Windows
Analysis Report
2LksWs2xq7.exe
Overview
General Information
Sample name: | 2LksWs2xq7.exerenamed because original name is a hash value |
Original sample name: | 516547ec4cca7f8038998b6f3c9d95b2.exe |
Analysis ID: | 1417244 |
MD5: | 516547ec4cca7f8038998b6f3c9d95b2 |
SHA1: | 41dbc19f9f6ce4279bfbef5e05ae7acb28771f8c |
SHA256: | fd602cbf605a4f9baffac0737c13291635ad0019567db051809d5bf8823dce5b |
Tags: | exe |
Infos: | |
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- 2LksWs2xq7.exe (PID: 1460 cmdline:
"C:\Users\ user\Deskt op\2LksWs2 xq7.exe" MD5: 516547EC4CCA7F8038998B6F3C9D95B2) - explorer.exe (PID: 4004 cmdline:
C:\Windows \Explorer. EXE MD5: 662F4F92FDE3557E86D110526BB578D5)
- thjwhdg (PID: 1292 cmdline:
C:\Users\u ser\AppDat a\Roaming\ thjwhdg MD5: 516547EC4CCA7F8038998B6F3C9D95B2)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
SmokeLoader | The SmokeLoader family is a generic backdoor with a range of capabilities which depend on the modules included in any given build of the malware. The malware is delivered in a variety of ways and is broadly associated with criminal activity. The malware frequently tries to hide its C2 activity by generating requests to legitimate sites such as microsoft.com, bing.com, adobe.com, and others. Typically the actual Download returns an HTTP 404 but still contains data in the Response Body. |
{"Version": 2022, "C2 list": ["http://nidoe.org/tmp/index.php", "http://sodez.ru/tmp/index.php", "http://uama.com.ua/tmp/index.php", "http://talesofpirates.net/tmp/index.php"]}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
Windows_Trojan_RedLineStealer_ed346e4c | unknown | unknown |
| |
Windows_Trojan_Smokeloader_3687686f | unknown | unknown |
| |
JoeSecurity_SmokeLoader_2 | Yara detected SmokeLoader | Joe Security | ||
Windows_Trojan_Smokeloader_4e31426e | unknown | unknown |
| |
JoeSecurity_SmokeLoader_2 | Yara detected SmokeLoader | Joe Security | ||
Click to see the 8 entries |
System Summary |
---|
Source: | Author: Max Altgelt (Nextron Systems): |
Timestamp: | 03/28/24-20:07:02.346243 |
SID: | 2039103 |
Source Port: | 49724 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 03/28/24-20:08:49.187772 |
SID: | 2039103 |
Source Port: | 49741 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 03/28/24-20:07:15.225304 |
SID: | 2039103 |
Source Port: | 49727 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 03/28/24-20:05:27.170103 |
SID: | 2039103 |
Source Port: | 49707 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 03/28/24-20:05:34.949817 |
SID: | 2039103 |
Source Port: | 49712 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 03/28/24-20:07:35.423338 |
SID: | 2039103 |
Source Port: | 49730 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 03/28/24-20:06:51.200235 |
SID: | 2039103 |
Source Port: | 49719 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 03/28/24-20:06:54.657173 |
SID: | 2039103 |
Source Port: | 49721 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 03/28/24-20:08:17.678736 |
SID: | 2039103 |
Source Port: | 49736 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 03/28/24-20:05:25.685814 |
SID: | 2039103 |
Source Port: | 49706 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 03/28/24-20:06:46.269047 |
SID: | 2039103 |
Source Port: | 49716 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 03/28/24-20:05:36.432664 |
SID: | 2039103 |
Source Port: | 49713 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 03/28/24-20:06:57.855820 |
SID: | 2039103 |
Source Port: | 49722 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 03/28/24-20:05:31.123675 |
SID: | 2039103 |
Source Port: | 49709 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 03/28/24-20:08:36.369057 |
SID: | 2039103 |
Source Port: | 49739 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 03/28/24-20:06:49.497917 |
SID: | 2039103 |
Source Port: | 49718 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 03/28/24-20:08:43.877516 |
SID: | 2039103 |
Source Port: | 49740 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 03/28/24-20:08:59.285702 |
SID: | 2039103 |
Source Port: | 49743 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 03/28/24-20:05:32.309558 |
SID: | 2039103 |
Source Port: | 49710 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 03/28/24-20:08:05.668089 |
SID: | 2039103 |
Source Port: | 49734 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 03/28/24-20:05:33.482097 |
SID: | 2039103 |
Source Port: | 49711 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 03/28/24-20:07:41.856599 |
SID: | 2039103 |
Source Port: | 49731 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 03/28/24-20:08:22.738399 |
SID: | 2039103 |
Source Port: | 49737 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 03/28/24-20:06:52.774020 |
SID: | 2039103 |
Source Port: | 49720 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 03/28/24-20:07:26.832952 |
SID: | 2039103 |
Source Port: | 49729 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 03/28/24-20:07:20.880532 |
SID: | 2039103 |
Source Port: | 49728 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 03/28/24-20:07:04.294789 |
SID: | 2039103 |
Source Port: | 49725 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 03/28/24-20:08:53.925839 |
SID: | 2039103 |
Source Port: | 49742 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 03/28/24-20:07:48.024170 |
SID: | 2039103 |
Source Port: | 49732 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 03/28/24-20:08:00.444144 |
SID: | 2039103 |
Source Port: | 49733 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 03/28/24-20:08:12.634222 |
SID: | 2039103 |
Source Port: | 49735 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 03/28/24-20:07:00.515898 |
SID: | 2039103 |
Source Port: | 49723 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 03/28/24-20:07:06.725072 |
SID: | 2039103 |
Source Port: | 49726 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 03/28/24-20:05:28.660406 |
SID: | 2039103 |
Source Port: | 49708 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 03/28/24-20:06:47.956371 |
SID: | 2039103 |
Source Port: | 49717 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 03/28/24-20:08:30.735487 |
SID: | 2039103 |
Source Port: | 49738 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: |
Source: | Avira: |
Source: | Malware Configuration Extractor: |
Source: | ReversingLabs: |
Source: | ReversingLabs: |
Source: | Static PE information: |
Source: | File opened: | Jump to behavior |
Networking |
---|
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: |
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior |
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: |
Source: | IP Address: | ||
Source: | IP Address: |
Source: | ASN Name: | ||
Source: | ASN Name: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Key, Mouse, Clipboard, Microphone and Screen Capturing |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Process Stats: |
Source: | Code function: | 0_2_004013ED | |
Source: | Code function: | 0_2_00401507 | |
Source: | Code function: | 0_2_00401518 | |
Source: | Code function: | 0_2_0040141C | |
Source: | Code function: | 0_2_0040151C | |
Source: | Code function: | 0_2_0040142C | |
Source: | Code function: | 0_2_004014E2 | |
Source: | Code function: | 0_2_004013EC | |
Source: | Code function: | 0_2_004014ED | |
Source: | Code function: | 0_2_004013F9 | |
Source: | Code function: | 0_2_00402381 | |
Source: | Code function: | 6_2_004013ED | |
Source: | Code function: | 6_2_00401507 | |
Source: | Code function: | 6_2_00401518 | |
Source: | Code function: | 6_2_0040141C | |
Source: | Code function: | 6_2_0040151C | |
Source: | Code function: | 6_2_0040142C | |
Source: | Code function: | 6_2_004014E2 | |
Source: | Code function: | 6_2_004013EC | |
Source: | Code function: | 6_2_004014ED | |
Source: | Code function: | 6_2_004013F9 | |
Source: | Code function: | 6_2_00402381 |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Classification label: |
Source: | Code function: | 0_2_00804B1E |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | ReversingLabs: |
Source: | Process created: | ||
Source: | Process created: |
Source: | Key value queried: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Data Obfuscation |
---|
Source: | Unpacked PE file: | ||
Source: | Unpacked PE file: |
Source: | Code function: | 0_2_00401211 | |
Source: | Code function: | 0_2_00401737 | |
Source: | Code function: | 0_2_004032BE | |
Source: | Code function: | 0_2_006B1278 | |
Source: | Code function: | 0_2_008057C7 | |
Source: | Code function: | 0_2_0080C1C9 | |
Source: | Code function: | 0_2_0080C542 | |
Source: | Code function: | 0_2_00808F5F | |
Source: | Code function: | 6_2_00401211 | |
Source: | Code function: | 6_2_00401737 | |
Source: | Code function: | 6_2_004032BE | |
Source: | Code function: | 6_2_006DBF6A | |
Source: | Code function: | 6_2_006D51EF | |
Source: | Code function: | 6_2_006DBBF1 | |
Source: | Code function: | 6_2_006D8987 | |
Source: | Code function: | 6_2_02161278 |
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to dropped file |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | File deleted: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior |
Source: | Binary or memory string: |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | System information queried: | Jump to behavior |
Source: | Process information queried: | Jump to behavior |
Anti Debugging |
---|
Source: | System information queried: | Jump to behavior | ||
Source: | System information queried: | Jump to behavior |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Source: | Code function: | 0_2_006B092B | |
Source: | Code function: | 0_2_006B0D90 | |
Source: | Code function: | 0_2_008043FB | |
Source: | Code function: | 6_2_006D3E23 | |
Source: | Code function: | 6_2_0216092B | |
Source: | Code function: | 6_2_02160D90 |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | File created: | Jump to dropped file |
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior |
Source: | Thread created: | Jump to behavior | ||
Source: | Thread created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Exploitation for Client Execution | 1 DLL Side-Loading | 32 Process Injection | 11 Masquerading | OS Credential Dumping | 411 Security Software Discovery | Remote Services | Data from Local System | 2 Non-Application Layer Protocol | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 12 Virtualization/Sandbox Evasion | LSASS Memory | 12 Virtualization/Sandbox Evasion | Remote Desktop Protocol | Data from Removable Media | 112 Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 32 Process Injection | Security Account Manager | 3 Process Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Steganography | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Hidden Files and Directories | NTDS | 1 Application Window Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Obfuscated Files or Information | LSA Secrets | 1 File and Directory Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 Software Packing | Cached Domain Credentials | 2 System Information Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 1 DLL Side-Loading | DCSync | Remote System Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 1 File Deletion | Proc Filesystem | System Owner/User Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
61% | ReversingLabs | Win32.Trojan.Privateloader | ||
100% | Avira | HEUR/AGEN.1352954 |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira | HEUR/AGEN.1352954 | ||
61% | ReversingLabs | Win32.Trojan.Privateloader |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
nidoe.org | 175.119.10.231 | true | true | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| low | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
95.86.30.3 | unknown | Macedonia | 49056 | INEL-AS-MK | true | |
175.119.10.231 | nidoe.org | Korea Republic of | 9318 | SKB-ASSKBroadbandCoLtdKR | true |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1417244 |
Start date and time: | 2024-03-28 20:04:11 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 8m 23s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 7 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 1 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | 2LksWs2xq7.exerenamed because original name is a hash value |
Original Sample Name: | 516547ec4cca7f8038998b6f3c9d95b2.exe |
Detection: | MAL |
Classification: | mal100.troj.evad.winEXE@2/2@8/2 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Report size getting too big, too many NtEnumerateKey calls found.
- Report size getting too big, too many NtOpenKey calls found.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- VT rate limit hit for: 2LksWs2xq7.exe
Time | Type | Description |
---|---|---|
20:05:07 | API Interceptor | |
20:05:20 | Task Scheduler |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
95.86.30.3 | Get hash | malicious | LummaC, Babuk, Clipboard Hijacker, Djvu, Glupteba, LummaC Stealer, SmokeLoader | Browse |
| |
Get hash | malicious | LummaC, Glupteba, LummaC Stealer, Mars Stealer, SmokeLoader, Socks5Systemz, Stealc | Browse |
| ||
Get hash | malicious | LummaC, Glupteba, LummaC Stealer, SmokeLoader, Socks5Systemz, Stealc, Xmrig | Browse |
| ||
Get hash | malicious | Glupteba, LummaC Stealer, SmokeLoader, Stealc | Browse |
| ||
Get hash | malicious | LummaC, Glupteba, LummaC Stealer, SmokeLoader, Stealc, Vidar | Browse |
| ||
Get hash | malicious | LummaC, Babuk, Clipboard Hijacker, Djvu, PureLog Stealer, RedLine, SmokeLoader | Browse |
| ||
Get hash | malicious | LummaC, Babuk, Djvu, PureLog Stealer, RedLine, SmokeLoader, Stealc | Browse |
| ||
Get hash | malicious | LummaC, Babuk, Clipboard Hijacker, Djvu, RedLine, SmokeLoader, Stealc | Browse |
| ||
Get hash | malicious | Amadey, PureLog Stealer, SmokeLoader | Browse |
| ||
Get hash | malicious | LummaC, Babuk, Clipboard Hijacker, Djvu, PureLog Stealer, SmokeLoader, Vidar | Browse |
| ||
175.119.10.231 | Get hash | malicious | LummaC, Amadey, Glupteba, LummaC Stealer, Mars Stealer, RedLine, SmokeLoader | Browse |
| |
Get hash | malicious | Babuk, Djvu | Browse |
| ||
Get hash | malicious | Glupteba, LummaC Stealer, SmokeLoader, Stealc | Browse |
| ||
Get hash | malicious | Glupteba, LummaC Stealer, SmokeLoader, Stealc, Xmrig | Browse |
| ||
Get hash | malicious | Amadey, SmokeLoader | Browse |
| ||
Get hash | malicious | LummaC, Glupteba, SmokeLoader, Stealc | Browse |
| ||
Get hash | malicious | LummaC, Glupteba, SmokeLoader, Stealc | Browse |
| ||
Get hash | malicious | LummaC, Amadey, Babuk, Clipboard Hijacker, Djvu, LummaC Stealer, RedLine | Browse |
| ||
Get hash | malicious | Amadey, SmokeLoader | Browse |
| ||
Get hash | malicious | Babuk, Clipboard Hijacker, Djvu | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
nidoe.org | Get hash | malicious | SmokeLoader | Browse |
| |
Get hash | malicious | Amadey, Glupteba, Mars Stealer, PureLog Stealer, RedLine, RisePro Stealer, SmokeLoader | Browse |
| ||
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | LummaC, Glupteba, LummaC Stealer, Mars Stealer, PureLog Stealer, SmokeLoader, Socks5Systemz | Browse |
| ||
Get hash | malicious | LummaC, Glupteba, LummaC Stealer, Mars Stealer, PureLog Stealer, SmokeLoader, Socks5Systemz | Browse |
| ||
Get hash | malicious | LummaC, Glupteba, LummaC Stealer, Mars Stealer, SmokeLoader, Socks5Systemz, Stealc | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
SKB-ASSKBroadbandCoLtdKR | Get hash | malicious | Mirai | Browse |
| |
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Moobot | Browse |
| ||
Get hash | malicious | Moobot | Browse |
| ||
Get hash | malicious | Mirai, Moobot | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
INEL-AS-MK | Get hash | malicious | LummaC, Babuk, Clipboard Hijacker, Djvu, Glupteba, LummaC Stealer, SmokeLoader | Browse |
| |
Get hash | malicious | LummaC, Glupteba, LummaC Stealer, Mars Stealer, SmokeLoader, Socks5Systemz, Stealc | Browse |
| ||
Get hash | malicious | LummaC, Glupteba, LummaC Stealer, SmokeLoader, Socks5Systemz, Stealc, Xmrig | Browse |
| ||
Get hash | malicious | Glupteba, LummaC Stealer, SmokeLoader, Stealc | Browse |
| ||
Get hash | malicious | LummaC, Glupteba, LummaC Stealer, SmokeLoader, Stealc, Vidar | Browse |
| ||
Get hash | malicious | LummaC, Babuk, Clipboard Hijacker, Djvu, PureLog Stealer, RedLine, SmokeLoader | Browse |
| ||
Get hash | malicious | LummaC, Babuk, Djvu, PureLog Stealer, RedLine, SmokeLoader, Stealc | Browse |
| ||
Get hash | malicious | LummaC, Babuk, Clipboard Hijacker, Djvu, RedLine, SmokeLoader, Stealc | Browse |
| ||
Get hash | malicious | Amadey, PureLog Stealer, SmokeLoader | Browse |
| ||
Get hash | malicious | LummaC, Babuk, Clipboard Hijacker, Djvu, PureLog Stealer, SmokeLoader, Vidar | Browse |
|
Process: | C:\Windows\explorer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 228864 |
Entropy (8bit): | 6.0416885398973115 |
Encrypted: | false |
SSDEEP: | 3072:nRgqc0TaB1K9OXUr/EtJklTVPuAuqmNDghM/Aqe2+V6eC2OiH:nDc0T81K9YUBVPSj83qZ+V64 |
MD5: | 516547EC4CCA7F8038998B6F3C9D95B2 |
SHA1: | 41DBC19F9F6CE4279BFBEF5E05AE7ACB28771F8C |
SHA-256: | FD602CBF605A4F9BAFFAC0737C13291635AD0019567DB051809D5BF8823DCE5B |
SHA-512: | 4A651372FE7D9E29AC20CE6DA21985BD2B48D7D96F72E4421AD0046AB65571A4E94DF3FA5BE01532E48E57A1316783F0E07578C58B29E7A791F7C38E1E0BC844 |
Malicious: | true |
Antivirus: |
|
Reputation: | low |
Preview: |
Process: | C:\Windows\explorer.exe |
File Type: | |
Category: | modified |
Size (bytes): | 26 |
Entropy (8bit): | 3.95006375643621 |
Encrypted: | false |
SSDEEP: | 3:ggPYV:rPYV |
MD5: | 187F488E27DB4AF347237FE461A079AD |
SHA1: | 6693BA299EC1881249D59262276A0D2CB21F8E64 |
SHA-256: | 255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309 |
SHA-512: | 89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E |
Malicious: | true |
Reputation: | high, very likely benign file |
Preview: |
File type: | |
Entropy (8bit): | 6.0416885398973115 |
TrID: |
|
File name: | 2LksWs2xq7.exe |
File size: | 228'864 bytes |
MD5: | 516547ec4cca7f8038998b6f3c9d95b2 |
SHA1: | 41dbc19f9f6ce4279bfbef5e05ae7acb28771f8c |
SHA256: | fd602cbf605a4f9baffac0737c13291635ad0019567db051809d5bf8823dce5b |
SHA512: | 4a651372fe7d9e29ac20ce6da21985bd2b48d7d96f72e4421ad0046ab65571a4e94df3fa5be01532e48e57a1316783f0e07578c58b29e7a791f7c38e1e0bc844 |
SSDEEP: | 3072:nRgqc0TaB1K9OXUr/EtJklTVPuAuqmNDghM/Aqe2+V6eC2OiH:nDc0T81K9YUBVPSj83qZ+V64 |
TLSH: | 6B245B2136F1B436F3F75E3059B496A43A7BBC736A35818F2650172E2E716C18E62713 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B..\#.[\#.[\#.[3U.[D#.[3U [(#.[3U![{#.[U[.[W#.[\#.[7#.[3U%[]#.[3U.[]#.[3U.[]#.[Rich\#.[........................PE..L......d... |
Icon Hash: | 1369554d29170717 |
Entrypoint: | 0x401eb1 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | TERMINAL_SERVER_AWARE |
Time Stamp: | 0x64C783C5 [Mon Jul 31 09:49:57 2023 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 1 |
File Version Major: | 5 |
File Version Minor: | 1 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 1 |
Import Hash: | e381a5a93083caf35e69fd7d319ba0c4 |
Instruction |
---|
call 00007F4300EEF1C7h |
jmp 00007F4300EEB3AEh |
mov edi, edi |
push ebp |
mov ebp, esp |
sub esp, 20h |
mov eax, dword ptr [ebp+08h] |
push esi |
push edi |
push 00000008h |
pop ecx |
mov esi, 00411248h |
lea edi, dword ptr [ebp-20h] |
rep movsd |
mov dword ptr [ebp-08h], eax |
mov eax, dword ptr [ebp+0Ch] |
pop edi |
mov dword ptr [ebp-04h], eax |
pop esi |
test eax, eax |
je 00007F4300EEB52Eh |
test byte ptr [eax], 00000008h |
je 00007F4300EEB529h |
mov dword ptr [ebp-0Ch], 01994000h |
lea eax, dword ptr [ebp-0Ch] |
push eax |
push dword ptr [ebp-10h] |
push dword ptr [ebp-1Ch] |
push dword ptr [ebp-20h] |
call dword ptr [004110B8h] |
leave |
retn 0008h |
mov edi, edi |
push ebp |
mov ebp, esp |
sub esp, 00000328h |
mov dword ptr [0042B308h], eax |
mov dword ptr [0042B304h], ecx |
mov dword ptr [0042B300h], edx |
mov dword ptr [0042B2FCh], ebx |
mov dword ptr [0042B2F8h], esi |
mov dword ptr [0042B2F4h], edi |
mov word ptr [0042B320h], ss |
mov word ptr [0042B314h], cs |
mov word ptr [0042B2F0h], ds |
mov word ptr [0042B2ECh], es |
mov word ptr [0042B2E8h], fs |
mov word ptr [0042B2E4h], gs |
pushfd |
pop dword ptr [0042B318h] |
mov eax, dword ptr [ebp+00h] |
mov dword ptr [0042B30Ch], eax |
mov eax, dword ptr [ebp+04h] |
mov dword ptr [0042B310h], eax |
lea eax, dword ptr [ebp+08h] |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x28534 | 0x78 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x12e000 | 0xd990 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x11000 | 0x194 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0xf2a8 | 0xf400 | d215a438b80eb999d964fd82a5cb8317 | False | 0.5983766649590164 | data | 6.661189577063078 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x11000 | 0x17e6e | 0x18000 | dec2ae2d92ee3cb96523e54dcf9ce10d | False | 0.60430908203125 | data | 5.926524101334516 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x29000 | 0x1042e4 | 0x2c00 | 4609a0f1c6ec4f7d4008ceb21588a6d1 | False | 0.15802556818181818 | data | 1.8744044821231935 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0x12e000 | 0xd990 | 0xda00 | 81c5d921799d2b26f2ece32c56ec2f84 | False | 0.4755590596330275 | data | 5.0005074647430465 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
AFX_DIALOG_LAYOUT | 0x134fe8 | 0x2 | data | 5.0 | ||
RT_CURSOR | 0x134ff0 | 0x130 | Device independent bitmap graphic, 32 x 64 x 1, image size 0 | 0.4276315789473684 | ||
RT_CURSOR | 0x135138 | 0x134 | Targa image data - Map - RLE 64 x 65536 x 1 +32 "\001" | 0.75 | ||
RT_ICON | 0x12e770 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 0 | Spanish | Peru | 0.43470149253731344 |
RT_ICON | 0x12f618 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 0 | Spanish | Peru | 0.5676895306859205 |
RT_ICON | 0x12fec0 | 0x6c8 | Device independent bitmap graphic, 24 x 48 x 8, image size 0 | Spanish | Peru | 0.6376728110599078 |
RT_ICON | 0x130588 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 0 | Spanish | Peru | 0.7153179190751445 |
RT_ICON | 0x130af0 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | Spanish | Peru | 0.5604771784232365 |
RT_ICON | 0x133098 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 0 | Spanish | Peru | 0.5931050656660413 |
RT_ICON | 0x134140 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 0 | Spanish | Peru | 0.6741803278688525 |
RT_ICON | 0x134ac8 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | Spanish | Peru | 0.7145390070921985 |
RT_DIALOG | 0x135478 | 0x98 | data | 0.7631578947368421 | ||
RT_STRING | 0x135510 | 0xf2 | data | 0.5413223140495868 | ||
RT_STRING | 0x135608 | 0x622 | data | 0.44012738853503186 | ||
RT_STRING | 0x135c30 | 0x772 | data | 0.42077649527806926 | ||
RT_STRING | 0x1363a8 | 0x70a | data | 0.42896781354051056 | ||
RT_STRING | 0x136ab8 | 0x630 | data | 0.43308080808080807 | ||
RT_STRING | 0x1370e8 | 0x76a | data | 0.4262381454162276 | ||
RT_STRING | 0x137858 | 0x6a6 | data | 0.43243243243243246 | ||
RT_STRING | 0x137f00 | 0x122 | data | 0.5137931034482759 | ||
RT_STRING | 0x138028 | 0x722 | data | 0.4304490690032859 | ||
RT_STRING | 0x138750 | 0x7d8 | data | 0.42778884462151395 | ||
RT_STRING | 0x138f28 | 0x756 | data | 0.4185303514376997 | ||
RT_STRING | 0x139680 | 0x64c | data | 0.43300248138957814 | ||
RT_STRING | 0x139cd0 | 0x67e | data | 0.42839951865222625 | ||
RT_STRING | 0x13a350 | 0x5a2 | data | 0.44244105409153955 | ||
RT_STRING | 0x13a8f8 | 0x744 | data | 0.4290322580645161 | ||
RT_STRING | 0x13b040 | 0x5e8 | data | 0.44246031746031744 | ||
RT_STRING | 0x13b628 | 0x368 | data | 0.4724770642201835 | ||
RT_ACCELERATOR | 0x134fa8 | 0x40 | data | 0.859375 | ||
RT_GROUP_CURSOR | 0x135120 | 0x14 | data | 1.15 | ||
RT_GROUP_CURSOR | 0x135270 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.3 | ||
RT_GROUP_ICON | 0x134f30 | 0x76 | data | Spanish | Peru | 0.6610169491525424 |
RT_VERSION | 0x135288 | 0x1f0 | MS Windows COFF PowerPC object file | 0.5705645161290323 |
DLL | Import |
---|---|
KERNEL32.dll | GetNumaProcessorNode, DebugActiveProcessStop, GetConsoleAliasExesLengthA, SetUnhandledExceptionFilter, InterlockedIncrement, WaitForSingleObject, SetComputerNameW, ConnectNamedPipe, GetModuleHandleW, GetTickCount, LoadLibraryW, GetLocaleInfoW, GetFileAttributesA, HeapCreate, lstrcpynW, FindNextVolumeMountPointW, SetConsoleTitleA, GetConsoleOutputCP, GetLastError, TryEnterCriticalSection, GetThreadLocale, GetProcAddress, HeapSize, GetAtomNameA, CreateHardLinkW, FindAtomA, GlobalFindAtomW, SetSystemTime, GetModuleFileNameA, SetConsoleTitleW, HeapSetInformation, GetCurrentDirectoryA, SetCalendarInfoA, FindAtomW, CloseHandle, GetLongPathNameW, CreateFileA, CreateFileW, ReadFile, FlushFileBuffers, HeapReAlloc, HeapAlloc, GetCommandLineA, GetStartupInfoW, RaiseException, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, IsDebuggerPresent, DecodePointer, EncodePointer, HeapFree, IsProcessorFeaturePresent, ExitProcess, WriteFile, GetStdHandle, GetModuleFileNameW, EnterCriticalSection, LeaveCriticalSection, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, SetHandleCount, InitializeCriticalSectionAndSpinCount, GetFileType, DeleteCriticalSection, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, SetLastError, GetCurrentThreadId, InterlockedDecrement, QueryPerformanceCounter, GetCurrentProcessId, GetSystemTimeAsFileTime, SetFilePointer, GetConsoleCP, GetConsoleMode, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, Sleep, RtlUnwind, MultiByteToWideChar, SetStdHandle, WriteConsoleW, LCMapStringW, GetStringTypeW |
USER32.dll | CopyRect, GetMonitorInfoW, LoadIconW |
ADVAPI32.dll | RegCreateKeyW |
ole32.dll | CoTaskMemFree |
WINHTTP.dll | WinHttpOpen |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
Spanish | Peru |
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
03/28/24-20:07:02.346243 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49724 | 80 | 192.168.2.6 | 175.119.10.231 |
03/28/24-20:08:49.187772 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49741 | 80 | 192.168.2.6 | 95.86.30.3 |
03/28/24-20:07:15.225304 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49727 | 80 | 192.168.2.6 | 175.119.10.231 |
03/28/24-20:05:27.170103 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49707 | 80 | 192.168.2.6 | 175.119.10.231 |
03/28/24-20:05:34.949817 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49712 | 80 | 192.168.2.6 | 175.119.10.231 |
03/28/24-20:07:35.423338 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49730 | 80 | 192.168.2.6 | 175.119.10.231 |
03/28/24-20:06:51.200235 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49719 | 80 | 192.168.2.6 | 175.119.10.231 |
03/28/24-20:06:54.657173 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49721 | 80 | 192.168.2.6 | 175.119.10.231 |
03/28/24-20:08:17.678736 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49736 | 80 | 192.168.2.6 | 95.86.30.3 |
03/28/24-20:05:25.685814 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49706 | 80 | 192.168.2.6 | 175.119.10.231 |
03/28/24-20:06:46.269047 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49716 | 80 | 192.168.2.6 | 175.119.10.231 |
03/28/24-20:05:36.432664 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49713 | 80 | 192.168.2.6 | 175.119.10.231 |
03/28/24-20:06:57.855820 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49722 | 80 | 192.168.2.6 | 175.119.10.231 |
03/28/24-20:05:31.123675 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49709 | 80 | 192.168.2.6 | 175.119.10.231 |
03/28/24-20:08:36.369057 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49739 | 80 | 192.168.2.6 | 95.86.30.3 |
03/28/24-20:06:49.497917 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49718 | 80 | 192.168.2.6 | 175.119.10.231 |
03/28/24-20:08:43.877516 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49740 | 80 | 192.168.2.6 | 95.86.30.3 |
03/28/24-20:08:59.285702 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49743 | 80 | 192.168.2.6 | 95.86.30.3 |
03/28/24-20:05:32.309558 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49710 | 80 | 192.168.2.6 | 175.119.10.231 |
03/28/24-20:08:05.668089 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49734 | 80 | 192.168.2.6 | 95.86.30.3 |
03/28/24-20:05:33.482097 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49711 | 80 | 192.168.2.6 | 175.119.10.231 |
03/28/24-20:07:41.856599 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49731 | 80 | 192.168.2.6 | 175.119.10.231 |
03/28/24-20:08:22.738399 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49737 | 80 | 192.168.2.6 | 95.86.30.3 |
03/28/24-20:06:52.774020 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49720 | 80 | 192.168.2.6 | 175.119.10.231 |
03/28/24-20:07:26.832952 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49729 | 80 | 192.168.2.6 | 175.119.10.231 |
03/28/24-20:07:20.880532 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49728 | 80 | 192.168.2.6 | 175.119.10.231 |
03/28/24-20:07:04.294789 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49725 | 80 | 192.168.2.6 | 175.119.10.231 |
03/28/24-20:08:53.925839 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49742 | 80 | 192.168.2.6 | 95.86.30.3 |
03/28/24-20:07:48.024170 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49732 | 80 | 192.168.2.6 | 175.119.10.231 |
03/28/24-20:08:00.444144 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49733 | 80 | 192.168.2.6 | 95.86.30.3 |
03/28/24-20:08:12.634222 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49735 | 80 | 192.168.2.6 | 95.86.30.3 |
03/28/24-20:07:00.515898 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49723 | 80 | 192.168.2.6 | 175.119.10.231 |
03/28/24-20:07:06.725072 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49726 | 80 | 192.168.2.6 | 175.119.10.231 |
03/28/24-20:05:28.660406 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49708 | 80 | 192.168.2.6 | 175.119.10.231 |
03/28/24-20:06:47.956371 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49717 | 80 | 192.168.2.6 | 175.119.10.231 |
03/28/24-20:08:30.735487 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49738 | 80 | 192.168.2.6 | 95.86.30.3 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 28, 2024 20:05:25.400114059 CET | 49706 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:05:25.685472965 CET | 80 | 49706 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:05:25.685604095 CET | 49706 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:05:25.685813904 CET | 49706 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:05:25.685846090 CET | 49706 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:05:25.971050978 CET | 80 | 49706 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:05:26.877980947 CET | 80 | 49706 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:05:26.878007889 CET | 80 | 49706 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:05:26.878062963 CET | 49706 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:05:26.878144979 CET | 49706 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:05:26.881278992 CET | 49707 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:05:27.166768074 CET | 80 | 49706 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:05:27.169826031 CET | 80 | 49707 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:05:27.169939995 CET | 49707 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:05:27.170103073 CET | 49707 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:05:27.170135021 CET | 49707 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:05:27.456393003 CET | 80 | 49707 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:05:28.372564077 CET | 80 | 49707 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:05:28.372586966 CET | 80 | 49707 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:05:28.372629881 CET | 49707 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:05:28.374824047 CET | 49707 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:05:28.379293919 CET | 49708 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:05:28.660109043 CET | 80 | 49708 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:05:28.660227060 CET | 49708 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:05:28.660406113 CET | 49708 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:05:28.660439014 CET | 49708 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:05:28.660830975 CET | 80 | 49707 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:05:28.941353083 CET | 80 | 49708 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:05:29.845619917 CET | 80 | 49708 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:05:29.845664024 CET | 80 | 49708 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:05:29.845714092 CET | 49708 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:05:30.800257921 CET | 49708 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:05:30.840287924 CET | 49709 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:05:31.081002951 CET | 80 | 49708 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:05:31.123410940 CET | 80 | 49709 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:05:31.123532057 CET | 49709 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:05:31.123675108 CET | 49709 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:05:31.123703957 CET | 49709 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:05:31.406826019 CET | 80 | 49709 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:05:32.023825884 CET | 80 | 49709 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:05:32.023847103 CET | 80 | 49709 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:05:32.024000883 CET | 49709 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:05:32.024133921 CET | 49709 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:05:32.026973009 CET | 49710 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:05:32.307293892 CET | 80 | 49709 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:05:32.309175968 CET | 80 | 49710 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:05:32.309323072 CET | 49710 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:05:32.309557915 CET | 49710 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:05:32.309571981 CET | 49710 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:05:32.591974974 CET | 80 | 49710 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:05:33.197962046 CET | 80 | 49710 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:05:33.197983980 CET | 80 | 49710 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:05:33.198052883 CET | 49710 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:05:33.198122978 CET | 49710 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:05:33.201149940 CET | 49711 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:05:33.480566025 CET | 80 | 49710 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:05:33.481813908 CET | 80 | 49711 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:05:33.481897116 CET | 49711 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:05:33.482096910 CET | 49711 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:05:33.482144117 CET | 49711 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:05:33.762927055 CET | 80 | 49711 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:05:34.657016993 CET | 80 | 49711 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:05:34.657041073 CET | 80 | 49711 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:05:34.657197952 CET | 49711 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:05:34.657402039 CET | 49711 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:05:34.662424088 CET | 49712 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:05:34.937731028 CET | 80 | 49711 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:05:34.945310116 CET | 80 | 49712 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:05:34.945399046 CET | 49712 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:05:34.949816942 CET | 49712 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:05:34.949816942 CET | 49712 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:05:35.232886076 CET | 80 | 49712 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:05:36.146157026 CET | 80 | 49712 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:05:36.146210909 CET | 80 | 49712 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:05:36.146342039 CET | 49712 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:05:36.146383047 CET | 49712 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:05:36.148966074 CET | 49713 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:05:36.432359934 CET | 80 | 49713 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:05:36.432476044 CET | 49713 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:05:36.432663918 CET | 49713 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:05:36.432687044 CET | 49713 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:05:36.716238976 CET | 80 | 49713 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:05:36.842943907 CET | 49712 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:05:37.126177073 CET | 80 | 49712 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:05:37.325489044 CET | 80 | 49713 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:05:37.325514078 CET | 80 | 49713 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:05:37.325576067 CET | 49713 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:05:37.326029062 CET | 49713 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:05:37.609380007 CET | 80 | 49713 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:06:45.894399881 CET | 49716 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:06:46.178981066 CET | 80 | 49716 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:06:46.179076910 CET | 49716 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:06:46.269047022 CET | 49716 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:06:46.269078970 CET | 49716 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:06:46.552026033 CET | 80 | 49716 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:06:47.464737892 CET | 80 | 49716 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:06:47.464766979 CET | 80 | 49716 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:06:47.464828968 CET | 49716 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:06:47.464900970 CET | 49716 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:06:47.669586897 CET | 49717 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:06:47.747998953 CET | 80 | 49716 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:06:47.955975056 CET | 80 | 49717 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:06:47.956119061 CET | 49717 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:06:47.956371069 CET | 49717 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:06:47.956423044 CET | 49717 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:06:48.242369890 CET | 80 | 49717 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:06:49.132880926 CET | 80 | 49717 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:06:49.132910013 CET | 80 | 49717 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:06:49.133034945 CET | 49717 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:06:49.133086920 CET | 49717 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:06:49.214215994 CET | 49718 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:06:49.418904066 CET | 80 | 49717 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:06:49.497657061 CET | 80 | 49718 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:06:49.497740030 CET | 49718 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:06:49.497916937 CET | 49718 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:06:49.497934103 CET | 49718 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:06:49.781147003 CET | 80 | 49718 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:06:50.681258917 CET | 80 | 49718 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:06:50.681282997 CET | 80 | 49718 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:06:50.681349039 CET | 49718 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:06:50.681420088 CET | 49718 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:06:50.916824102 CET | 49719 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:06:50.964669943 CET | 80 | 49718 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:06:51.199876070 CET | 80 | 49719 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:06:51.199995041 CET | 49719 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:06:51.200234890 CET | 49719 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:06:51.200265884 CET | 49719 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:06:51.483254910 CET | 80 | 49719 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:06:52.379262924 CET | 80 | 49719 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:06:52.379287958 CET | 80 | 49719 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:06:52.379400969 CET | 49719 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:06:52.381995916 CET | 49719 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:06:52.491750956 CET | 49720 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:06:52.664964914 CET | 80 | 49719 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:06:52.773782969 CET | 80 | 49720 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:06:52.773881912 CET | 49720 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:06:52.774019957 CET | 49720 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:06:52.774043083 CET | 49720 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:06:53.056044102 CET | 80 | 49720 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:06:53.968071938 CET | 80 | 49720 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:06:53.968180895 CET | 80 | 49720 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:06:53.968199968 CET | 49720 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:06:53.968234062 CET | 49720 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:06:54.373897076 CET | 49721 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:06:54.656879902 CET | 80 | 49721 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:06:54.657025099 CET | 49721 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:06:54.657172918 CET | 49721 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:06:54.657195091 CET | 49721 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:06:54.702250957 CET | 49720 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:06:54.940164089 CET | 80 | 49721 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:06:54.984721899 CET | 80 | 49720 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:06:55.848993063 CET | 80 | 49721 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:06:55.849029064 CET | 80 | 49721 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:06:55.849153996 CET | 49721 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:06:57.020792007 CET | 49721 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:06:57.303678989 CET | 80 | 49721 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:06:57.572329044 CET | 49722 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:06:57.855586052 CET | 80 | 49722 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:06:57.855659962 CET | 49722 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:06:57.855819941 CET | 49722 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:06:57.855854988 CET | 49722 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:06:58.139030933 CET | 80 | 49722 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:06:59.051762104 CET | 80 | 49722 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:06:59.051786900 CET | 80 | 49722 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:06:59.051847935 CET | 49722 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:06:59.051922083 CET | 49722 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:06:59.335294008 CET | 80 | 49722 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:07:00.232381105 CET | 49723 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:07:00.515602112 CET | 80 | 49723 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:07:00.515702009 CET | 49723 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:07:00.515897989 CET | 49723 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:07:00.515933990 CET | 49723 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:07:00.799160004 CET | 80 | 49723 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:07:01.688498020 CET | 80 | 49723 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:07:01.688519955 CET | 80 | 49723 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:07:01.688612938 CET | 49723 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:07:01.688672066 CET | 49723 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:07:01.971688032 CET | 80 | 49723 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:07:02.060142040 CET | 49724 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:07:02.345983028 CET | 80 | 49724 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:07:02.346060038 CET | 49724 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:07:02.346242905 CET | 49724 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:07:02.346854925 CET | 49724 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:07:02.632361889 CET | 80 | 49724 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:07:03.550400972 CET | 80 | 49724 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:07:03.550429106 CET | 80 | 49724 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:07:03.550472975 CET | 49724 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:07:03.550527096 CET | 49724 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:07:03.836695910 CET | 80 | 49724 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:07:04.007802963 CET | 49725 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:07:04.294378042 CET | 80 | 49725 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:07:04.294542074 CET | 49725 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:07:04.294789076 CET | 49725 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:07:04.294841051 CET | 49725 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:07:04.582057953 CET | 80 | 49725 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:07:05.191139936 CET | 80 | 49725 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:07:05.191165924 CET | 80 | 49725 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:07:05.191282988 CET | 49725 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:07:05.191318035 CET | 49725 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:07:05.477983952 CET | 80 | 49725 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:07:06.444127083 CET | 49726 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:07:06.724813938 CET | 80 | 49726 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:07:06.724929094 CET | 49726 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:07:06.725071907 CET | 49726 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:07:06.725085974 CET | 49726 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:07:07.006850004 CET | 80 | 49726 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:07:07.930389881 CET | 80 | 49726 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:07:07.930421114 CET | 80 | 49726 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:07:07.930479050 CET | 49726 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:07:07.940057993 CET | 49726 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:07:08.223593950 CET | 80 | 49726 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:07:14.938976049 CET | 49727 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:07:15.225008965 CET | 80 | 49727 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:07:15.225097895 CET | 49727 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:07:15.225303888 CET | 49727 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:07:15.225347042 CET | 49727 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:07:15.508750916 CET | 80 | 49727 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:07:16.112449884 CET | 80 | 49727 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:07:16.112574100 CET | 80 | 49727 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:07:16.112638950 CET | 49727 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:07:16.113718033 CET | 49727 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:07:16.396171093 CET | 80 | 49727 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:07:20.594616890 CET | 49728 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:07:20.880131960 CET | 80 | 49728 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:07:20.880327940 CET | 49728 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:07:20.880532026 CET | 49728 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:07:20.880568027 CET | 49728 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:07:21.166059017 CET | 80 | 49728 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:07:22.065589905 CET | 80 | 49728 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:07:22.065617085 CET | 80 | 49728 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:07:22.065690994 CET | 49728 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:07:22.065751076 CET | 49728 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:07:22.351459026 CET | 80 | 49728 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:07:26.549351931 CET | 49729 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:07:26.832628965 CET | 80 | 49729 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:07:26.832750082 CET | 49729 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:07:26.832952023 CET | 49729 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:07:26.832978964 CET | 49729 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:07:27.114713907 CET | 80 | 49729 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:07:28.020623922 CET | 80 | 49729 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:07:28.020648003 CET | 80 | 49729 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:07:28.020745039 CET | 49729 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:07:28.023586988 CET | 49729 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:07:28.305393934 CET | 80 | 49729 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:07:35.139056921 CET | 49730 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:07:35.423015118 CET | 80 | 49730 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:07:35.423140049 CET | 49730 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:07:35.423337936 CET | 49730 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:07:35.423362970 CET | 49730 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:07:35.707289934 CET | 80 | 49730 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:07:36.612860918 CET | 80 | 49730 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:07:36.612899065 CET | 80 | 49730 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:07:36.612978935 CET | 49730 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:07:36.613054991 CET | 49730 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:07:36.896661997 CET | 80 | 49730 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:07:41.571033955 CET | 49731 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:07:41.856301069 CET | 80 | 49731 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:07:41.856448889 CET | 49731 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:07:41.856599092 CET | 49731 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:07:41.856612921 CET | 49731 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:07:42.145031929 CET | 80 | 49731 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:07:42.753878117 CET | 80 | 49731 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:07:42.753905058 CET | 80 | 49731 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:07:42.754009008 CET | 49731 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:07:42.754116058 CET | 49731 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:07:43.039653063 CET | 80 | 49731 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:07:47.742736101 CET | 49732 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:07:48.023891926 CET | 80 | 49732 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:07:48.024035931 CET | 49732 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:07:48.024169922 CET | 49732 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:07:48.024183035 CET | 49732 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:07:48.305098057 CET | 80 | 49732 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:07:48.910877943 CET | 80 | 49732 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:07:48.910906076 CET | 80 | 49732 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:07:48.911036968 CET | 49732 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:07:50.429822922 CET | 49732 | 80 | 192.168.2.6 | 175.119.10.231 |
Mar 28, 2024 20:07:50.710891962 CET | 80 | 49732 | 175.119.10.231 | 192.168.2.6 |
Mar 28, 2024 20:08:00.217359066 CET | 49733 | 80 | 192.168.2.6 | 95.86.30.3 |
Mar 28, 2024 20:08:00.443892956 CET | 80 | 49733 | 95.86.30.3 | 192.168.2.6 |
Mar 28, 2024 20:08:00.443977118 CET | 49733 | 80 | 192.168.2.6 | 95.86.30.3 |
Mar 28, 2024 20:08:00.444144011 CET | 49733 | 80 | 192.168.2.6 | 95.86.30.3 |
Mar 28, 2024 20:08:00.444165945 CET | 49733 | 80 | 192.168.2.6 | 95.86.30.3 |
Mar 28, 2024 20:08:00.659874916 CET | 80 | 49733 | 95.86.30.3 | 192.168.2.6 |
Mar 28, 2024 20:08:00.770781040 CET | 80 | 49733 | 95.86.30.3 | 192.168.2.6 |
Mar 28, 2024 20:08:00.770839930 CET | 80 | 49733 | 95.86.30.3 | 192.168.2.6 |
Mar 28, 2024 20:08:00.770891905 CET | 49733 | 80 | 192.168.2.6 | 95.86.30.3 |
Mar 28, 2024 20:08:00.770953894 CET | 49733 | 80 | 192.168.2.6 | 95.86.30.3 |
Mar 28, 2024 20:08:00.985162020 CET | 80 | 49733 | 95.86.30.3 | 192.168.2.6 |
Mar 28, 2024 20:08:05.450437069 CET | 49734 | 80 | 192.168.2.6 | 95.86.30.3 |
Mar 28, 2024 20:08:05.665708065 CET | 80 | 49734 | 95.86.30.3 | 192.168.2.6 |
Mar 28, 2024 20:08:05.665783882 CET | 49734 | 80 | 192.168.2.6 | 95.86.30.3 |
Mar 28, 2024 20:08:05.668088913 CET | 49734 | 80 | 192.168.2.6 | 95.86.30.3 |
Mar 28, 2024 20:08:05.668121099 CET | 49734 | 80 | 192.168.2.6 | 95.86.30.3 |
Mar 28, 2024 20:08:05.886984110 CET | 80 | 49734 | 95.86.30.3 | 192.168.2.6 |
Mar 28, 2024 20:08:06.001401901 CET | 80 | 49734 | 95.86.30.3 | 192.168.2.6 |
Mar 28, 2024 20:08:06.002844095 CET | 80 | 49734 | 95.86.30.3 | 192.168.2.6 |
Mar 28, 2024 20:08:06.002913952 CET | 49734 | 80 | 192.168.2.6 | 95.86.30.3 |
Mar 28, 2024 20:08:06.189616919 CET | 49734 | 80 | 192.168.2.6 | 95.86.30.3 |
Mar 28, 2024 20:08:06.405381918 CET | 80 | 49734 | 95.86.30.3 | 192.168.2.6 |
Mar 28, 2024 20:08:12.418509007 CET | 49735 | 80 | 192.168.2.6 | 95.86.30.3 |
Mar 28, 2024 20:08:12.633929968 CET | 80 | 49735 | 95.86.30.3 | 192.168.2.6 |
Mar 28, 2024 20:08:12.634057999 CET | 49735 | 80 | 192.168.2.6 | 95.86.30.3 |
Mar 28, 2024 20:08:12.634222031 CET | 49735 | 80 | 192.168.2.6 | 95.86.30.3 |
Mar 28, 2024 20:08:12.634239912 CET | 49735 | 80 | 192.168.2.6 | 95.86.30.3 |
Mar 28, 2024 20:08:12.849396944 CET | 80 | 49735 | 95.86.30.3 | 192.168.2.6 |
Mar 28, 2024 20:08:12.966084957 CET | 80 | 49735 | 95.86.30.3 | 192.168.2.6 |
Mar 28, 2024 20:08:12.966125965 CET | 80 | 49735 | 95.86.30.3 | 192.168.2.6 |
Mar 28, 2024 20:08:12.966187000 CET | 49735 | 80 | 192.168.2.6 | 95.86.30.3 |
Mar 28, 2024 20:08:12.966263056 CET | 49735 | 80 | 192.168.2.6 | 95.86.30.3 |
Mar 28, 2024 20:08:13.180676937 CET | 80 | 49735 | 95.86.30.3 | 192.168.2.6 |
Mar 28, 2024 20:08:17.452508926 CET | 49736 | 80 | 192.168.2.6 | 95.86.30.3 |
Mar 28, 2024 20:08:17.678384066 CET | 80 | 49736 | 95.86.30.3 | 192.168.2.6 |
Mar 28, 2024 20:08:17.678523064 CET | 49736 | 80 | 192.168.2.6 | 95.86.30.3 |
Mar 28, 2024 20:08:17.678735971 CET | 49736 | 80 | 192.168.2.6 | 95.86.30.3 |
Mar 28, 2024 20:08:17.678767920 CET | 49736 | 80 | 192.168.2.6 | 95.86.30.3 |
Mar 28, 2024 20:08:17.894627094 CET | 80 | 49736 | 95.86.30.3 | 192.168.2.6 |
Mar 28, 2024 20:08:18.030242920 CET | 80 | 49736 | 95.86.30.3 | 192.168.2.6 |
Mar 28, 2024 20:08:18.030268908 CET | 80 | 49736 | 95.86.30.3 | 192.168.2.6 |
Mar 28, 2024 20:08:18.030374050 CET | 49736 | 80 | 192.168.2.6 | 95.86.30.3 |
Mar 28, 2024 20:08:18.030430079 CET | 49736 | 80 | 192.168.2.6 | 95.86.30.3 |
Mar 28, 2024 20:08:18.245754004 CET | 80 | 49736 | 95.86.30.3 | 192.168.2.6 |
Mar 28, 2024 20:08:22.518608093 CET | 49737 | 80 | 192.168.2.6 | 95.86.30.3 |
Mar 28, 2024 20:08:22.738017082 CET | 80 | 49737 | 95.86.30.3 | 192.168.2.6 |
Mar 28, 2024 20:08:22.738174915 CET | 49737 | 80 | 192.168.2.6 | 95.86.30.3 |
Mar 28, 2024 20:08:22.738399029 CET | 49737 | 80 | 192.168.2.6 | 95.86.30.3 |
Mar 28, 2024 20:08:22.738429070 CET | 49737 | 80 | 192.168.2.6 | 95.86.30.3 |
Mar 28, 2024 20:08:22.953753948 CET | 80 | 49737 | 95.86.30.3 | 192.168.2.6 |
Mar 28, 2024 20:08:23.109051943 CET | 80 | 49737 | 95.86.30.3 | 192.168.2.6 |
Mar 28, 2024 20:08:23.109091043 CET | 80 | 49737 | 95.86.30.3 | 192.168.2.6 |
Mar 28, 2024 20:08:23.109164953 CET | 49737 | 80 | 192.168.2.6 | 95.86.30.3 |
Mar 28, 2024 20:08:23.109240055 CET | 49737 | 80 | 192.168.2.6 | 95.86.30.3 |
Mar 28, 2024 20:08:23.325242043 CET | 80 | 49737 | 95.86.30.3 | 192.168.2.6 |
Mar 28, 2024 20:08:30.520829916 CET | 49738 | 80 | 192.168.2.6 | 95.86.30.3 |
Mar 28, 2024 20:08:30.735121012 CET | 80 | 49738 | 95.86.30.3 | 192.168.2.6 |
Mar 28, 2024 20:08:30.735291958 CET | 49738 | 80 | 192.168.2.6 | 95.86.30.3 |
Mar 28, 2024 20:08:30.735486984 CET | 49738 | 80 | 192.168.2.6 | 95.86.30.3 |
Mar 28, 2024 20:08:30.735522985 CET | 49738 | 80 | 192.168.2.6 | 95.86.30.3 |
Mar 28, 2024 20:08:30.951278925 CET | 80 | 49738 | 95.86.30.3 | 192.168.2.6 |
Mar 28, 2024 20:08:31.065613985 CET | 80 | 49738 | 95.86.30.3 | 192.168.2.6 |
Mar 28, 2024 20:08:31.065819979 CET | 49738 | 80 | 192.168.2.6 | 95.86.30.3 |
Mar 28, 2024 20:08:31.066132069 CET | 80 | 49738 | 95.86.30.3 | 192.168.2.6 |
Mar 28, 2024 20:08:31.066179991 CET | 49738 | 80 | 192.168.2.6 | 95.86.30.3 |
Mar 28, 2024 20:08:31.702191114 CET | 49738 | 80 | 192.168.2.6 | 95.86.30.3 |
Mar 28, 2024 20:08:31.916678905 CET | 80 | 49738 | 95.86.30.3 | 192.168.2.6 |
Mar 28, 2024 20:08:36.151242971 CET | 49739 | 80 | 192.168.2.6 | 95.86.30.3 |
Mar 28, 2024 20:08:36.368510962 CET | 80 | 49739 | 95.86.30.3 | 192.168.2.6 |
Mar 28, 2024 20:08:36.368652105 CET | 49739 | 80 | 192.168.2.6 | 95.86.30.3 |
Mar 28, 2024 20:08:36.369056940 CET | 49739 | 80 | 192.168.2.6 | 95.86.30.3 |
Mar 28, 2024 20:08:36.369056940 CET | 49739 | 80 | 192.168.2.6 | 95.86.30.3 |
Mar 28, 2024 20:08:36.587774992 CET | 80 | 49739 | 95.86.30.3 | 192.168.2.6 |
Mar 28, 2024 20:08:36.694880009 CET | 80 | 49739 | 95.86.30.3 | 192.168.2.6 |
Mar 28, 2024 20:08:36.695033073 CET | 49739 | 80 | 192.168.2.6 | 95.86.30.3 |
Mar 28, 2024 20:08:36.695415974 CET | 80 | 49739 | 95.86.30.3 | 192.168.2.6 |
Mar 28, 2024 20:08:36.695475101 CET | 49739 | 80 | 192.168.2.6 | 95.86.30.3 |
Mar 28, 2024 20:08:36.911051035 CET | 80 | 49739 | 95.86.30.3 | 192.168.2.6 |
Mar 28, 2024 20:08:43.661479950 CET | 49740 | 80 | 192.168.2.6 | 95.86.30.3 |
Mar 28, 2024 20:08:43.877219915 CET | 80 | 49740 | 95.86.30.3 | 192.168.2.6 |
Mar 28, 2024 20:08:43.877454042 CET | 49740 | 80 | 192.168.2.6 | 95.86.30.3 |
Mar 28, 2024 20:08:43.877516031 CET | 49740 | 80 | 192.168.2.6 | 95.86.30.3 |
Mar 28, 2024 20:08:43.877546072 CET | 49740 | 80 | 192.168.2.6 | 95.86.30.3 |
Mar 28, 2024 20:08:44.094844103 CET | 80 | 49740 | 95.86.30.3 | 192.168.2.6 |
Mar 28, 2024 20:08:44.202326059 CET | 80 | 49740 | 95.86.30.3 | 192.168.2.6 |
Mar 28, 2024 20:08:44.202460051 CET | 49740 | 80 | 192.168.2.6 | 95.86.30.3 |
Mar 28, 2024 20:08:44.202670097 CET | 80 | 49740 | 95.86.30.3 | 192.168.2.6 |
Mar 28, 2024 20:08:44.202723980 CET | 49740 | 80 | 192.168.2.6 | 95.86.30.3 |
Mar 28, 2024 20:08:44.418562889 CET | 80 | 49740 | 95.86.30.3 | 192.168.2.6 |
Mar 28, 2024 20:08:48.972300053 CET | 49741 | 80 | 192.168.2.6 | 95.86.30.3 |
Mar 28, 2024 20:08:49.187374115 CET | 80 | 49741 | 95.86.30.3 | 192.168.2.6 |
Mar 28, 2024 20:08:49.187493086 CET | 49741 | 80 | 192.168.2.6 | 95.86.30.3 |
Mar 28, 2024 20:08:49.187772036 CET | 49741 | 80 | 192.168.2.6 | 95.86.30.3 |
Mar 28, 2024 20:08:49.187772036 CET | 49741 | 80 | 192.168.2.6 | 95.86.30.3 |
Mar 28, 2024 20:08:49.403547049 CET | 80 | 49741 | 95.86.30.3 | 192.168.2.6 |
Mar 28, 2024 20:08:49.519620895 CET | 80 | 49741 | 95.86.30.3 | 192.168.2.6 |
Mar 28, 2024 20:08:49.519645929 CET | 80 | 49741 | 95.86.30.3 | 192.168.2.6 |
Mar 28, 2024 20:08:49.519721985 CET | 49741 | 80 | 192.168.2.6 | 95.86.30.3 |
Mar 28, 2024 20:08:49.519798994 CET | 49741 | 80 | 192.168.2.6 | 95.86.30.3 |
Mar 28, 2024 20:08:49.735030890 CET | 80 | 49741 | 95.86.30.3 | 192.168.2.6 |
Mar 28, 2024 20:08:53.702159882 CET | 49742 | 80 | 192.168.2.6 | 95.86.30.3 |
Mar 28, 2024 20:08:53.925533056 CET | 80 | 49742 | 95.86.30.3 | 192.168.2.6 |
Mar 28, 2024 20:08:53.925664902 CET | 49742 | 80 | 192.168.2.6 | 95.86.30.3 |
Mar 28, 2024 20:08:53.925838947 CET | 49742 | 80 | 192.168.2.6 | 95.86.30.3 |
Mar 28, 2024 20:08:53.925859928 CET | 49742 | 80 | 192.168.2.6 | 95.86.30.3 |
Mar 28, 2024 20:08:54.260361910 CET | 80 | 49742 | 95.86.30.3 | 192.168.2.6 |
Mar 28, 2024 20:08:54.260412931 CET | 80 | 49742 | 95.86.30.3 | 192.168.2.6 |
Mar 28, 2024 20:08:54.260633945 CET | 49742 | 80 | 192.168.2.6 | 95.86.30.3 |
Mar 28, 2024 20:08:54.260633945 CET | 49742 | 80 | 192.168.2.6 | 95.86.30.3 |
Mar 28, 2024 20:08:54.481822968 CET | 80 | 49742 | 95.86.30.3 | 192.168.2.6 |
Mar 28, 2024 20:08:58.915852070 CET | 49743 | 80 | 192.168.2.6 | 95.86.30.3 |
Mar 28, 2024 20:08:59.129611969 CET | 80 | 49743 | 95.86.30.3 | 192.168.2.6 |
Mar 28, 2024 20:08:59.129738092 CET | 49743 | 80 | 192.168.2.6 | 95.86.30.3 |
Mar 28, 2024 20:08:59.285701990 CET | 49743 | 80 | 192.168.2.6 | 95.86.30.3 |
Mar 28, 2024 20:08:59.285739899 CET | 49743 | 80 | 192.168.2.6 | 95.86.30.3 |
Mar 28, 2024 20:08:59.618097067 CET | 80 | 49743 | 95.86.30.3 | 192.168.2.6 |
Mar 28, 2024 20:08:59.618963957 CET | 80 | 49743 | 95.86.30.3 | 192.168.2.6 |
Mar 28, 2024 20:08:59.619028091 CET | 49743 | 80 | 192.168.2.6 | 95.86.30.3 |
Mar 28, 2024 20:08:59.658341885 CET | 49743 | 80 | 192.168.2.6 | 95.86.30.3 |
Mar 28, 2024 20:08:59.875823975 CET | 80 | 49743 | 95.86.30.3 | 192.168.2.6 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 28, 2024 20:05:20.895078897 CET | 55104 | 53 | 192.168.2.6 | 1.1.1.1 |
Mar 28, 2024 20:05:21.905587912 CET | 55104 | 53 | 192.168.2.6 | 1.1.1.1 |
Mar 28, 2024 20:05:22.921291113 CET | 55104 | 53 | 192.168.2.6 | 1.1.1.1 |
Mar 28, 2024 20:05:24.936903954 CET | 55104 | 53 | 192.168.2.6 | 1.1.1.1 |
Mar 28, 2024 20:05:25.398166895 CET | 53 | 55104 | 1.1.1.1 | 192.168.2.6 |
Mar 28, 2024 20:05:25.398237944 CET | 53 | 55104 | 1.1.1.1 | 192.168.2.6 |
Mar 28, 2024 20:05:25.398266077 CET | 53 | 55104 | 1.1.1.1 | 192.168.2.6 |
Mar 28, 2024 20:05:25.398407936 CET | 53 | 55104 | 1.1.1.1 | 192.168.2.6 |
Mar 28, 2024 20:07:55.550226927 CET | 61959 | 53 | 192.168.2.6 | 1.1.1.1 |
Mar 28, 2024 20:07:56.561606884 CET | 61959 | 53 | 192.168.2.6 | 1.1.1.1 |
Mar 28, 2024 20:07:57.561609983 CET | 61959 | 53 | 192.168.2.6 | 1.1.1.1 |
Mar 28, 2024 20:07:59.577229977 CET | 61959 | 53 | 192.168.2.6 | 1.1.1.1 |
Mar 28, 2024 20:08:00.216614008 CET | 53 | 61959 | 1.1.1.1 | 192.168.2.6 |
Mar 28, 2024 20:08:00.216876030 CET | 53 | 61959 | 1.1.1.1 | 192.168.2.6 |
Mar 28, 2024 20:08:00.217020035 CET | 53 | 61959 | 1.1.1.1 | 192.168.2.6 |
Mar 28, 2024 20:08:00.217055082 CET | 53 | 61959 | 1.1.1.1 | 192.168.2.6 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Mar 28, 2024 20:05:20.895078897 CET | 192.168.2.6 | 1.1.1.1 | 0x7f06 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 28, 2024 20:05:21.905587912 CET | 192.168.2.6 | 1.1.1.1 | 0x7f06 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 28, 2024 20:05:22.921291113 CET | 192.168.2.6 | 1.1.1.1 | 0x7f06 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 28, 2024 20:05:24.936903954 CET | 192.168.2.6 | 1.1.1.1 | 0x7f06 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 28, 2024 20:07:55.550226927 CET | 192.168.2.6 | 1.1.1.1 | 0x19d4 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 28, 2024 20:07:56.561606884 CET | 192.168.2.6 | 1.1.1.1 | 0x19d4 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 28, 2024 20:07:57.561609983 CET | 192.168.2.6 | 1.1.1.1 | 0x19d4 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 28, 2024 20:07:59.577229977 CET | 192.168.2.6 | 1.1.1.1 | 0x19d4 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Mar 28, 2024 20:05:25.398166895 CET | 1.1.1.1 | 192.168.2.6 | 0x7f06 | No error (0) | 175.119.10.231 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:05:25.398166895 CET | 1.1.1.1 | 192.168.2.6 | 0x7f06 | No error (0) | 2.180.10.7 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:05:25.398166895 CET | 1.1.1.1 | 192.168.2.6 | 0x7f06 | No error (0) | 186.147.159.149 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:05:25.398166895 CET | 1.1.1.1 | 192.168.2.6 | 0x7f06 | No error (0) | 181.55.190.201 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:05:25.398166895 CET | 1.1.1.1 | 192.168.2.6 | 0x7f06 | No error (0) | 46.100.50.5 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:05:25.398166895 CET | 1.1.1.1 | 192.168.2.6 | 0x7f06 | No error (0) | 220.82.134.210 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:05:25.398166895 CET | 1.1.1.1 | 192.168.2.6 | 0x7f06 | No error (0) | 186.182.55.44 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:05:25.398166895 CET | 1.1.1.1 | 192.168.2.6 | 0x7f06 | No error (0) | 211.202.224.10 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:05:25.398166895 CET | 1.1.1.1 | 192.168.2.6 | 0x7f06 | No error (0) | 187.211.22.82 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:05:25.398166895 CET | 1.1.1.1 | 192.168.2.6 | 0x7f06 | No error (0) | 201.119.105.157 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:05:25.398237944 CET | 1.1.1.1 | 192.168.2.6 | 0x7f06 | No error (0) | 175.119.10.231 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:05:25.398237944 CET | 1.1.1.1 | 192.168.2.6 | 0x7f06 | No error (0) | 2.180.10.7 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:05:25.398237944 CET | 1.1.1.1 | 192.168.2.6 | 0x7f06 | No error (0) | 186.147.159.149 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:05:25.398237944 CET | 1.1.1.1 | 192.168.2.6 | 0x7f06 | No error (0) | 181.55.190.201 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:05:25.398237944 CET | 1.1.1.1 | 192.168.2.6 | 0x7f06 | No error (0) | 46.100.50.5 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:05:25.398237944 CET | 1.1.1.1 | 192.168.2.6 | 0x7f06 | No error (0) | 220.82.134.210 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:05:25.398237944 CET | 1.1.1.1 | 192.168.2.6 | 0x7f06 | No error (0) | 186.182.55.44 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:05:25.398237944 CET | 1.1.1.1 | 192.168.2.6 | 0x7f06 | No error (0) | 211.202.224.10 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:05:25.398237944 CET | 1.1.1.1 | 192.168.2.6 | 0x7f06 | No error (0) | 187.211.22.82 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:05:25.398237944 CET | 1.1.1.1 | 192.168.2.6 | 0x7f06 | No error (0) | 201.119.105.157 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:05:25.398266077 CET | 1.1.1.1 | 192.168.2.6 | 0x7f06 | No error (0) | 175.119.10.231 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:05:25.398266077 CET | 1.1.1.1 | 192.168.2.6 | 0x7f06 | No error (0) | 2.180.10.7 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:05:25.398266077 CET | 1.1.1.1 | 192.168.2.6 | 0x7f06 | No error (0) | 186.147.159.149 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:05:25.398266077 CET | 1.1.1.1 | 192.168.2.6 | 0x7f06 | No error (0) | 181.55.190.201 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:05:25.398266077 CET | 1.1.1.1 | 192.168.2.6 | 0x7f06 | No error (0) | 46.100.50.5 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:05:25.398266077 CET | 1.1.1.1 | 192.168.2.6 | 0x7f06 | No error (0) | 220.82.134.210 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:05:25.398266077 CET | 1.1.1.1 | 192.168.2.6 | 0x7f06 | No error (0) | 186.182.55.44 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:05:25.398266077 CET | 1.1.1.1 | 192.168.2.6 | 0x7f06 | No error (0) | 211.202.224.10 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:05:25.398266077 CET | 1.1.1.1 | 192.168.2.6 | 0x7f06 | No error (0) | 187.211.22.82 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:05:25.398266077 CET | 1.1.1.1 | 192.168.2.6 | 0x7f06 | No error (0) | 201.119.105.157 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:05:25.398407936 CET | 1.1.1.1 | 192.168.2.6 | 0x7f06 | No error (0) | 175.119.10.231 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:05:25.398407936 CET | 1.1.1.1 | 192.168.2.6 | 0x7f06 | No error (0) | 2.180.10.7 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:05:25.398407936 CET | 1.1.1.1 | 192.168.2.6 | 0x7f06 | No error (0) | 186.147.159.149 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:05:25.398407936 CET | 1.1.1.1 | 192.168.2.6 | 0x7f06 | No error (0) | 181.55.190.201 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:05:25.398407936 CET | 1.1.1.1 | 192.168.2.6 | 0x7f06 | No error (0) | 46.100.50.5 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:05:25.398407936 CET | 1.1.1.1 | 192.168.2.6 | 0x7f06 | No error (0) | 220.82.134.210 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:05:25.398407936 CET | 1.1.1.1 | 192.168.2.6 | 0x7f06 | No error (0) | 186.182.55.44 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:05:25.398407936 CET | 1.1.1.1 | 192.168.2.6 | 0x7f06 | No error (0) | 211.202.224.10 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:05:25.398407936 CET | 1.1.1.1 | 192.168.2.6 | 0x7f06 | No error (0) | 187.211.22.82 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:05:25.398407936 CET | 1.1.1.1 | 192.168.2.6 | 0x7f06 | No error (0) | 201.119.105.157 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:08:00.216614008 CET | 1.1.1.1 | 192.168.2.6 | 0x19d4 | No error (0) | 95.86.30.3 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:08:00.216614008 CET | 1.1.1.1 | 192.168.2.6 | 0x19d4 | No error (0) | 84.2.251.47 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:08:00.216614008 CET | 1.1.1.1 | 192.168.2.6 | 0x19d4 | No error (0) | 148.230.249.9 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:08:00.216614008 CET | 1.1.1.1 | 192.168.2.6 | 0x19d4 | No error (0) | 122.100.154.145 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:08:00.216614008 CET | 1.1.1.1 | 192.168.2.6 | 0x19d4 | No error (0) | 189.232.22.59 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:08:00.216614008 CET | 1.1.1.1 | 192.168.2.6 | 0x19d4 | No error (0) | 192.143.159.3 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:08:00.216614008 CET | 1.1.1.1 | 192.168.2.6 | 0x19d4 | No error (0) | 190.224.203.37 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:08:00.216614008 CET | 1.1.1.1 | 192.168.2.6 | 0x19d4 | No error (0) | 211.171.233.126 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:08:00.216614008 CET | 1.1.1.1 | 192.168.2.6 | 0x19d4 | No error (0) | 189.181.34.192 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:08:00.216614008 CET | 1.1.1.1 | 192.168.2.6 | 0x19d4 | No error (0) | 187.211.22.82 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:08:00.216876030 CET | 1.1.1.1 | 192.168.2.6 | 0x19d4 | No error (0) | 95.86.30.3 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:08:00.216876030 CET | 1.1.1.1 | 192.168.2.6 | 0x19d4 | No error (0) | 84.2.251.47 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:08:00.216876030 CET | 1.1.1.1 | 192.168.2.6 | 0x19d4 | No error (0) | 148.230.249.9 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:08:00.216876030 CET | 1.1.1.1 | 192.168.2.6 | 0x19d4 | No error (0) | 122.100.154.145 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:08:00.216876030 CET | 1.1.1.1 | 192.168.2.6 | 0x19d4 | No error (0) | 189.232.22.59 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:08:00.216876030 CET | 1.1.1.1 | 192.168.2.6 | 0x19d4 | No error (0) | 192.143.159.3 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:08:00.216876030 CET | 1.1.1.1 | 192.168.2.6 | 0x19d4 | No error (0) | 190.224.203.37 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:08:00.216876030 CET | 1.1.1.1 | 192.168.2.6 | 0x19d4 | No error (0) | 211.171.233.126 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:08:00.216876030 CET | 1.1.1.1 | 192.168.2.6 | 0x19d4 | No error (0) | 189.181.34.192 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:08:00.216876030 CET | 1.1.1.1 | 192.168.2.6 | 0x19d4 | No error (0) | 187.211.22.82 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:08:00.217020035 CET | 1.1.1.1 | 192.168.2.6 | 0x19d4 | No error (0) | 95.86.30.3 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:08:00.217020035 CET | 1.1.1.1 | 192.168.2.6 | 0x19d4 | No error (0) | 84.2.251.47 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:08:00.217020035 CET | 1.1.1.1 | 192.168.2.6 | 0x19d4 | No error (0) | 148.230.249.9 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:08:00.217020035 CET | 1.1.1.1 | 192.168.2.6 | 0x19d4 | No error (0) | 122.100.154.145 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:08:00.217020035 CET | 1.1.1.1 | 192.168.2.6 | 0x19d4 | No error (0) | 189.232.22.59 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:08:00.217020035 CET | 1.1.1.1 | 192.168.2.6 | 0x19d4 | No error (0) | 192.143.159.3 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:08:00.217020035 CET | 1.1.1.1 | 192.168.2.6 | 0x19d4 | No error (0) | 190.224.203.37 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:08:00.217020035 CET | 1.1.1.1 | 192.168.2.6 | 0x19d4 | No error (0) | 211.171.233.126 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:08:00.217020035 CET | 1.1.1.1 | 192.168.2.6 | 0x19d4 | No error (0) | 189.181.34.192 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:08:00.217020035 CET | 1.1.1.1 | 192.168.2.6 | 0x19d4 | No error (0) | 187.211.22.82 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:08:00.217055082 CET | 1.1.1.1 | 192.168.2.6 | 0x19d4 | No error (0) | 95.86.30.3 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:08:00.217055082 CET | 1.1.1.1 | 192.168.2.6 | 0x19d4 | No error (0) | 84.2.251.47 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:08:00.217055082 CET | 1.1.1.1 | 192.168.2.6 | 0x19d4 | No error (0) | 148.230.249.9 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:08:00.217055082 CET | 1.1.1.1 | 192.168.2.6 | 0x19d4 | No error (0) | 122.100.154.145 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:08:00.217055082 CET | 1.1.1.1 | 192.168.2.6 | 0x19d4 | No error (0) | 189.232.22.59 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:08:00.217055082 CET | 1.1.1.1 | 192.168.2.6 | 0x19d4 | No error (0) | 192.143.159.3 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:08:00.217055082 CET | 1.1.1.1 | 192.168.2.6 | 0x19d4 | No error (0) | 190.224.203.37 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:08:00.217055082 CET | 1.1.1.1 | 192.168.2.6 | 0x19d4 | No error (0) | 211.171.233.126 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:08:00.217055082 CET | 1.1.1.1 | 192.168.2.6 | 0x19d4 | No error (0) | 189.181.34.192 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:08:00.217055082 CET | 1.1.1.1 | 192.168.2.6 | 0x19d4 | No error (0) | 187.211.22.82 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.6 | 49706 | 175.119.10.231 | 80 | 4004 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 28, 2024 20:05:25.685813904 CET | 282 | OUT | |
Mar 28, 2024 20:05:25.685846090 CET | 350 | OUT | |
Mar 28, 2024 20:05:26.877980947 CET | 252 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.6 | 49707 | 175.119.10.231 | 80 | 4004 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 28, 2024 20:05:27.170103073 CET | 283 | OUT | |
Mar 28, 2024 20:05:27.170135021 CET | 161 | OUT | |
Mar 28, 2024 20:05:28.372564077 CET | 587 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.6 | 49708 | 175.119.10.231 | 80 | 4004 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 28, 2024 20:05:28.660406113 CET | 281 | OUT | |
Mar 28, 2024 20:05:28.660439014 CET | 334 | OUT | |
Mar 28, 2024 20:05:29.845619917 CET | 587 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.6 | 49709 | 175.119.10.231 | 80 | 4004 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 28, 2024 20:05:31.123675108 CET | 281 | OUT | |
Mar 28, 2024 20:05:31.123703957 CET | 257 | OUT | |
Mar 28, 2024 20:05:32.023825884 CET | 587 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.6 | 49710 | 175.119.10.231 | 80 | 4004 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 28, 2024 20:05:32.309557915 CET | 279 | OUT | |
Mar 28, 2024 20:05:32.309571981 CET | 132 | OUT | |
Mar 28, 2024 20:05:33.197962046 CET | 587 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.6 | 49711 | 175.119.10.231 | 80 | 4004 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 28, 2024 20:05:33.482096910 CET | 279 | OUT | |
Mar 28, 2024 20:05:33.482144117 CET | 241 | OUT | |
Mar 28, 2024 20:05:34.657016993 CET | 238 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.6 | 49712 | 175.119.10.231 | 80 | 4004 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 28, 2024 20:05:34.949816942 CET | 281 | OUT | |
Mar 28, 2024 20:05:34.949816942 CET | 274 | OUT | |
Mar 28, 2024 20:05:36.146157026 CET | 587 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
7 | 192.168.2.6 | 49713 | 175.119.10.231 | 80 | 4004 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 28, 2024 20:05:36.432663918 CET | 281 | OUT | |
Mar 28, 2024 20:05:36.432687044 CET | 184 | OUT | |
Mar 28, 2024 20:05:37.325489044 CET | 587 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
8 | 192.168.2.6 | 49716 | 175.119.10.231 | 80 | 4004 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 28, 2024 20:06:46.269047022 CET | 279 | OUT | |
Mar 28, 2024 20:06:46.269078970 CET | 352 | OUT | |
Mar 28, 2024 20:06:47.464737892 CET | 252 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
9 | 192.168.2.6 | 49717 | 175.119.10.231 | 80 | 4004 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 28, 2024 20:06:47.956371069 CET | 280 | OUT | |
Mar 28, 2024 20:06:47.956423044 CET | 318 | OUT | |
Mar 28, 2024 20:06:49.132880926 CET | 252 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
10 | 192.168.2.6 | 49718 | 175.119.10.231 | 80 | 4004 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 28, 2024 20:06:49.497916937 CET | 282 | OUT | |
Mar 28, 2024 20:06:49.497934103 CET | 255 | OUT | |
Mar 28, 2024 20:06:50.681258917 CET | 252 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
11 | 192.168.2.6 | 49719 | 175.119.10.231 | 80 | 4004 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 28, 2024 20:06:51.200234890 CET | 278 | OUT | |
Mar 28, 2024 20:06:51.200265884 CET | 225 | OUT | |
Mar 28, 2024 20:06:52.379262924 CET | 252 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
12 | 192.168.2.6 | 49720 | 175.119.10.231 | 80 | 4004 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 28, 2024 20:06:52.774019957 CET | 281 | OUT | |
Mar 28, 2024 20:06:52.774043083 CET | 354 | OUT | |
Mar 28, 2024 20:06:53.968071938 CET | 252 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
13 | 192.168.2.6 | 49721 | 175.119.10.231 | 80 | 4004 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 28, 2024 20:06:54.657172918 CET | 282 | OUT | |
Mar 28, 2024 20:06:54.657195091 CET | 266 | OUT | |
Mar 28, 2024 20:06:55.848993063 CET | 252 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
14 | 192.168.2.6 | 49722 | 175.119.10.231 | 80 | 4004 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 28, 2024 20:06:57.855819941 CET | 279 | OUT | |
Mar 28, 2024 20:06:57.855854988 CET | 200 | OUT | |
Mar 28, 2024 20:06:59.051762104 CET | 252 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
15 | 192.168.2.6 | 49723 | 175.119.10.231 | 80 | 4004 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 28, 2024 20:07:00.515897989 CET | 278 | OUT | |
Mar 28, 2024 20:07:00.515933990 CET | 132 | OUT | |
Mar 28, 2024 20:07:01.688498020 CET | 252 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
16 | 192.168.2.6 | 49724 | 175.119.10.231 | 80 | 4004 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 28, 2024 20:07:02.346242905 CET | 280 | OUT | |
Mar 28, 2024 20:07:02.346854925 CET | 110 | OUT | |
Mar 28, 2024 20:07:03.550400972 CET | 252 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
17 | 192.168.2.6 | 49725 | 175.119.10.231 | 80 | 4004 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 28, 2024 20:07:04.294789076 CET | 280 | OUT | |
Mar 28, 2024 20:07:04.294841051 CET | 305 | OUT | |
Mar 28, 2024 20:07:05.191139936 CET | 252 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
18 | 192.168.2.6 | 49726 | 175.119.10.231 | 80 | 4004 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 28, 2024 20:07:06.725071907 CET | 278 | OUT | |
Mar 28, 2024 20:07:06.725085974 CET | 274 | OUT | |
Mar 28, 2024 20:07:07.930389881 CET | 252 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
19 | 192.168.2.6 | 49727 | 175.119.10.231 | 80 | 4004 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 28, 2024 20:07:15.225303888 CET | 282 | OUT | |
Mar 28, 2024 20:07:15.225347042 CET | 173 | OUT | |
Mar 28, 2024 20:07:16.112449884 CET | 252 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
20 | 192.168.2.6 | 49728 | 175.119.10.231 | 80 | 4004 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 28, 2024 20:07:20.880532026 CET | 282 | OUT | |
Mar 28, 2024 20:07:20.880568027 CET | 300 | OUT | |
Mar 28, 2024 20:07:22.065589905 CET | 252 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
21 | 192.168.2.6 | 49729 | 175.119.10.231 | 80 | 4004 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 28, 2024 20:07:26.832952023 CET | 281 | OUT | |
Mar 28, 2024 20:07:26.832978964 CET | 124 | OUT | |
Mar 28, 2024 20:07:28.020623922 CET | 252 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
22 | 192.168.2.6 | 49730 | 175.119.10.231 | 80 | 4004 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 28, 2024 20:07:35.423337936 CET | 279 | OUT | |
Mar 28, 2024 20:07:35.423362970 CET | 263 | OUT | |
Mar 28, 2024 20:07:36.612860918 CET | 252 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
23 | 192.168.2.6 | 49731 | 175.119.10.231 | 80 | 4004 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 28, 2024 20:07:41.856599092 CET | 281 | OUT | |
Mar 28, 2024 20:07:41.856612921 CET | 150 | OUT | |
Mar 28, 2024 20:07:42.753878117 CET | 252 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
24 | 192.168.2.6 | 49732 | 175.119.10.231 | 80 | 4004 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 28, 2024 20:07:48.024169922 CET | 279 | OUT | |
Mar 28, 2024 20:07:48.024183035 CET | 204 | OUT | |
Mar 28, 2024 20:07:48.910877943 CET | 252 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
25 | 192.168.2.6 | 49733 | 95.86.30.3 | 80 | 4004 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 28, 2024 20:08:00.444144011 CET | 279 | OUT | |
Mar 28, 2024 20:08:00.444165945 CET | 232 | OUT | |
Mar 28, 2024 20:08:00.770781040 CET | 252 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
26 | 192.168.2.6 | 49734 | 95.86.30.3 | 80 | 4004 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 28, 2024 20:08:05.668088913 CET | 278 | OUT | |
Mar 28, 2024 20:08:05.668121099 CET | 304 | OUT | |
Mar 28, 2024 20:08:06.001401901 CET | 252 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
27 | 192.168.2.6 | 49735 | 95.86.30.3 | 80 | 4004 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 28, 2024 20:08:12.634222031 CET | 281 | OUT | |
Mar 28, 2024 20:08:12.634239912 CET | 170 | OUT | |
Mar 28, 2024 20:08:12.966084957 CET | 252 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
28 | 192.168.2.6 | 49736 | 95.86.30.3 | 80 | 4004 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 28, 2024 20:08:17.678735971 CET | 280 | OUT | |
Mar 28, 2024 20:08:17.678767920 CET | 209 | OUT | |
Mar 28, 2024 20:08:18.030242920 CET | 252 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
29 | 192.168.2.6 | 49737 | 95.86.30.3 | 80 | 4004 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 28, 2024 20:08:22.738399029 CET | 279 | OUT | |
Mar 28, 2024 20:08:22.738429070 CET | 292 | OUT | |
Mar 28, 2024 20:08:23.109051943 CET | 252 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
30 | 192.168.2.6 | 49738 | 95.86.30.3 | 80 | 4004 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 28, 2024 20:08:30.735486984 CET | 279 | OUT | |
Mar 28, 2024 20:08:30.735522985 CET | 293 | OUT | |
Mar 28, 2024 20:08:31.065613985 CET | 252 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
31 | 192.168.2.6 | 49739 | 95.86.30.3 | 80 | 4004 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 28, 2024 20:08:36.369056940 CET | 280 | OUT | |
Mar 28, 2024 20:08:36.369056940 CET | 350 | OUT | |
Mar 28, 2024 20:08:36.694880009 CET | 252 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
32 | 192.168.2.6 | 49740 | 95.86.30.3 | 80 | 4004 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 28, 2024 20:08:43.877516031 CET | 281 | OUT | |
Mar 28, 2024 20:08:43.877546072 CET | 358 | OUT | |
Mar 28, 2024 20:08:44.202326059 CET | 252 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
33 | 192.168.2.6 | 49741 | 95.86.30.3 | 80 | 4004 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 28, 2024 20:08:49.187772036 CET | 280 | OUT | |
Mar 28, 2024 20:08:49.187772036 CET | 205 | OUT | |
Mar 28, 2024 20:08:49.519620895 CET | 252 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
34 | 192.168.2.6 | 49742 | 95.86.30.3 | 80 | 4004 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 28, 2024 20:08:53.925838947 CET | 279 | OUT | |
Mar 28, 2024 20:08:53.925859928 CET | 186 | OUT | |
Mar 28, 2024 20:08:54.260361910 CET | 252 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
35 | 192.168.2.6 | 49743 | 95.86.30.3 | 80 | 4004 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 28, 2024 20:08:59.285701990 CET | 279 | OUT | |
Mar 28, 2024 20:08:59.285739899 CET | 158 | OUT | |
Mar 28, 2024 20:08:59.618097067 CET | 252 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 20:04:55 |
Start date: | 28/03/2024 |
Path: | C:\Users\user\Desktop\2LksWs2xq7.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 228'864 bytes |
MD5 hash: | 516547EC4CCA7F8038998B6F3C9D95B2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 2 |
Start time: | 20:05:01 |
Start date: | 28/03/2024 |
Path: | C:\Windows\explorer.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff609140000 |
File size: | 5'141'208 bytes |
MD5 hash: | 662F4F92FDE3557E86D110526BB578D5 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 6 |
Start time: | 20:05:20 |
Start date: | 28/03/2024 |
Path: | C:\Users\user\AppData\Roaming\thjwhdg |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 228'864 bytes |
MD5 hash: | 516547EC4CCA7F8038998B6F3C9D95B2 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Antivirus matches: |
|
Reputation: | low |
Has exited: | true |
Execution Graph
Execution Coverage: | 8.4% |
Dynamic/Decrypted Code Coverage: | 43.7% |
Signature Coverage: | 50.4% |
Total number of Nodes: | 119 |
Total number of Limit Nodes: | 4 |
Graph
Function 004013ED Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 310nativeCOMMON
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00804B1E Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006B003C Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 515memoryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006B0E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004018C3 Relevance: 1.3, APIs: 1, Instructions: 66sleepCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004018CE Relevance: 1.3, APIs: 1, Instructions: 60sleepCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004018ED Relevance: 1.3, APIs: 1, Instructions: 54sleepCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004018F4 Relevance: 1.3, APIs: 1, Instructions: 51sleepCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401907 Relevance: 1.3, APIs: 1, Instructions: 49sleepCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008047DD Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006B092B Relevance: 3.8, Strings: 3, Instructions: 90COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040142C Relevance: 1.3, Strings: 1, Instructions: 66COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008043FB Relevance: .1, Instructions: 61COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006B0D90 Relevance: .0, Instructions: 43COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402381 Relevance: .0, Instructions: 12COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
Execution Coverage: | 8.8% |
Dynamic/Decrypted Code Coverage: | 43.7% |
Signature Coverage: | 0% |
Total number of Nodes: | 119 |
Total number of Limit Nodes: | 4 |
Graph
Function 004013ED Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 310nativeCOMMON
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0216003C Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 515memoryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006D4546 Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02160E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004018C3 Relevance: 1.3, APIs: 1, Instructions: 66sleepCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004018CE Relevance: 1.3, APIs: 1, Instructions: 60sleepCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004018ED Relevance: 1.3, APIs: 1, Instructions: 54sleepCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004018F4 Relevance: 1.3, APIs: 1, Instructions: 51sleepCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401907 Relevance: 1.3, APIs: 1, Instructions: 49sleepCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006D4205 Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |