49731 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:00:33.892091990 CET | 80 | 49731 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:00:33.892277956 CET | 49731 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:33.892695904 CET | 80 | 49731 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:00:33.892748117 CET | 49731 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:34.055429935 CET | 80 | 49731 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:00:34.608544111 CET | 49732 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:34.772165060 CET | 80 | 49732 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:00:34.772336960 CET | 49732 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:34.772532940 CET | 49732 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:34.772558928 CET | 49732 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:34.936002016 CET | 80 | 49732 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:00:35.358977079 CET | 80 | 49732 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:00:35.359128952 CET | 80 | 49732 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:00:35.359208107 CET | 49732 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:35.362283945 CET | 49732 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:35.522715092 CET | 80 | 49732 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:00:35.555569887 CET | 49733 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:35.719408035 CET | 80 | 49733 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:00:35.719504118 CET | 49733 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:35.719655037 CET | 49733 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:35.719674110 CET | 49733 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:35.883363008 CET | 80 | 49733 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:00:36.502244949 CET | 80 | 49733 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:00:36.502405882 CET | 49733 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:36.502779961 CET | 80 | 49733 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:00:36.502835035 CET | 49733 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:36.665509939 CET | 80 | 49733 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:00:41.751600027 CET | 49734 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:41.915554047 CET | 80 | 49734 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:00:41.915694952 CET | 49734 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:41.915868998 CET | 49734 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:41.915883064 CET | 49734 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:42.079906940 CET | 80 | 49734 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:00:42.696197987 CET | 80 | 49734 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:00:42.696314096 CET | 49734 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:42.696803093 CET | 80 | 49734 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:00:42.696851969 CET | 49734 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:42.860045910 CET | 80 | 49734 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:00:49.880386114 CET | 49735 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:50.044004917 CET | 80 | 49735 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:00:50.044152975 CET | 49735 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:50.046097994 CET | 49735 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:50.046152115 CET | 49735 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:50.209345102 CET | 80 | 49735 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:00:50.828450918 CET | 80 | 49735 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:00:50.828591108 CET | 49735 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:50.828802109 CET | 80 | 49735 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:00:50.828875065 CET | 49735 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:50.991799116 CET | 80 | 49735 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:00:55.331518888 CET | 49736 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:55.495337009 CET | 80 | 49736 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:00:55.495440960 CET | 49736 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:55.495696068 CET | 49736 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:55.495745897 CET | 49736 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:55.659447908 CET | 80 | 49736 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:00:56.279388905 CET | 80 | 49736 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:00:56.279517889 CET | 49736 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:56.279634953 CET | 80 | 49736 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:00:56.279686928 CET | 49736 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:00:56.443582058 CET | 80 | 49736 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:01:01.118655920 CET | 49737 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:01:01.282269001 CET | 80 | 49737 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:01:01.282360077 CET | 49737 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:01:01.282542944 CET | 49737 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:01:01.282560110 CET | 49737 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:01:01.446197987 CET | 80 | 49737 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:01:02.098167896 CET | 80 | 49737 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:01:02.098464012 CET | 49737 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:01:02.098767042 CET | 80 | 49737 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:01:02.098838091 CET | 49737 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:01:02.261527061 CET | 80 | 49737 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:01:09.595063925 CET | 49738 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:01:09.758694887 CET | 80 | 49738 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:01:09.758776903 CET | 49738 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:01:09.758970976 CET | 49738 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:01:09.759011030 CET | 49738 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:01:09.922753096 CET | 80 | 49738 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:01:10.545135021 CET | 80 | 49738 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:01:10.545463085 CET | 80 | 49738 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:01:10.545562983 CET | 49738 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:01:10.547758102 CET | 49738 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:01:10.711836100 CET | 80 | 49738 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:01:15.217406988 CET | 49739 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:01:15.381386042 CET | 80 | 49739 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:01:15.381462097 CET | 49739 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:01:15.381598949 CET | 49739 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:01:15.381622076 CET | 49739 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:01:15.545383930 CET | 80 | 49739 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:01:16.169617891 CET | 80 | 49739 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:01:16.169791937 CET | 49739 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:01:16.169876099 CET | 80 | 49739 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:01:16.169923067 CET | 49739 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:01:16.333136082 CET | 80 | 49739 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:01:21.075591087 CET | 49740 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:01:21.238914967 CET | 80 | 49740 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:01:21.238986015 CET | 49740 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:01:21.239438057 CET | 49740 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:01:21.239465952 CET | 49740 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:01:21.402642965 CET | 80 | 49740 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:01:22.017115116 CET | 80 | 49740 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:01:22.017658949 CET | 80 | 49740 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:01:22.017735004 CET | 49740 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:01:22.019706011 CET | 49740 | 80 | 192.168.2.9 | 187.211.208.213 |
Mar 28, 2024 20:01:22.182712078 CET | 80 | 49740 | 187.211.208.213 | 192.168.2.9 |
Mar 28, 2024 20:01:33.598948002 CET | 49741 | 80 | 192.168.2.9 | 2.180.10.7 |
Mar 28, 2024 20:01:33.861448050 CET | 80 | 49741 | 2.180.10.7 | 192.168.2.9 |
Mar 28, 2024 20:01:33.861736059 CET | 49741 | 80 | 192.168.2.9 | 2.180.10.7 |
Mar 28, 2024 20:01:33.861829996 CET | 49741 | 80 | 192.168.2.9 | 2.180.10.7 |
Mar 28, 2024 20:01:33.861854076 CET | 49741 | 80 | 192.168.2.9 | 2.180.10.7 |
Mar 28, 2024 20:01:34.124552011 CET | 80 | 49741 | 2.180.10.7 | 192.168.2.9 |
Mar 28, 2024 20:01:35.307544947 CET | 80 | 49741 | 2.180.10.7 | 192.168.2.9 |
Mar 28, 2024 20:01:35.307569981 CET | 80 | 49741 | 2.180.10.7 | 192.168.2.9 |
Mar 28, 2024 20:01:35.307642937 CET | 49741 | 80 | 192.168.2.9 | 2.180.10.7 |
Mar 28, 2024 20:01:35.307681084 CET | 49741 | 80 | 192.168.2.9 | 2.180.10.7 |
Mar 28, 2024 20:01:35.568653107 CET | 80 | 49741 | 2.180.10.7 | 192.168.2.9 |
Mar 28, 2024 20:01:42.778590918 CET | 49742 | 80 | 192.168.2.9 | 2.180.10.7 |
Mar 28, 2024 20:01:43.044955015 CET | 80 | 49742 | 2.180.10.7 | 192.168.2.9 |
Mar 28, 2024 20:01:43.045114040 CET | 49742 | 80 | 192.168.2.9 | 2.180.10.7 |
Mar 28, 2024 20:01:43.045245886 CET | 49742 | 80 | 192.168.2.9 | 2.180.10.7 |
Mar 28, 2024 20:01:43.045262098 CET | 49742 | 80 | 192.168.2.9 | 2.180.10.7 |
Mar 28, 2024 20:01:43.310522079 CET | 80 | 49742 | 2.180.10.7 | 192.168.2.9 |
Mar 28, 2024 20:01:45.248678923 CET | 80 | 49742 | 2.180.10.7 | 192.168.2.9 |
Mar 28, 2024 20:01:45.248708010 CET | 80 | 49742 | 2.180.10.7 | 192.168.2.9 |
Mar 28, 2024 20:01:45.248797894 CET | 49742 | 80 | 192.168.2.9 | 2.180.10.7 |
Mar 28, 2024 20:01:45.248877048 CET | 49742 | 80 | 192.168.2.9 | 2.180.10.7 |
Mar 28, 2024 20:01:45.510665894 CET | 80 | 49742 | 2.180.10.7 | 192.168.2.9 |
Mar 28, 2024 20:01:52.644083977 CET | 49743 | 80 | 192.168.2.9 | 2.180.10.7 |
Mar 28, 2024 20:01:52.917562008 CET | 80 | 49743 | 2.180.10.7 | 192.168.2.9 |
Mar 28, 2024 20:01:52.917712927 CET | 49743 | 80 | 192.168.2.9 | 2.180.10.7 |
Mar 28, 2024 20:01:52.917941093 CET | 49743 | 80 | 192.168.2.9 | 2.180.10.7 |
Mar 28, 2024 20:01:52.917992115 CET | 49743 | 80 | 192.168.2.9 | 2.180.10.7 |
Mar 28, 2024 20:01:53.185348988 CET | 80 | 49743 | 2.180.10.7 | 192.168.2.9 |
Mar 28, 2024 20:01:56.883645058 CET | 80 | 49743 | 2.180.10.7 | 192.168.2.9 |
Mar 28, 2024 20:01:56.883718014 CET | 49743 | 80 | 192.168.2.9 | 2.180.10.7 |
Mar 28, 2024 20:01:56.883842945 CET | 49743 | 80 | 192.168.2.9 | 2.180.10.7 |
Mar 28, 2024 20:01:57.624948025 CET | 49743 | 80 | 192.168.2.9 | 2.180.10.7 |
Mar 28, 2024 20:01:57.885709047 CET | 80 | 49743 | 2.180.10.7 | 192.168.2.9 |
Mar 28, 2024 20:02:07.459167957 CET | 49744 | 80 | 192.168.2.9 | 2.180.10.7 |
Mar 28, 2024 20:02:07.724792957 CET | 80 | 49744 | 2.180.10.7 | 192.168.2.9 |
Mar 28, 2024 20:02:07.724983931 CET | 49744 | 80 | 192.168.2.9 | 2.180.10.7 |
Mar 28, 2024 20:02:07.725193977 CET | 49744 | 80 | 192.168.2.9 | 2.180.10.7 |
Mar 28, 2024 20:02:07.725223064 CET | 49744 | 80 | 192.168.2.9 | 2.180.10.7 |
Mar 28, 2024 20:02:07.989888906 CET | 80 | 49744 | 2.180.10.7 | 192.168.2.9 |
Mar 28, 2024 20:02:09.179617882 CET | 80 | 49744 | 2.180.10.7 | 192.168.2.9 |
Mar 28, 2024 20:02:09.179641962 CET | 80 | 49744 | 2.180.10.7 | 192.168.2.9 |
Mar 28, 2024 20:02:09.179721117 CET | 49744 | 80 | 192.168.2.9 | 2.180.10.7 |
Mar 28, 2024 20:02:09.179815054 CET | 49744 | 80 | 192.168.2.9 | 2.180.10.7 |
Mar 28, 2024 20:02:09.441487074 CET | 80 | 49744 | 2.180.10.7 | 192.168.2.9 |
Mar 28, 2024 20:02:19.421912909 CET | 49745 | 80 | 192.168.2.9 | 2.180.10.7 |
Mar 28, 2024 20:02:19.687078953 CET | 80 | 49745 | 2.180.10.7 | 192.168.2.9 |
Mar 28, 2024 20:02:19.687278032 CET | 49745 | 80 | 192.168.2.9 | 2.180.10.7 |
Mar 28, 2024 20:02:19.687654018 CET | 49745 | 80 | 192.168.2.9 | 2.180.10.7 |
Mar 28, 2024 20:02:19.687654018 CET | 49745 | 80 | 192.168.2.9 | 2.180.10.7 |
Mar 28, 2024 20:02:19.951513052 CET | 80 | 49745 | 2.180.10.7 | 192.168.2.9 |
Mar 28, 2024 20:02:20.267664909 CET | 80 | 49745 | 2.180.10.7 | 192.168.2.9 |
Mar 28, 2024 20:02:20.267843008 CET | 49745 | 80 | 192.168.2.9 | 2.180.10.7 |
Mar 28, 2024 20:02:20.268266916 CET | 80 | 49745 | 2.180.10.7 | 192.168.2.9 |
Mar 28, 2024 20:02:20.268326998 CET | 49745 | 80 | 192.168.2.9 | 2.180.10.7 |
Mar 28, 2024 20:02:20.528435946 CET | 80 | 49745 | 2.180.10.7 | 192.168.2.9 |
Mar 28, 2024 20:02:29.123229980 CET | 49746 | 80 | 192.168.2.9 | 2.180.10.7 |
Mar 28, 2024 20:02:29.387291908 CET | 80 | 49746 | 2.180.10.7 | 192.168.2.9 |
Mar 28, 2024 20:02:29.387389898 CET | 49746 | 80 | 192.168.2.9 | 2.180.10.7 |
Mar 28, 2024 20:02:29.387635946 CET | 49746 | 80 | 192.168.2.9 | 2.180.10.7 |
Mar 28, 2024 20:02:29.387690067 CET | 49746 | 80 | 192.168.2.9 | 2.180.10.7 |
Mar 28, 2024 20:02:29.650403976 CET | 80 | 49746 | 2.180.10.7 | 192.168.2.9 |
Mar 28, 2024 20:02:30.472260952 CET | 80 | 49746 | 2.180.10.7 | 192.168.2.9 |
Mar 28, 2024 20:02:30.472285032 CET | 80 | 49746 | 2.180.10.7 | 192.168.2.9 |
Mar 28, 2024 20:02:30.472546101 CET | 49746 | 80 | 192.168.2.9 | 2.180.10.7 |
Mar 28, 2024 20:02:30.472871065 CET | 49746 | 80 | 192.168.2.9 | 2.180.10.7 |
Mar 28, 2024 20:02:30.734097958 CET | 80 | 49746 | 2.180.10.7 | 192.168.2.9 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 28, 2024 19:58:48.106784105 CET | 52983 | 53 | 192.168.2.9 | 1.1.1.1 |
Mar 28, 2024 19:58:49.115550995 CET | 52983 | 53 | 192.168.2.9 | 1.1.1.1 |
Mar 28, 2024 19:58:50.109437943 CET | 52983 | 53 | 192.168.2.9 | 1.1.1.1 |
Mar 28, 2024 19:58:52.109535933 CET | 52983 | 53 | 192.168.2.9 | 1.1.1.1 |
Mar 28, 2024 19:58:52.519964933 CET | 53 | 52983 | 1.1.1.1 | 192.168.2.9 |
Mar 28, 2024 19:58:52.519979954 CET | 53 | 52983 | 1.1.1.1 | 192.168.2.9 |
Mar 28, 2024 19:58:52.519993067 CET | 53 | 52983 | 1.1.1.1 | 192.168.2.9 |
Mar 28, 2024 19:58:52.520124912 CET | 53 | 52983 | 1.1.1.1 | 192.168.2.9 |
Mar 28, 2024 20:01:29.152467012 CET | 65156 | 53 | 192.168.2.9 | 1.1.1.1 |
Mar 28, 2024 20:01:30.156481028 CET | 65156 | 53 | 192.168.2.9 | 1.1.1.1 |
Mar 28, 2024 20:01:31.156512022 CET | 65156 | 53 | 192.168.2.9 | 1.1.1.1 |
Mar 28, 2024 20:01:33.156526089 CET | 65156 | 53 | 192.168.2.9 | 1.1.1.1 |
Mar 28, 2024 20:01:33.597909927 CET | 53 | 65156 | 1.1.1.1 | 192.168.2.9 |
Mar 28, 2024 20:01:33.598016024 CET | 53 | 65156 | 1.1.1.1 | 192.168.2.9 |
Mar 28, 2024 20:01:33.598237991 CET | 53 | 65156 | 1.1.1.1 | 192.168.2.9 |
Mar 28, 2024 20:01:33.598479986 CET | 53 | 65156 | 1.1.1.1 | 192.168.2.9 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Mar 28, 2024 19:58:48.106784105 CET | 192.168.2.9 | 1.1.1.1 | 0xcbf5 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 28, 2024 19:58:49.115550995 CET | 192.168.2.9 | 1.1.1.1 | 0xcbf5 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 28, 2024 19:58:50.109437943 CET | 192.168.2.9 | 1.1.1.1 | 0xcbf5 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 28, 2024 19:58:52.109535933 CET | 192.168.2.9 | 1.1.1.1 | 0xcbf5 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 28, 2024 20:01:29.152467012 CET | 192.168.2.9 | 1.1.1.1 | 0x580d | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 28, 2024 20:01:30.156481028 CET | 192.168.2.9 | 1.1.1.1 | 0x580d | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 28, 2024 20:01:31.156512022 CET | 192.168.2.9 | 1.1.1.1 | 0x580d | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 28, 2024 20:01:33.156526089 CET | 192.168.2.9 | 1.1.1.1 | 0x580d | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Mar 28, 2024 19:58:52.519964933 CET | 1.1.1.1 | 192.168.2.9 | 0xcbf5 | No error (0) | 187.211.208.213 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 19:58:52.519964933 CET | 1.1.1.1 | 192.168.2.9 | 0xcbf5 | No error (0) | 123.140.161.243 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 19:58:52.519964933 CET | 1.1.1.1 | 192.168.2.9 | 0xcbf5 | No error (0) | 183.100.39.16 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 19:58:52.519964933 CET | 1.1.1.1 | 192.168.2.9 | 0xcbf5 | No error (0) | 190.98.23.157 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 19:58:52.519964933 CET | 1.1.1.1 | 192.168.2.9 | 0xcbf5 | No error (0) | 186.13.17.220 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 19:58:52.519964933 CET | 1.1.1.1 | 192.168.2.9 | 0xcbf5 | No error (0) | 187.211.22.82 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 19:58:52.519964933 CET | 1.1.1.1 | 192.168.2.9 | 0xcbf5 | No error (0) | 93.138.186.241 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 19:58:52.519964933 CET | 1.1.1.1 | 192.168.2.9 | 0xcbf5 | No error (0) | 217.219.131.81 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 19:58:52.519964933 CET | 1.1.1.1 | 192.168.2.9 | 0xcbf5 | No error (0) | 63.143.98.185 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 19:58:52.519964933 CET | 1.1.1.1 | 192.168.2.9 | 0xcbf5 | No error (0) | 122.100.154.145 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 19:58:52.519979954 CET | 1.1.1.1 | 192.168.2.9 | 0xcbf5 | No error (0) | 187.211.208.213 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 19:58:52.519979954 CET | 1.1.1.1 | 192.168.2.9 | 0xcbf5 | No error (0) | 123.140.161.243 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 19:58:52.519979954 CET | 1.1.1.1 | 192.168.2.9 | 0xcbf5 | No error (0) | 183.100.39.16 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 19:58:52.519979954 CET | 1.1.1.1 | 192.168.2.9 | 0xcbf5 | No error (0) | 190.98.23.157 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 19:58:52.519979954 CET | 1.1.1.1 | 192.168.2.9 | 0xcbf5 | No error (0) | 186.13.17.220 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 19:58:52.519979954 CET | 1.1.1.1 | 192.168.2.9 | 0xcbf5 | No error (0) | 187.211.22.82 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 19:58:52.519979954 CET | 1.1.1.1 | 192.168.2.9 | 0xcbf5 | No error (0) | 93.138.186.241 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 19:58:52.519979954 CET | 1.1.1.1 | 192.168.2.9 | 0xcbf5 | No error (0) | 217.219.131.81 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 19:58:52.519979954 CET | 1.1.1.1 | 192.168.2.9 | 0xcbf5 | No error (0) | 63.143.98.185 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 19:58:52.519979954 CET | 1.1.1.1 | 192.168.2.9 | 0xcbf5 | No error (0) | 122.100.154.145 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 19:58:52.519993067 CET | 1.1.1.1 | 192.168.2.9 | 0xcbf5 | No error (0) | 187.211.208.213 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 19:58:52.519993067 CET | 1.1.1.1 | 192.168.2.9 | 0xcbf5 | No error (0) | 123.140.161.243 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 19:58:52.519993067 CET | 1.1.1.1 | 192.168.2.9 | 0xcbf5 | No error (0) | 183.100.39.16 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 19:58:52.519993067 CET | 1.1.1.1 | 192.168.2.9 | 0xcbf5 | No error (0) | 190.98.23.157 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 19:58:52.519993067 CET | 1.1.1.1 | 192.168.2.9 | 0xcbf5 | No error (0) | 186.13.17.220 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 19:58:52.519993067 CET | 1.1.1.1 | 192.168.2.9 | 0xcbf5 | No error (0) | 187.211.22.82 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 19:58:52.519993067 CET | 1.1.1.1 | 192.168.2.9 | 0xcbf5 | No error (0) | 93.138.186.241 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 19:58:52.519993067 CET | 1.1.1.1 | 192.168.2.9 | 0xcbf5 | No error (0) | 217.219.131.81 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 19:58:52.519993067 CET | 1.1.1.1 | 192.168.2.9 | 0xcbf5 | No error (0) | 63.143.98.185 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 19:58:52.519993067 CET | 1.1.1.1 | 192.168.2.9 | 0xcbf5 | No error (0) | 122.100.154.145 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 19:58:52.520124912 CET | 1.1.1.1 | 192.168.2.9 | 0xcbf5 | No error (0) | 187.211.208.213 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 19:58:52.520124912 CET | 1.1.1.1 | 192.168.2.9 | 0xcbf5 | No error (0) | 123.140.161.243 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 19:58:52.520124912 CET | 1.1.1.1 | 192.168.2.9 | 0xcbf5 | No error (0) | 183.100.39.16 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 19:58:52.520124912 CET | 1.1.1.1 | 192.168.2.9 | 0xcbf5 | No error (0) | 190.98.23.157 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 19:58:52.520124912 CET | 1.1.1.1 | 192.168.2.9 | 0xcbf5 | No error (0) | 186.13.17.220 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 19:58:52.520124912 CET | 1.1.1.1 | 192.168.2.9 | 0xcbf5 | No error (0) | 187.211.22.82 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 19:58:52.520124912 CET | 1.1.1.1 | 192.168.2.9 | 0xcbf5 | No error (0) | 93.138.186.241 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 19:58:52.520124912 CET | 1.1.1.1 | 192.168.2.9 | 0xcbf5 | No error (0) | 217.219.131.81 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 19:58:52.520124912 CET | 1.1.1.1 | 192.168.2.9 | 0xcbf5 | No error (0) | 63.143.98.185 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 19:58:52.520124912 CET | 1.1.1.1 | 192.168.2.9 | 0xcbf5 | No error (0) | 122.100.154.145 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:01:33.597909927 CET | 1.1.1.1 | 192.168.2.9 | 0x580d | No error (0) | 2.180.10.7 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:01:33.597909927 CET | 1.1.1.1 | 192.168.2.9 | 0x580d | No error (0) | 186.147.159.149 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:01:33.597909927 CET | 1.1.1.1 | 192.168.2.9 | 0x580d | No error (0) | 181.55.190.201 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:01:33.597909927 CET | 1.1.1.1 | 192.168.2.9 | 0x580d | No error (0) | 46.100.50.5 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:01:33.597909927 CET | 1.1.1.1 | 192.168.2.9 | 0x580d | No error (0) | 220.82.134.210 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:01:33.597909927 CET | 1.1.1.1 | 192.168.2.9 | 0x580d | No error (0) | 186.182.55.44 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:01:33.597909927 CET | 1.1.1.1 | 192.168.2.9 | 0x580d | No error (0) | 211.202.224.10 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:01:33.597909927 CET | 1.1.1.1 | 192.168.2.9 | 0x580d | No error (0) | 187.211.22.82 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:01:33.597909927 CET | 1.1.1.1 | 192.168.2.9 | 0x580d | No error (0) | 201.119.105.157 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:01:33.597909927 CET | 1.1.1.1 | 192.168.2.9 | 0x580d | No error (0) | 175.119.10.231 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:01:33.598016024 CET | 1.1.1.1 | 192.168.2.9 | 0x580d | No error (0) | 2.180.10.7 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:01:33.598016024 CET | 1.1.1.1 | 192.168.2.9 | 0x580d | No error (0) | 186.147.159.149 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:01:33.598016024 CET | 1.1.1.1 | 192.168.2.9 | 0x580d | No error (0) | 181.55.190.201 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:01:33.598016024 CET | 1.1.1.1 | 192.168.2.9 | 0x580d | No error (0) | 46.100.50.5 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:01:33.598016024 CET | 1.1.1.1 | 192.168.2.9 | 0x580d | No error (0) | 220.82.134.210 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:01:33.598016024 CET | 1.1.1.1 | 192.168.2.9 | 0x580d | No error (0) | 186.182.55.44 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:01:33.598016024 CET | 1.1.1.1 | 192.168.2.9 | 0x580d | No error (0) | 211.202.224.10 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:01:33.598016024 CET | 1.1.1.1 | 192.168.2.9 | 0x580d | No error (0) | 187.211.22.82 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:01:33.598016024 CET | 1.1.1.1 | 192.168.2.9 | 0x580d | No error (0) | 201.119.105.157 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:01:33.598016024 CET | 1.1.1.1 | 192.168.2.9 | 0x580d | No error (0) | 175.119.10.231 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:01:33.598237991 CET | 1.1.1.1 | 192.168.2.9 | 0x580d | No error (0) | 2.180.10.7 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:01:33.598237991 CET | 1.1.1.1 | 192.168.2.9 | 0x580d | No error (0) | 186.147.159.149 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:01:33.598237991 CET | 1.1.1.1 | 192.168.2.9 | 0x580d | No error (0) | 181.55.190.201 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:01:33.598237991 CET | 1.1.1.1 | 192.168.2.9 | 0x580d | No error (0) | 46.100.50.5 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:01:33.598237991 CET | 1.1.1.1 | 192.168.2.9 | 0x580d | No error (0) | 220.82.134.210 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:01:33.598237991 CET | 1.1.1.1 | 192.168.2.9 | 0x580d | No error (0) | 186.182.55.44 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:01:33.598237991 CET | 1.1.1.1 | 192.168.2.9 | 0x580d | No error (0) | 211.202.224.10 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:01:33.598237991 CET | 1.1.1.1 | 192.168.2.9 | 0x580d | No error (0) | 187.211.22.82 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:01:33.598237991 CET | 1.1.1.1 | 192.168.2.9 | 0x580d | No error (0) | 201.119.105.157 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:01:33.598237991 CET | 1.1.1.1 | 192.168.2.9 | 0x580d | No error (0) | 175.119.10.231 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:01:33.598479986 CET | 1.1.1.1 | 192.168.2.9 | 0x580d | No error (0) | 2.180.10.7 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:01:33.598479986 CET | 1.1.1.1 | 192.168.2.9 | 0x580d | No error (0) | 186.147.159.149 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:01:33.598479986 CET | 1.1.1.1 | 192.168.2.9 | 0x580d | No error (0) | 181.55.190.201 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:01:33.598479986 CET | 1.1.1.1 | 192.168.2.9 | 0x580d | No error (0) | 46.100.50.5 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:01:33.598479986 CET | 1.1.1.1 | 192.168.2.9 | 0x580d | No error (0) | 220.82.134.210 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:01:33.598479986 CET | 1.1.1.1 | 192.168.2.9 | 0x580d | No error (0) | 186.182.55.44 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:01:33.598479986 CET | 1.1.1.1 | 192.168.2.9 | 0x580d | No error (0) | 211.202.224.10 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:01:33.598479986 CET | 1.1.1.1 | 192.168.2.9 | 0x580d | No error (0) | 187.211.22.82 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:01:33.598479986 CET | 1.1.1.1 | 192.168.2.9 | 0x580d | No error (0) | 201.119.105.157 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:01:33.598479986 CET | 1.1.1.1 | 192.168.2.9 | 0x580d | No error (0) | 175.119.10.231 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.9 | 49708 | 187.211.208.213 | 80 | 3504 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 28, 2024 19:58:52.687019110 CET | 279 | OUT | |
Mar 28, 2024 19:58:52.687057018 CET | 185 | OUT | |
Mar 28, 2024 19:58:53.272588968 CET | 252 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.9 | 49709 | 187.211.208.213 | 80 | 3504 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 28, 2024 19:58:53.441396952 CET | 283 | OUT | |
Mar 28, 2024 19:58:53.441411972 CET | 330 | OUT | |
Mar 28, 2024 19:58:54.237785101 CET | 587 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.9 | 49710 | 187.211.208.213 | 80 | 3504 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 28, 2024 19:58:54.404720068 CET | 279 | OUT | |
Mar 28, 2024 19:58:54.404721022 CET | 329 | OUT | |
Mar 28, 2024 19:58:55.190876007 CET | 587 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.9 | 49711 | 187.211.208.213 | 80 | 3504 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 28, 2024 19:58:55.357484102 CET | 279 | OUT | |
Mar 28, 2024 19:58:55.357517004 CET | 253 | OUT | |
Mar 28, 2024 19:58:56.140192032 CET | 587 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.9 | 49712 | 187.211.208.213 | 80 | 3504 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 28, 2024 19:58:56.497782946 CET | 281 | OUT | |
Mar 28, 2024 19:58:56.497829914 CET | 262 | OUT | |
Mar 28, 2024 19:58:57.269849062 CET | 587 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.9 | 49713 | 187.211.208.213 | 80 | 3504 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 28, 2024 19:58:58.694494963 CET | 280 | OUT | |
Mar 28, 2024 19:58:58.694525957 CET | 206 | OUT | |
Mar 28, 2024 19:58:59.476355076 CET | 238 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.9 | 49714 | 187.211.208.213 | 80 | 3504 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 28, 2024 19:58:59.643445015 CET | 283 | OUT | |
Mar 28, 2024 19:58:59.643466949 CET | 224 | OUT | |
Mar 28, 2024 19:59:00.437947035 CET | 587 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
7 | 192.168.2.9 | 49715 | 187.211.208.213 | 80 | 3504 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 28, 2024 19:59:00.605756044 CET | 278 | OUT | |
Mar 28, 2024 19:59:00.605773926 CET | 253 | OUT | |
Mar 28, 2024 19:59:01.385823965 CET | 587 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
8 | 192.168.2.9 | 49717 | 187.211.208.213 | 80 | 3504 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 28, 2024 20:00:13.724586010 CET | 280 | OUT | |
Mar 28, 2024 20:00:13.724610090 CET | 340 | OUT | |
Mar 28, 2024 20:00:14.507561922 CET | 252 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
9 | 192.168.2.9 | 49718 | 187.211.208.213 | 80 | 3504 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 28, 2024 20:00:14.748859882 CET | 280 | OUT | |
Mar 28, 2024 20:00:14.748859882 CET | 360 | OUT | |
Mar 28, 2024 20:00:15.522767067 CET | 252 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
10 | 192.168.2.9 | 49719 | 187.211.208.213 | 80 | 3504 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 28, 2024 20:00:15.932204008 CET | 281 | OUT | |
Mar 28, 2024 20:00:15.932255030 CET | 277 | OUT | |
Mar 28, 2024 20:00:16.512058973 CET | 252 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
11 | 192.168.2.9 | 49720 | 187.211.208.213 | 80 | 3504 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 28, 2024 20:00:16.875289917 CET | 278 | OUT | |
Mar 28, 2024 20:00:16.875313997 CET | 261 | OUT | |
Mar 28, 2024 20:00:17.650574923 CET | 252 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
12 | 192.168.2.9 | 49721 | 187.211.208.213 | 80 | 3504 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 28, 2024 20:00:17.914443016 CET | 280 | OUT | |
Mar 28, 2024 20:00:17.914469004 CET | 276 | OUT | |
Mar 28, 2024 20:00:18.702867985 CET | 252 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
13 | 192.168.2.9 | 49722 | 187.211.208.213 | 80 | 3504 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 28, 2024 20:00:18.969487906 CET | 283 | OUT | |
Mar 28, 2024 20:00:18.969511986 CET | 174 | OUT | |
Mar 28, 2024 20:00:19.758280039 CET | 252 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
14 | 192.168.2.9 | 49723 | 187.211.208.213 | 80 | 3504 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 28, 2024 20:00:20.073096037 CET | 283 | OUT | |
Mar 28, 2024 20:00:20.073122978 CET | 202 | OUT | |
Mar 28, 2024 20:00:20.860667944 CET | 252 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
15 | 192.168.2.9 | 49724 | 187.211.208.213 | 80 | 3504 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 28, 2024 20:00:21.318245888 CET | 280 | OUT | |
Mar 28, 2024 20:00:21.318501949 CET | 201 | OUT | |
Mar 28, 2024 20:00:21.900268078 CET | 252 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
16 | 192.168.2.9 | 49725 | 187.211.208.213 | 80 | 3504 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 28, 2024 20:00:22.261539936 CET | 283 | OUT | |
Mar 28, 2024 20:00:22.261569977 CET | 179 | OUT | |
Mar 28, 2024 20:00:22.854172945 CET | 252 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
17 | 192.168.2.9 | 49726 | 187.211.208.213 | 80 | 3504 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 28, 2024 20:00:23.131958008 CET | 283 | OUT | |
Mar 28, 2024 20:00:23.131982088 CET | 146 | OUT | |
Mar 28, 2024 20:00:23.911910057 CET | 252 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
18 | 192.168.2.9 | 49727 | 187.211.208.213 | 80 | 3504 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 28, 2024 20:00:24.523097038 CET | 280 | OUT | |
Mar 28, 2024 20:00:24.523145914 CET | 346 | OUT | |
Mar 28, 2024 20:00:25.305181980 CET | 252 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
19 | 192.168.2.9 | 49728 | 187.211.208.213 | 80 | 3504 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 28, 2024 20:00:25.956569910 CET | 278 | OUT | |
Mar 28, 2024 20:00:25.956604958 CET | 328 | OUT | |
Mar 28, 2024 20:00:26.739479065 CET | 252 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
20 | 192.168.2.9 | 49729 | 187.211.208.213 | 80 | 3504 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 28, 2024 20:00:30.844194889 CET | 279 | OUT | |
Mar 28, 2024 20:00:30.844234943 CET | 157 | OUT | |
Mar 28, 2024 20:00:31.425997972 CET | 252 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
21 | 192.168.2.9 | 49730 | 187.211.208.213 | 80 | 3504 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 28, 2024 20:00:31.831114054 CET | 279 | OUT | |
Mar 28, 2024 20:00:31.831134081 CET | 142 | OUT | |
Mar 28, 2024 20:00:32.607336998 CET | 252 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
22 | 192.168.2.9 | 49731 | 187.211.208.213 | 80 | 3504 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 28, 2024 20:00:33.098407030 CET | 279 | OUT | |
Mar 28, 2024 20:00:33.098432064 CET | 211 | OUT | |
Mar 28, 2024 20:00:33.892091990 CET | 252 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
23 | 192.168.2.9 | 49732 | 187.211.208.213 | 80 | 3504 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 28, 2024 20:00:34.772532940 CET | 281 | OUT | |
Mar 28, 2024 20:00:34.772558928 CET | 118 | OUT | |
Mar 28, 2024 20:00:35.358977079 CET | 252 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
24 | 192.168.2.9 | 49733 | 187.211.208.213 | 80 | 3504 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 28, 2024 20:00:35.719655037 CET | 279 | OUT | |
Mar 28, 2024 20:00:35.719674110 CET | 326 | OUT | |
Mar 28, 2024 20:00:36.502244949 CET | 252 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
25 | 192.168.2.9 | 49734 | 187.211.208.213 | 80 | 3504 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 28, 2024 20:00:41.915868998 CET | 281 | OUT | |
Mar 28, 2024 20:00:41.915883064 CET | 128 | OUT | |
Mar 28, 2024 20:00:42.696197987 CET | 252 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
26 | 192.168.2.9 | 49735 | 187.211.208.213 | 80 | 3504 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 28, 2024 20:00:50.046097994 CET | 278 | OUT | |
Mar 28, 2024 20:00:50.046152115 CET | 141 | OUT | |
Mar 28, 2024 20:00:50.828450918 CET | 252 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
27 | 192.168.2.9 | 49736 | 187.211.208.213 | 80 | 3504 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 28, 2024 20:00:55.495696068 CET | 283 | OUT | |
Mar 28, 2024 20:00:55.495745897 CET | 342 | OUT | |
Mar 28, 2024 20:00:56.279388905 CET | 252 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
28 | 192.168.2.9 | 49737 | 187.211.208.213 | 80 | 3504 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 28, 2024 20:01:01.282542944 CET | 283 | OUT | |
Mar 28, 2024 20:01:01.282560110 CET | 329 | OUT | |
Mar 28, 2024 20:01:02.098167896 CET | 252 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
29 | 192.168.2.9 | 49738 | 187.211.208.213 | 80 | 3504 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 28, 2024 20:01:09.758970976 CET | 281 | OUT | |
Mar 28, 2024 20:01:09.759011030 CET | 322 | OUT | |
Mar 28, 2024 20:01:10.545135021 CET | 252 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
30 | 192.168.2.9 | 49739 | 187.211.208.213 | 80 | 3504 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 28, 2024 20:01:15.381598949 CET | 282 | OUT | |
Mar 28, 2024 20:01:15.381622076 CET | 217 | OUT | |
Mar 28, 2024 20:01:16.169617891 CET | 252 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
31 | 192.168.2.9 | 49740 | 187.211.208.213 | 80 | 3504 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 28, 2024 20:01:21.239438057 CET | 280 | OUT | |
Mar 28, 2024 20:01:21.239465952 CET | 220 | OUT | |
Mar 28, 2024 20:01:22.017115116 CET | 252 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
32 | 192.168.2.9 | 49741 | 2.180.10.7 | 80 | 3504 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 28, 2024 20:01:33.861829996 CET | 282 | OUT | |
Mar 28, 2024 20:01:33.861854076 CET | 245 | OUT | |
Mar 28, 2024 20:01:35.307544947 CET | 252 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
33 | 192.168.2.9 | 49742 | 2.180.10.7 | 80 | 3504 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 28, 2024 20:01:43.045245886 CET | 282 | OUT | |
Mar 28, 2024 20:01:43.045262098 CET | 360 | OUT | |
Mar 28, 2024 20:01:45.248678923 CET | 252 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
34 | 192.168.2.9 | 49743 | 2.180.10.7 | 80 | 3504 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 28, 2024 20:01:52.917941093 CET | 278 | OUT | |
Mar 28, 2024 20:01:52.917992115 CET | 329 | OUT | |
Mar 28, 2024 20:01:56.883645058 CET | 252 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
35 | 192.168.2.9 | 49744 | 2.180.10.7 | 80 | 3504 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 28, 2024 20:02:07.725193977 CET | 278 | OUT | |
Mar 28, 2024 20:02:07.725223064 CET | 291 | OUT | |
Mar 28, 2024 20:02:09.179617882 CET | 252 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
36 | 192.168.2.9 | 49745 | 2.180.10.7 | 80 | 3504 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 28, 2024 20:02:19.687654018 CET | 278 | OUT | |
Mar 28, 2024 20:02:19.687654018 CET | 218 | OUT | |
Mar 28, 2024 20:02:20.267664909 CET | 252 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
37 | 192.168.2.9 | 49746 | 2.180.10.7 | 80 | 3504 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 28, 2024 20:02:29.387635946 CET | 282 | OUT | |
Mar 28, 2024 20:02:29.387690067 CET | 244 | OUT | |
Mar 28, 2024 20:02:30.472260952 CET | 252 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 1 |
Start time: | 19:58:22 |
Start date: | 28/03/2024 |
Path: | C:\Users\user\Desktop\YWwcRHSpbw.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 316'416 bytes |
MD5 hash: | 26CE123CA4FB973543D48C2DA9ECE87E |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 7 |
Start time: | 19:58:28 |
Start date: | 28/03/2024 |
Path: | C:\Windows\explorer.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff633410000 |
File size: | 5'141'208 bytes |
MD5 hash: | 662F4F92FDE3557E86D110526BB578D5 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 11 |
Start time: | 19:58:48 |
Start date: | 28/03/2024 |
Path: | C:\Users\user\AppData\Roaming\twiufas |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 316'416 bytes |
MD5 hash: | 26CE123CA4FB973543D48C2DA9ECE87E |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Antivirus matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 14 |
Start time: | 20:00:01 |
Start date: | 28/03/2024 |
Path: | C:\Users\user\AppData\Roaming\twiufas |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 316'416 bytes |
MD5 hash: | 26CE123CA4FB973543D48C2DA9ECE87E |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | true |
Execution Graph
Execution Coverage: | 8.8% |
Dynamic/Decrypted Code Coverage: | 41.7% |
Signature Coverage: | 52.2% |
Total number of Nodes: | 115 |
Total number of Limit Nodes: | 4 |
Graph
Function 004013ED Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 310nativeCOMMON
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B24F9A Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0272003C Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 515memoryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02720E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004018C3 Relevance: 1.3, APIs: 1, Instructions: 66sleepCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004018CE Relevance: 1.3, APIs: 1, Instructions: 60sleepCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004018ED Relevance: 1.3, APIs: 1, Instructions: 54sleepCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004018F4 Relevance: 1.3, APIs: 1, Instructions: 51sleepCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401907 Relevance: 1.3, APIs: 1, Instructions: 49sleepCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B24C59 Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0272092B Relevance: 3.8, Strings: 3, Instructions: 90COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004032D5 Relevance: 1.4, Strings: 1, Instructions: 101COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040142C Relevance: 1.3, Strings: 1, Instructions: 66COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B24877 Relevance: .1, Instructions: 61COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02720D90 Relevance: .0, Instructions: 43COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402381 Relevance: .0, Instructions: 12COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
Execution Coverage: | 8.7% |
Dynamic/Decrypted Code Coverage: | 41.7% |
Signature Coverage: | 0% |
Total number of Nodes: | 115 |
Total number of Limit Nodes: | 4 |
Graph
Function 004013ED Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 310nativeCOMMON
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0262003C Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 515memoryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00C544F2 Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02620E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004018C3 Relevance: 1.3, APIs: 1, Instructions: 66sleepCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004018CE Relevance: 1.3, APIs: 1, Instructions: 60sleepCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004018ED Relevance: 1.3, APIs: 1, Instructions: 54sleepCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004018F4 Relevance: 1.3, APIs: 1, Instructions: 51sleepCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401907 Relevance: 1.3, APIs: 1, Instructions: 49sleepCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00C541B1 Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
Execution Coverage: | 8.5% |
Dynamic/Decrypted Code Coverage: | 41.7% |
Signature Coverage: | 0% |
Total number of Nodes: | 115 |
Total number of Limit Nodes: | 4 |
Graph
Function 004013ED Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 310nativeCOMMON
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00C7003C Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 515memoryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E2979A Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00C70E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004018C3 Relevance: 1.3, APIs: 1, Instructions: 66sleepCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004018CE Relevance: 1.3, APIs: 1, Instructions: 60sleepCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004018ED Relevance: 1.3, APIs: 1, Instructions: 54sleepCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004018F4 Relevance: 1.3, APIs: 1, Instructions: 51sleepCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401907 Relevance: 1.3, APIs: 1, Instructions: 49sleepCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E29459 Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |