Windows
Analysis Report
rBwTlpgnjc.exe
Overview
General Information
Sample name: | rBwTlpgnjc.exerenamed because original name is a hash value |
Original sample name: | ee4e08febd22e594c7bcb70ea1b0252a.exe |
Analysis ID: | 1432077 |
MD5: | ee4e08febd22e594c7bcb70ea1b0252a |
SHA1: | b1594033fa6e0377ccaea80d1556459128c61a13 |
SHA256: | 3b6c00f64a1d047dfbed967d4fe8f320f4e4de9421a82d94dcb3eba07f23d939 |
Tags: | exeRedLineStealer |
Infos: | |
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- rBwTlpgnjc.exe (PID: 1268 cmdline:
"C:\Users\ user\Deskt op\rBwTlpg njc.exe" MD5: EE4E08FEBD22E594C7BCB70EA1B0252A) - explorer.exe (PID: 1028 cmdline:
C:\Windows \Explorer. EXE MD5: 662F4F92FDE3557E86D110526BB578D5)
- ivfjsrs (PID: 4428 cmdline:
C:\Users\u ser\AppDat a\Roaming\ ivfjsrs MD5: EE4E08FEBD22E594C7BCB70EA1B0252A)
- ivfjsrs (PID: 7092 cmdline:
C:\Users\u ser\AppDat a\Roaming\ ivfjsrs MD5: EE4E08FEBD22E594C7BCB70EA1B0252A)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
SmokeLoader | The SmokeLoader family is a generic backdoor with a range of capabilities which depend on the modules included in any given build of the malware. The malware is delivered in a variety of ways and is broadly associated with criminal activity. The malware frequently tries to hide its C2 activity by generating requests to legitimate sites such as microsoft.com, bing.com, adobe.com, and others. Typically the actual Download returns an HTTP 404 but still contains data in the Response Body. |
{"Version": 2022, "C2 list": ["http://nidoe.org/tmp/index.php", "http://sodez.ru/tmp/index.php", "http://uama.com.ua/tmp/index.php", "http://talesofpirates.net/tmp/index.php"]}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_SmokeLoader_2 | Yara detected SmokeLoader | Joe Security | ||
Windows_Trojan_Smokeloader_4e31426e | unknown | unknown |
| |
Windows_Trojan_Smokeloader_3687686f | unknown | unknown |
| |
Windows_Trojan_RedLineStealer_ed346e4c | unknown | unknown |
| |
Windows_Trojan_RedLineStealer_ed346e4c | unknown | unknown |
| |
Click to see the 9 entries |
System Summary |
---|
Source: | Author: Max Altgelt (Nextron Systems): |
Timestamp: | 04/26/24-11:50:57.657192 |
SID: | 2039103 |
Source Port: | 49750 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/26/24-11:48:53.977641 |
SID: | 2039103 |
Source Port: | 49727 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/26/24-11:49:35.592735 |
SID: | 2039103 |
Source Port: | 49736 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/26/24-11:49:00.896944 |
SID: | 2039103 |
Source Port: | 49730 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/26/24-11:50:23.070925 |
SID: | 2039103 |
Source Port: | 49744 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/26/24-11:47:23.987965 |
SID: | 2039103 |
Source Port: | 49713 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/26/24-11:47:22.464464 |
SID: | 2039103 |
Source Port: | 49712 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/26/24-11:47:29.304265 |
SID: | 2039103 |
Source Port: | 49716 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/26/24-11:50:39.540792 |
SID: | 2039103 |
Source Port: | 49747 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/26/24-11:48:43.367329 |
SID: | 2039103 |
Source Port: | 49722 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/26/24-11:49:47.864493 |
SID: | 2039103 |
Source Port: | 49738 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/26/24-11:50:11.655696 |
SID: | 2039103 |
Source Port: | 49742 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/26/24-11:47:27.784659 |
SID: | 2039103 |
Source Port: | 49715 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/26/24-11:50:44.236303 |
SID: | 2039103 |
Source Port: | 49748 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/26/24-11:49:56.135562 |
SID: | 2039103 |
Source Port: | 49739 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/26/24-11:48:46.715630 |
SID: | 2039103 |
Source Port: | 49724 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/26/24-11:47:32.343784 |
SID: | 2039103 |
Source Port: | 49718 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/26/24-11:50:28.180861 |
SID: | 2039103 |
Source Port: | 49745 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/26/24-11:49:18.365467 |
SID: | 2039103 |
Source Port: | 49733 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/26/24-11:47:25.556178 |
SID: | 2039103 |
Source Port: | 49714 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/26/24-11:47:30.826079 |
SID: | 2039103 |
Source Port: | 49717 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/26/24-11:47:20.949841 |
SID: | 2039103 |
Source Port: | 49711 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/26/24-11:50:02.490715 |
SID: | 2039103 |
Source Port: | 49740 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/26/24-11:50:32.759541 |
SID: | 2039103 |
Source Port: | 49746 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/26/24-11:49:23.641505 |
SID: | 2039103 |
Source Port: | 49734 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/26/24-11:48:57.550009 |
SID: | 2039103 |
Source Port: | 49729 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/26/24-11:49:05.885669 |
SID: | 2039103 |
Source Port: | 49731 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/26/24-11:48:50.067757 |
SID: | 2039103 |
Source Port: | 49726 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/26/24-11:50:16.085964 |
SID: | 2039103 |
Source Port: | 49743 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/26/24-11:49:30.712687 |
SID: | 2039103 |
Source Port: | 49735 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/26/24-11:48:48.305830 |
SID: | 2039103 |
Source Port: | 49725 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/26/24-11:48:55.896378 |
SID: | 2039103 |
Source Port: | 49728 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/26/24-11:47:33.917741 |
SID: | 2039103 |
Source Port: | 49719 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/26/24-11:49:12.723020 |
SID: | 2039103 |
Source Port: | 49732 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/26/24-11:50:07.106115 |
SID: | 2039103 |
Source Port: | 49741 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/26/24-11:48:44.986285 |
SID: | 2039103 |
Source Port: | 49723 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/26/24-11:49:40.768533 |
SID: | 2039103 |
Source Port: | 49737 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/26/24-11:47:35.150965 |
SID: | 2039103 |
Source Port: | 49720 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/26/24-11:50:49.712608 |
SID: | 2039103 |
Source Port: | 49749 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: |
Source: | Avira: |
Source: | Malware Configuration Extractor: |
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link |
Source: | Virustotal: | Perma Link |
Source: | Virustotal: | Perma Link |
Source: | Joe Sandbox ML: |
Source: | Joe Sandbox ML: |
Source: | Static PE information: |
Source: | File opened: | Jump to behavior |
Source: | Binary string: | ||
Source: | Binary string: |
Networking |
---|
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: |
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior |
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: |
Source: | IP Address: |
Source: | ASN Name: | ||
Source: | ASN Name: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Key, Mouse, Clipboard, Microphone and Screen Capturing |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Process Stats: |
Source: | Code function: | 0_2_004013ED | |
Source: | Code function: | 0_2_00401507 | |
Source: | Code function: | 0_2_00401518 | |
Source: | Code function: | 0_2_0040141C | |
Source: | Code function: | 0_2_0040151C | |
Source: | Code function: | 0_2_0040142C | |
Source: | Code function: | 0_2_004032D5 | |
Source: | Code function: | 0_2_004014E2 | |
Source: | Code function: | 0_2_004013EC | |
Source: | Code function: | 0_2_004014ED | |
Source: | Code function: | 0_2_004013F9 | |
Source: | Code function: | 0_2_00402381 | |
Source: | Code function: | 4_2_004013ED | |
Source: | Code function: | 4_2_00401507 | |
Source: | Code function: | 4_2_00401518 | |
Source: | Code function: | 4_2_0040141C | |
Source: | Code function: | 4_2_0040151C | |
Source: | Code function: | 4_2_0040142C | |
Source: | Code function: | 4_2_004032D5 | |
Source: | Code function: | 4_2_004014E2 | |
Source: | Code function: | 4_2_004013EC | |
Source: | Code function: | 4_2_004014ED | |
Source: | Code function: | 4_2_004013F9 | |
Source: | Code function: | 4_2_00402381 | |
Source: | Code function: | 6_2_00402381 |
Source: | Code function: | 0_2_0040F814 | |
Source: | Code function: | 0_2_00410DD2 | |
Source: | Code function: | 4_2_0040F814 | |
Source: | Code function: | 4_2_00410DD2 | |
Source: | Code function: | 6_2_0040F814 | |
Source: | Code function: | 6_2_00410DD2 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Classification label: |
Source: | Code function: | 0_2_0434B756 |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Virustotal: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Data Obfuscation |
---|
Source: | Unpacked PE file: | ||
Source: | Unpacked PE file: | ||
Source: | Unpacked PE file: |
Source: | Code function: | 0_2_00401211 | |
Source: | Code function: | 0_2_00401737 | |
Source: | Code function: | 0_2_004032BE | |
Source: | Code function: | 0_2_00410FDE | |
Source: | Code function: | 0_2_04131278 | |
Source: | Code function: | 0_2_0435963D | |
Source: | Code function: | 0_2_04352E01 | |
Source: | Code function: | 0_2_0435317A | |
Source: | Code function: | 0_2_04359CB5 | |
Source: | Code function: | 0_2_04351FBA | |
Source: | Code function: | 0_2_043446BD | |
Source: | Code function: | 0_2_0434FB97 | |
Source: | Code function: | 0_2_04359D85 | |
Source: | Code function: | 0_2_0434468D | |
Source: | Code function: | 0_2_0434C3FF | |
Source: | Code function: | 0_2_043594ED | |
Source: | Code function: | 0_2_043594DD | |
Source: | Code function: | 0_2_04359BCD | |
Source: | Code function: | 0_2_04359ACD | |
Source: | Code function: | 4_2_00401211 | |
Source: | Code function: | 4_2_00401737 | |
Source: | Code function: | 4_2_004032BE | |
Source: | Code function: | 4_2_00410FDE | |
Source: | Code function: | 4_2_0407324A | |
Source: | Code function: | 4_2_0406FC67 | |
Source: | Code function: | 4_2_0407208A | |
Source: | Code function: | 4_2_0406C4CF | |
Source: | Code function: | 4_2_04072ED1 | |
Source: | Code function: | 4_2_041A1278 | |
Source: | Code function: | 6_2_00401211 | |
Source: | Code function: | 6_2_004032BE |
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to dropped file |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | File deleted: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior |
Source: | Binary or memory string: |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Last function: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | System information queried: | Jump to behavior |
Source: | Process information queried: | Jump to behavior |
Anti Debugging |
---|
Source: | System information queried: | Jump to behavior | ||
Source: | System information queried: | Jump to behavior | ||
Source: | System information queried: | Jump to behavior |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Source: | Code function: | 0_2_0040D21D |
Source: | Code function: | 0_2_0040D21D |
Source: | Code function: | 0_2_0413092B | |
Source: | Code function: | 0_2_04130D90 | |
Source: | Code function: | 0_2_0434B033 | |
Source: | Code function: | 4_2_0406B103 | |
Source: | Code function: | 4_2_041A092B | |
Source: | Code function: | 4_2_041A0D90 | |
Source: | Code function: | 6_2_0413C59B | |
Source: | Code function: | 6_2_05C60D90 | |
Source: | Code function: | 6_2_05C6092B |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | File created: | Jump to dropped file |
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior |
Source: | Thread created: | Jump to behavior | ||
Source: | Thread created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Exploitation for Client Execution | 1 DLL Side-Loading | 32 Process Injection | 11 Masquerading | OS Credential Dumping | 431 Security Software Discovery | Remote Services | 1 Archive Collected Data | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 12 Virtualization/Sandbox Evasion | LSASS Memory | 12 Virtualization/Sandbox Evasion | Remote Desktop Protocol | Data from Removable Media | 2 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 32 Process Injection | Security Account Manager | 3 Process Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 3 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Hidden Files and Directories | NTDS | 1 Application Window Discovery | Distributed Component Object Model | Input Capture | 113 Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Obfuscated Files or Information | LSA Secrets | 1 File and Directory Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 Software Packing | Cached Domain Credentials | 2 System Information Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 1 DLL Side-Loading | DCSync | Remote System Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 1 File Deletion | Proc Filesystem | System Owner/User Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
44% | Virustotal | Browse | ||
100% | Avira | HEUR/AGEN.1361904 | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira | HEUR/AGEN.1361904 | ||
100% | Joe Sandbox ML | |||
44% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
20% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
17% | Virustotal | Browse | ||
21% | Virustotal | Browse | ||
22% | Virustotal | Browse | ||
18% | Virustotal | Browse |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
nidoe.org | 119.204.11.2 | true | true |
| unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
190.187.52.42 | unknown | Peru | 19180 | AMERICATELPERUSAPE | true | |
119.204.11.2 | nidoe.org | Korea Republic of | 4766 | KIXS-AS-KRKoreaTelecomKR | true |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1432077 |
Start date and time: | 2024-04-26 11:46:06 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 8m 39s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 6 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 1 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | rBwTlpgnjc.exerenamed because original name is a hash value |
Original Sample Name: | ee4e08febd22e594c7bcb70ea1b0252a.exe |
Detection: | MAL |
Classification: | mal100.troj.evad.winEXE@3/2@6/2 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Report size getting too big, too many NtEnumerateKey calls found.
- Report size getting too big, too many NtOpenKey calls found.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
Time | Type | Description |
---|---|---|
11:47:00 | API Interceptor | |
11:47:17 | Task Scheduler |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
190.187.52.42 | Get hash | malicious | Babuk, Djvu | Browse |
| |
Get hash | malicious | LummaC, Babuk, Clipboard Hijacker, Djvu, Glupteba, LummaC Stealer, SmokeLoader | Browse |
| ||
Get hash | malicious | LummaC, Glupteba, SmokeLoader, Socks5Systemz, Stealc, Xmrig | Browse |
| ||
Get hash | malicious | Amadey, PureLog Stealer, SmokeLoader | Browse |
| ||
Get hash | malicious | LummaC, Babuk, Djvu, PureLog Stealer, RedLine, SmokeLoader | Browse |
| ||
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | LummaC, Babuk, Djvu, LummaC Stealer, PureLog Stealer, RedLine, RisePro Stealer | Browse |
| ||
Get hash | malicious | LummaC, Babuk, Clipboard Hijacker, Djvu, PureLog Stealer, SmokeLoader, Vidar | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
nidoe.org | Get hash | malicious | Glupteba, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, RisePro Stealer, SmokeLoader | Browse |
| |
Get hash | malicious | PureLog Stealer, SmokeLoader | Browse |
| ||
Get hash | malicious | PureLog Stealer, SmokeLoader | Browse |
| ||
Get hash | malicious | PureLog Stealer, SmokeLoader | Browse |
| ||
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | Amadey, Glupteba, Mars Stealer, PureLog Stealer, RedLine, RisePro Stealer, SmokeLoader | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
KIXS-AS-KRKoreaTelecomKR | Get hash | malicious | FormBook, GuLoader | Browse |
| |
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
AMERICATELPERUSAPE | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Babuk, Djvu | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LummaC, Babuk, Clipboard Hijacker, Djvu, Glupteba, LummaC Stealer, SmokeLoader | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | LummaC, Glupteba, SmokeLoader, Socks5Systemz, Stealc, Xmrig | Browse |
| ||
Get hash | malicious | Amadey, PureLog Stealer, SmokeLoader | Browse |
| ||
Get hash | malicious | LummaC, Babuk, Djvu, PureLog Stealer, RedLine, SmokeLoader | Browse |
|
Process: | C:\Windows\explorer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 305152 |
Entropy (8bit): | 6.518070145151798 |
Encrypted: | false |
SSDEEP: | 3072:IHNWG9ZvpYjEk+P0VL9xFD3GeiRsBbaAcNrw5K86+i2XmSIN8niFWhr:vAqQkdxl3tilNF86Ph8nPr |
MD5: | EE4E08FEBD22E594C7BCB70EA1B0252A |
SHA1: | B1594033FA6E0377CCAEA80D1556459128C61A13 |
SHA-256: | 3B6C00F64A1D047DFBED967D4FE8F320F4E4DE9421A82D94DCB3EBA07F23D939 |
SHA-512: | 255190C874BF83BE9B4126FB7C3DBEE8EB4F4B6C5BC019EE5C586B984115B03759C3A511EFCB8C79797E7CC0141C75A8F715316B214D6683A8C25015D316DDD8 |
Malicious: | true |
Antivirus: |
|
Reputation: | low |
Preview: |
Process: | C:\Windows\explorer.exe |
File Type: | |
Category: | modified |
Size (bytes): | 26 |
Entropy (8bit): | 3.95006375643621 |
Encrypted: | false |
SSDEEP: | 3:ggPYV:rPYV |
MD5: | 187F488E27DB4AF347237FE461A079AD |
SHA1: | 6693BA299EC1881249D59262276A0D2CB21F8E64 |
SHA-256: | 255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309 |
SHA-512: | 89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E |
Malicious: | true |
Reputation: | high, very likely benign file |
Preview: |
File type: | |
Entropy (8bit): | 6.518070145151798 |
TrID: |
|
File name: | rBwTlpgnjc.exe |
File size: | 305'152 bytes |
MD5: | ee4e08febd22e594c7bcb70ea1b0252a |
SHA1: | b1594033fa6e0377ccaea80d1556459128c61a13 |
SHA256: | 3b6c00f64a1d047dfbed967d4fe8f320f4e4de9421a82d94dcb3eba07f23d939 |
SHA512: | 255190c874bf83be9b4126fb7c3dbee8eb4f4b6c5bc019ee5c586b984115b03759c3a511efcb8c79797e7cc0141c75a8f715316b214d6683a8c25015d316ddd8 |
SSDEEP: | 3072:IHNWG9ZvpYjEk+P0VL9xFD3GeiRsBbaAcNrw5K86+i2XmSIN8niFWhr:vAqQkdxl3tilNF86Ph8nPr |
TLSH: | E3544A0362E17CA0E62247728F2EBAEC3B2DFD654F556B2723585E0B18741F0D263B56 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........................q.......N.......O.......=.............X/K.......u.....X/p.....Rich............................PE..L......c... |
Icon Hash: | 4111414d4545610d |
Entrypoint: | 0x404457 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | NX_COMPAT, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x63D9BDDC [Wed Feb 1 01:18:20 2023 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 1 |
File Version Major: | 5 |
File Version Minor: | 1 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 1 |
Import Hash: | fee2e01e9ecb27c28da2b6fc37f265e9 |
Instruction |
---|
call 00007F0AD0BAE002h |
jmp 00007F0AD0BA8185h |
push 00000014h |
push 00417FD8h |
call 00007F0AD0BAB3F8h |
call 00007F0AD0BAE1D3h |
movzx esi, ax |
push 00000002h |
call 00007F0AD0BADF95h |
pop ecx |
mov eax, 00005A4Dh |
cmp word ptr [00400000h], ax |
je 00007F0AD0BA8186h |
xor ebx, ebx |
jmp 00007F0AD0BA81B5h |
mov eax, dword ptr [0040003Ch] |
cmp dword ptr [eax+00400000h], 00004550h |
jne 00007F0AD0BA816Dh |
mov ecx, 0000010Bh |
cmp word ptr [eax+00400018h], cx |
jne 00007F0AD0BA815Fh |
xor ebx, ebx |
cmp dword ptr [eax+00400074h], 0Eh |
jbe 00007F0AD0BA818Bh |
cmp dword ptr [eax+004000E8h], ebx |
setne bl |
mov dword ptr [ebp-1Ch], ebx |
call 00007F0AD0BAA5CFh |
test eax, eax |
jne 00007F0AD0BA818Ah |
push 0000001Ch |
call 00007F0AD0BA8261h |
pop ecx |
call 00007F0AD0BA9B82h |
test eax, eax |
jne 00007F0AD0BA818Ah |
push 00000010h |
call 00007F0AD0BA8250h |
pop ecx |
call 00007F0AD0BAE00Eh |
and dword ptr [ebp-04h], 00000000h |
call 00007F0AD0BAC3B1h |
test eax, eax |
jns 00007F0AD0BA818Ah |
push 0000001Bh |
call 00007F0AD0BA8236h |
pop ecx |
call dword ptr [004120B0h] |
mov dword ptr [040221E4h], eax |
call 00007F0AD0BAE029h |
mov dword ptr [0043474Ch], eax |
call 00007F0AD0BADBE6h |
test eax, eax |
jns 00007F0AD0BA818Ah |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x183e4 | 0x28 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x3c23000 | 0x167e0 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x3c3a000 | 0x1380 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x121f0 | 0x38 | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x178f8 | 0x40 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x12000 | 0x17c | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x10035 | 0x10200 | 4f9e4c23291af98ce906d4794e50b6e5 | False | 0.6008660368217055 | data | 6.697335444882217 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x12000 | 0x6c72 | 0x6e00 | e2d73d3b44c95c749ad396d574d1f352 | False | 0.38966619318181817 | data | 4.7269437397183935 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x19000 | 0x3c091e8 | 0x1b800 | 17ef8710008af065e3a1993cc59a78a3 | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0x3c23000 | 0x167e0 | 0x16800 | 6d5fccfdf3d87f80f094865b42c86796 | False | 0.4258572048611111 | data | 4.959479448152928 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x3c3a000 | 0x1380 | 0x1400 | 2f407534a4dc25a7b6ae3459d0b7246c | False | 0.747265625 | data | 6.463258994354438 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
AFX_DIALOG_LAYOUT | 0x3c39020 | 0xe | data | 1.5714285714285714 | ||
RT_ICON | 0x3c236e0 | 0x6c8 | Device independent bitmap graphic, 24 x 48 x 8, image size 0 | 0.41647465437788017 | ||
RT_ICON | 0x3c23da8 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | 0.16410788381742739 | ||
RT_ICON | 0x3c26350 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | 0.21365248226950354 | ||
RT_ICON | 0x3c267e8 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 0 | 0.3664712153518124 | ||
RT_ICON | 0x3c27690 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 0 | 0.45442238267148016 | ||
RT_ICON | 0x3c27f38 | 0x6c8 | Device independent bitmap graphic, 24 x 48 x 8, image size 0 | 0.45506912442396313 | ||
RT_ICON | 0x3c28600 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 0 | 0.4638728323699422 | ||
RT_ICON | 0x3c28b68 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | 0.2683609958506224 | ||
RT_ICON | 0x3c2b110 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 0 | 0.3072232645403377 | ||
RT_ICON | 0x3c2c1b8 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | 0.35106382978723405 | ||
RT_ICON | 0x3c2c688 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 0 | 0.5687633262260128 | ||
RT_ICON | 0x3c2d530 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 0 | 0.5496389891696751 | ||
RT_ICON | 0x3c2ddd8 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 0 | 0.619942196531792 | ||
RT_ICON | 0x3c2e340 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | 0.46141078838174276 | ||
RT_ICON | 0x3c308e8 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 0 | 0.48850844277673544 | ||
RT_ICON | 0x3c31990 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 0 | 0.49221311475409835 | ||
RT_ICON | 0x3c32318 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | 0.449468085106383 | ||
RT_ICON | 0x3c327e8 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 0 | 0.4240405117270789 | ||
RT_ICON | 0x3c33690 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 0 | 0.4833032490974729 | ||
RT_ICON | 0x3c33f38 | 0x6c8 | Device independent bitmap graphic, 24 x 48 x 8, image size 0 | 0.5835253456221198 | ||
RT_ICON | 0x3c34600 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 0 | 0.4913294797687861 | ||
RT_ICON | 0x3c34b68 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | 0.4701244813278008 | ||
RT_ICON | 0x3c37110 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 0 | 0.4878048780487805 | ||
RT_ICON | 0x3c381b8 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 0 | 0.5032786885245901 | ||
RT_ICON | 0x3c38b40 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | 0.5514184397163121 | ||
RT_STRING | 0x3c39270 | 0x2bc | data | 0.49142857142857144 | ||
RT_STRING | 0x3c39530 | 0x2ac | data | 0.48830409356725146 | ||
RT_GROUP_ICON | 0x3c32780 | 0x68 | data | 0.7115384615384616 | ||
RT_GROUP_ICON | 0x3c2c620 | 0x68 | data | 0.6826923076923077 | ||
RT_GROUP_ICON | 0x3c267b8 | 0x30 | data | 0.9375 | ||
RT_GROUP_ICON | 0x3c38fa8 | 0x76 | data | 0.6779661016949152 | ||
RT_VERSION | 0x3c39030 | 0x23c | data | 0.5367132867132867 |
DLL | Import |
---|---|
KERNEL32.dll | GlobalMemoryStatus, GetLocaleInfoA, LocalCompact, InterlockedDecrement, GetComputerNameW, CreateHardLinkA, GetSystemDefaultLCID, BackupSeek, GetTickCount, GetConsoleAliasesA, GetWindowsDirectoryA, EnumTimeFormatsW, GetUserDefaultLangID, SetCommState, GlobalAlloc, LoadLibraryW, ReadConsoleInputA, WriteConsoleW, GetModuleFileNameW, MultiByteToWideChar, GetLastError, ChangeTimerQueueTimer, SetLastError, GetThreadLocale, GetProcAddress, RemoveDirectoryA, SetFileAttributesA, BuildCommDCBW, LoadLibraryA, SetCalendarInfoW, GetExitCodeThread, AddAtomW, CreateEventW, GlobalFindAtomW, GetOEMCP, LoadLibraryExA, VirtualProtect, GetConsoleProcessList, GetTempPathA, GetVolumeInformationW, HeapAlloc, EncodePointer, DecodePointer, IsProcessorFeaturePresent, GetCommandLineA, RaiseException, RtlUnwind, IsDebuggerPresent, IsValidCodePage, GetACP, GetCPInfo, GetCurrentThreadId, HeapFree, ExitProcess, GetModuleHandleExW, WideCharToMultiByte, GetStdHandle, WriteFile, GetProcessHeap, EnterCriticalSection, LeaveCriticalSection, FlushFileBuffers, GetConsoleCP, GetConsoleMode, DeleteCriticalSection, HeapSize, GetFileType, GetStartupInfoW, CloseHandle, GetModuleFileNameA, QueryPerformanceCounter, GetCurrentProcessId, GetSystemTimeAsFileTime, GetEnvironmentStringsW, FreeEnvironmentStringsW, UnhandledExceptionFilter, SetUnhandledExceptionFilter, InitializeCriticalSectionAndSpinCount, Sleep, GetCurrentProcess, TerminateProcess, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetModuleHandleW, GetStringTypeW, LoadLibraryExW, OutputDebugStringW, LCMapStringW, SetStdHandle, SetFilePointerEx, HeapReAlloc, CreateFileW |
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
04/26/24-11:50:57.657192 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49750 | 80 | 192.168.2.5 | 190.187.52.42 |
04/26/24-11:48:53.977641 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49727 | 80 | 192.168.2.5 | 119.204.11.2 |
04/26/24-11:49:35.592735 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49736 | 80 | 192.168.2.5 | 119.204.11.2 |
04/26/24-11:49:00.896944 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49730 | 80 | 192.168.2.5 | 119.204.11.2 |
04/26/24-11:50:23.070925 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49744 | 80 | 192.168.2.5 | 190.187.52.42 |
04/26/24-11:47:23.987965 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49713 | 80 | 192.168.2.5 | 119.204.11.2 |
04/26/24-11:47:22.464464 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49712 | 80 | 192.168.2.5 | 119.204.11.2 |
04/26/24-11:47:29.304265 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49716 | 80 | 192.168.2.5 | 119.204.11.2 |
04/26/24-11:50:39.540792 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49747 | 80 | 192.168.2.5 | 190.187.52.42 |
04/26/24-11:48:43.367329 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49722 | 80 | 192.168.2.5 | 119.204.11.2 |
04/26/24-11:49:47.864493 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49738 | 80 | 192.168.2.5 | 119.204.11.2 |
04/26/24-11:50:11.655696 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49742 | 80 | 192.168.2.5 | 190.187.52.42 |
04/26/24-11:47:27.784659 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49715 | 80 | 192.168.2.5 | 119.204.11.2 |
04/26/24-11:50:44.236303 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49748 | 80 | 192.168.2.5 | 190.187.52.42 |
04/26/24-11:49:56.135562 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49739 | 80 | 192.168.2.5 | 190.187.52.42 |
04/26/24-11:48:46.715630 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49724 | 80 | 192.168.2.5 | 119.204.11.2 |
04/26/24-11:47:32.343784 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49718 | 80 | 192.168.2.5 | 119.204.11.2 |
04/26/24-11:50:28.180861 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49745 | 80 | 192.168.2.5 | 190.187.52.42 |
04/26/24-11:49:18.365467 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49733 | 80 | 192.168.2.5 | 119.204.11.2 |
04/26/24-11:47:25.556178 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49714 | 80 | 192.168.2.5 | 119.204.11.2 |
04/26/24-11:47:30.826079 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49717 | 80 | 192.168.2.5 | 119.204.11.2 |
04/26/24-11:47:20.949841 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49711 | 80 | 192.168.2.5 | 119.204.11.2 |
04/26/24-11:50:02.490715 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49740 | 80 | 192.168.2.5 | 190.187.52.42 |
04/26/24-11:50:32.759541 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49746 | 80 | 192.168.2.5 | 190.187.52.42 |
04/26/24-11:49:23.641505 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49734 | 80 | 192.168.2.5 | 119.204.11.2 |
04/26/24-11:48:57.550009 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49729 | 80 | 192.168.2.5 | 119.204.11.2 |
04/26/24-11:49:05.885669 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49731 | 80 | 192.168.2.5 | 119.204.11.2 |
04/26/24-11:48:50.067757 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49726 | 80 | 192.168.2.5 | 119.204.11.2 |
04/26/24-11:50:16.085964 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49743 | 80 | 192.168.2.5 | 190.187.52.42 |
04/26/24-11:49:30.712687 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49735 | 80 | 192.168.2.5 | 119.204.11.2 |
04/26/24-11:48:48.305830 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49725 | 80 | 192.168.2.5 | 119.204.11.2 |
04/26/24-11:48:55.896378 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49728 | 80 | 192.168.2.5 | 119.204.11.2 |
04/26/24-11:47:33.917741 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49719 | 80 | 192.168.2.5 | 119.204.11.2 |
04/26/24-11:49:12.723020 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49732 | 80 | 192.168.2.5 | 119.204.11.2 |
04/26/24-11:50:07.106115 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49741 | 80 | 192.168.2.5 | 190.187.52.42 |
04/26/24-11:48:44.986285 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49723 | 80 | 192.168.2.5 | 119.204.11.2 |
04/26/24-11:49:40.768533 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49737 | 80 | 192.168.2.5 | 119.204.11.2 |
04/26/24-11:47:35.150965 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49720 | 80 | 192.168.2.5 | 119.204.11.2 |
04/26/24-11:50:49.712608 | TCP | 2039103 | ET TROJAN Suspected Smokeloader Activity (POST) | 49749 | 80 | 192.168.2.5 | 190.187.52.42 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 26, 2024 11:47:20.625984907 CEST | 49711 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:47:20.949477911 CEST | 80 | 49711 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:47:20.949599981 CEST | 49711 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:47:20.949841022 CEST | 49711 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:47:20.949866056 CEST | 49711 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:47:21.272655010 CEST | 80 | 49711 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:47:22.135804892 CEST | 80 | 49711 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:47:22.135905981 CEST | 80 | 49711 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:47:22.136003017 CEST | 49711 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:47:22.136928082 CEST | 49711 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:47:22.141020060 CEST | 49712 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:47:22.460297108 CEST | 80 | 49711 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:47:22.464209080 CEST | 80 | 49712 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:47:22.464299917 CEST | 49712 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:47:22.464463949 CEST | 49712 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:47:22.464495897 CEST | 49712 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:47:22.787415981 CEST | 80 | 49712 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:47:23.658689976 CEST | 80 | 49712 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:47:23.658716917 CEST | 80 | 49712 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:47:23.658782959 CEST | 49712 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:47:23.658989906 CEST | 49712 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:47:23.662667036 CEST | 49713 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:47:23.982187986 CEST | 80 | 49712 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:47:23.987692118 CEST | 80 | 49713 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:47:23.987780094 CEST | 49713 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:47:23.987965107 CEST | 49713 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:47:23.987986088 CEST | 49713 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:47:24.314064026 CEST | 80 | 49713 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:47:25.165426970 CEST | 80 | 49713 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:47:25.165448904 CEST | 80 | 49713 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:47:25.165627956 CEST | 49713 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:47:25.165817976 CEST | 49713 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:47:25.169648886 CEST | 49714 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:47:25.491386890 CEST | 80 | 49713 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:47:25.494249105 CEST | 80 | 49714 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:47:25.497134924 CEST | 49714 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:47:25.556178093 CEST | 49714 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:47:25.557106018 CEST | 49714 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:47:25.881680965 CEST | 80 | 49714 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:47:26.740653992 CEST | 80 | 49714 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:47:26.740689039 CEST | 80 | 49714 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:47:26.740855932 CEST | 49714 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:47:26.893112898 CEST | 49714 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:47:27.218122005 CEST | 80 | 49714 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:47:27.460973024 CEST | 49715 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:47:27.784348011 CEST | 80 | 49715 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:47:27.784564018 CEST | 49715 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:47:27.784658909 CEST | 49715 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:47:27.784682989 CEST | 49715 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:47:28.108074903 CEST | 80 | 49715 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:47:28.977370024 CEST | 80 | 49715 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:47:28.977396011 CEST | 80 | 49715 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:47:28.977511883 CEST | 49715 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:47:28.978363991 CEST | 49715 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:47:28.981178999 CEST | 49716 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:47:29.301593065 CEST | 80 | 49715 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:47:29.304022074 CEST | 80 | 49716 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:47:29.304102898 CEST | 49716 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:47:29.304265022 CEST | 49716 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:47:29.304290056 CEST | 49716 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:47:29.627291918 CEST | 80 | 49716 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:47:30.499388933 CEST | 80 | 49716 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:47:30.499414921 CEST | 80 | 49716 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:47:30.499505043 CEST | 49716 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:47:30.499664068 CEST | 49716 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:47:30.502599001 CEST | 49717 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:47:30.822741032 CEST | 80 | 49716 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:47:30.825825930 CEST | 80 | 49717 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:47:30.826004982 CEST | 49717 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:47:30.826078892 CEST | 49717 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:47:30.826106071 CEST | 49717 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:47:31.154119968 CEST | 80 | 49717 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:47:32.017399073 CEST | 80 | 49717 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:47:32.017426014 CEST | 80 | 49717 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:47:32.017530918 CEST | 49717 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:47:32.017754078 CEST | 49717 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:47:32.020759106 CEST | 49718 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:47:32.341816902 CEST | 80 | 49717 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:47:32.343493938 CEST | 80 | 49718 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:47:32.343606949 CEST | 49718 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:47:32.343784094 CEST | 49718 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:47:32.343822002 CEST | 49718 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:47:32.666712999 CEST | 80 | 49718 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:47:33.586575985 CEST | 80 | 49718 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:47:33.586605072 CEST | 80 | 49718 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:47:33.586692095 CEST | 49718 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:47:33.587172031 CEST | 49718 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:47:33.595417023 CEST | 49719 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:47:33.909780025 CEST | 80 | 49718 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:47:33.917362928 CEST | 80 | 49719 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:47:33.917530060 CEST | 49719 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:47:33.917741060 CEST | 49719 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:47:33.917766094 CEST | 49719 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:47:34.241972923 CEST | 80 | 49719 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:47:34.821923971 CEST | 80 | 49719 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:47:34.821954012 CEST | 80 | 49719 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:47:34.822174072 CEST | 49719 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:47:34.822412968 CEST | 49719 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:47:34.826395035 CEST | 49720 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:47:35.144359112 CEST | 80 | 49719 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:47:35.150650978 CEST | 80 | 49720 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:47:35.150820017 CEST | 49720 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:47:35.150964975 CEST | 49720 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:47:35.151002884 CEST | 49720 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:47:35.474416018 CEST | 80 | 49720 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:47:36.358182907 CEST | 80 | 49720 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:47:36.358212948 CEST | 80 | 49720 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:47:36.358319044 CEST | 49720 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:47:36.358530998 CEST | 49720 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:47:36.682049036 CEST | 80 | 49720 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:48:43.040369034 CEST | 49722 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:48:43.362478971 CEST | 80 | 49722 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:48:43.367121935 CEST | 49722 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:48:43.367328882 CEST | 49722 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:48:43.367362976 CEST | 49722 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:48:43.688973904 CEST | 80 | 49722 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:48:44.553025007 CEST | 80 | 49722 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:48:44.553040981 CEST | 80 | 49722 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:48:44.553095102 CEST | 49722 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:48:44.553783894 CEST | 49722 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:48:44.659430027 CEST | 49723 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:48:44.876194954 CEST | 80 | 49722 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:48:44.982142925 CEST | 80 | 49723 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:48:44.985202074 CEST | 49723 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:48:44.986284971 CEST | 49723 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:48:44.986316919 CEST | 49723 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:48:45.309604883 CEST | 80 | 49723 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:48:46.168170929 CEST | 80 | 49723 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:48:46.168193102 CEST | 80 | 49723 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:48:46.168271065 CEST | 49723 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:48:46.172502041 CEST | 49723 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:48:46.390078068 CEST | 49724 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:48:46.495284081 CEST | 80 | 49723 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:48:46.715344906 CEST | 80 | 49724 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:48:46.715451002 CEST | 49724 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:48:46.715630054 CEST | 49724 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:48:46.715683937 CEST | 49724 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:48:47.067172050 CEST | 80 | 49724 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:48:47.913717985 CEST | 80 | 49724 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:48:47.913731098 CEST | 80 | 49724 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:48:47.913938046 CEST | 49724 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:48:47.914045095 CEST | 49724 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:48:47.983084917 CEST | 49725 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:48:48.241354942 CEST | 80 | 49724 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:48:48.305588007 CEST | 80 | 49725 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:48:48.305672884 CEST | 49725 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:48:48.305830002 CEST | 49725 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:48:48.305830956 CEST | 49725 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:48:48.628324986 CEST | 80 | 49725 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:48:49.475702047 CEST | 80 | 49725 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:48:49.475847960 CEST | 80 | 49725 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:48:49.475948095 CEST | 49725 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:48:49.476047039 CEST | 49725 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:48:49.716361046 CEST | 49726 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:48:49.798711061 CEST | 80 | 49725 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:48:50.067487955 CEST | 80 | 49726 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:48:50.067576885 CEST | 49726 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:48:50.067756891 CEST | 49726 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:48:50.067790985 CEST | 49726 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:48:50.393011093 CEST | 80 | 49726 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:48:51.259509087 CEST | 80 | 49726 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:48:51.259526968 CEST | 80 | 49726 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:48:51.259641886 CEST | 49726 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:48:51.259820938 CEST | 49726 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:48:51.585020065 CEST | 80 | 49726 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:48:53.649585962 CEST | 49727 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:48:53.977329969 CEST | 80 | 49727 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:48:53.977485895 CEST | 49727 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:48:53.977641106 CEST | 49727 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:48:53.977664948 CEST | 49727 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:48:54.300647974 CEST | 80 | 49727 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:48:55.158829927 CEST | 80 | 49727 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:48:55.159082890 CEST | 80 | 49727 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:48:55.159148932 CEST | 49727 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:48:55.159179926 CEST | 49727 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:48:55.482728004 CEST | 80 | 49727 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:48:55.573549032 CEST | 49728 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:48:55.896133900 CEST | 80 | 49728 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:48:55.896250963 CEST | 49728 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:48:55.896378040 CEST | 49728 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:48:55.896392107 CEST | 49728 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:48:56.219326973 CEST | 80 | 49728 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:48:57.080249071 CEST | 80 | 49728 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:48:57.080279112 CEST | 80 | 49728 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:48:57.080383062 CEST | 49728 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:48:57.080566883 CEST | 49728 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:48:57.225584984 CEST | 49729 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:48:57.402868986 CEST | 80 | 49728 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:48:57.548295021 CEST | 80 | 49729 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:48:57.548372984 CEST | 49729 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:48:57.550009012 CEST | 49729 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:48:57.550569057 CEST | 49729 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:48:57.874655962 CEST | 80 | 49729 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:48:58.732377052 CEST | 80 | 49729 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:48:58.732440948 CEST | 80 | 49729 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:48:58.732491970 CEST | 49729 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:48:58.732606888 CEST | 49729 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:48:59.064441919 CEST | 80 | 49729 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:49:00.573503971 CEST | 49730 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:49:00.896552086 CEST | 80 | 49730 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:49:00.896761894 CEST | 49730 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:49:00.896944046 CEST | 49730 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:49:00.896979094 CEST | 49730 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:49:01.220206976 CEST | 80 | 49730 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:49:02.087163925 CEST | 80 | 49730 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:49:02.087191105 CEST | 80 | 49730 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:49:02.087517023 CEST | 49730 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:49:02.087563038 CEST | 49730 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:49:02.411286116 CEST | 80 | 49730 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:49:05.560939074 CEST | 49731 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:49:05.885426044 CEST | 80 | 49731 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:49:05.885505915 CEST | 49731 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:49:05.885668993 CEST | 49731 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:49:05.885682106 CEST | 49731 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:49:06.210486889 CEST | 80 | 49731 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:49:07.073163986 CEST | 80 | 49731 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:49:07.073179960 CEST | 80 | 49731 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:49:07.073381901 CEST | 49731 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:49:07.073518991 CEST | 49731 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:49:07.399168968 CEST | 80 | 49731 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:49:12.399307013 CEST | 49732 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:49:12.722743988 CEST | 80 | 49732 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:49:12.722881079 CEST | 49732 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:49:12.723020077 CEST | 49732 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:49:12.723020077 CEST | 49732 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:49:13.065160036 CEST | 80 | 49732 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:49:13.929617882 CEST | 80 | 49732 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:49:13.929637909 CEST | 80 | 49732 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:49:13.929790020 CEST | 49732 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:49:13.929934025 CEST | 49732 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:49:14.253616095 CEST | 80 | 49732 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:49:18.041310072 CEST | 49733 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:49:18.365158081 CEST | 80 | 49733 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:49:18.365328074 CEST | 49733 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:49:18.365467072 CEST | 49733 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:49:18.365525007 CEST | 49733 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:49:18.689563990 CEST | 80 | 49733 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:49:19.557686090 CEST | 80 | 49733 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:49:19.557713032 CEST | 80 | 49733 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:49:19.557786942 CEST | 49733 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:49:19.557928085 CEST | 49733 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:49:19.881444931 CEST | 80 | 49733 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:49:23.318275928 CEST | 49734 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:49:23.641263962 CEST | 80 | 49734 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:49:23.641369104 CEST | 49734 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:49:23.641505003 CEST | 49734 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:49:23.641547918 CEST | 49734 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:49:23.964565039 CEST | 80 | 49734 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:49:24.831507921 CEST | 80 | 49734 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:49:24.831525087 CEST | 80 | 49734 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:49:24.831603050 CEST | 49734 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:49:24.831748009 CEST | 49734 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:49:25.154597044 CEST | 80 | 49734 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:49:30.389421940 CEST | 49735 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:49:30.712371111 CEST | 80 | 49735 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:49:30.712516069 CEST | 49735 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:49:30.712687016 CEST | 49735 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:49:30.712704897 CEST | 49735 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:49:31.064341068 CEST | 80 | 49735 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:49:31.674782991 CEST | 80 | 49735 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:49:31.674819946 CEST | 80 | 49735 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:49:31.674891949 CEST | 49735 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:49:31.675033092 CEST | 49735 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:49:31.997813940 CEST | 80 | 49735 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:49:35.269278049 CEST | 49736 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:49:35.592439890 CEST | 80 | 49736 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:49:35.592562914 CEST | 49736 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:49:35.592735052 CEST | 49736 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:49:35.592763901 CEST | 49736 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:49:35.916209936 CEST | 80 | 49736 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:49:36.786492109 CEST | 80 | 49736 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:49:36.786562920 CEST | 80 | 49736 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:49:36.786667109 CEST | 49736 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:49:36.786803007 CEST | 49736 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:49:37.125389099 CEST | 80 | 49736 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:49:40.445143938 CEST | 49737 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:49:40.768191099 CEST | 80 | 49737 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:49:40.768364906 CEST | 49737 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:49:40.768532991 CEST | 49737 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:49:40.768552065 CEST | 49737 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:49:41.091548920 CEST | 80 | 49737 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:49:41.952558041 CEST | 80 | 49737 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:49:41.952574968 CEST | 80 | 49737 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:49:41.952640057 CEST | 49737 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:49:41.952862024 CEST | 49737 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:49:42.275760889 CEST | 80 | 49737 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:49:47.539386034 CEST | 49738 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:49:47.864252090 CEST | 80 | 49738 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:49:47.864358902 CEST | 49738 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:49:47.864492893 CEST | 49738 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:49:47.864531994 CEST | 49738 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:49:48.189017057 CEST | 80 | 49738 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:49:49.062968016 CEST | 80 | 49738 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:49:49.062992096 CEST | 80 | 49738 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:49:49.063091993 CEST | 49738 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:49:49.063257933 CEST | 49738 | 80 | 192.168.2.5 | 119.204.11.2 |
Apr 26, 2024 11:49:49.387805939 CEST | 80 | 49738 | 119.204.11.2 | 192.168.2.5 |
Apr 26, 2024 11:49:55.924221039 CEST | 49739 | 80 | 192.168.2.5 | 190.187.52.42 |
Apr 26, 2024 11:49:56.135256052 CEST | 80 | 49739 | 190.187.52.42 | 192.168.2.5 |
Apr 26, 2024 11:49:56.135483027 CEST | 49739 | 80 | 192.168.2.5 | 190.187.52.42 |
Apr 26, 2024 11:49:56.135561943 CEST | 49739 | 80 | 192.168.2.5 | 190.187.52.42 |
Apr 26, 2024 11:49:56.135561943 CEST | 49739 | 80 | 192.168.2.5 | 190.187.52.42 |
Apr 26, 2024 11:49:56.345352888 CEST | 80 | 49739 | 190.187.52.42 | 192.168.2.5 |
Apr 26, 2024 11:49:56.765465975 CEST | 80 | 49739 | 190.187.52.42 | 192.168.2.5 |
Apr 26, 2024 11:49:56.770374060 CEST | 80 | 49739 | 190.187.52.42 | 192.168.2.5 |
Apr 26, 2024 11:49:56.770462036 CEST | 49739 | 80 | 192.168.2.5 | 190.187.52.42 |
Apr 26, 2024 11:49:56.770513058 CEST | 49739 | 80 | 192.168.2.5 | 190.187.52.42 |
Apr 26, 2024 11:49:56.980571032 CEST | 80 | 49739 | 190.187.52.42 | 192.168.2.5 |
Apr 26, 2024 11:50:02.278568983 CEST | 49740 | 80 | 192.168.2.5 | 190.187.52.42 |
Apr 26, 2024 11:50:02.490441084 CEST | 80 | 49740 | 190.187.52.42 | 192.168.2.5 |
Apr 26, 2024 11:50:02.490520000 CEST | 49740 | 80 | 192.168.2.5 | 190.187.52.42 |
Apr 26, 2024 11:50:02.490715027 CEST | 49740 | 80 | 192.168.2.5 | 190.187.52.42 |
Apr 26, 2024 11:50:02.490747929 CEST | 49740 | 80 | 192.168.2.5 | 190.187.52.42 |
Apr 26, 2024 11:50:02.700270891 CEST | 80 | 49740 | 190.187.52.42 | 192.168.2.5 |
Apr 26, 2024 11:50:03.125268936 CEST | 80 | 49740 | 190.187.52.42 | 192.168.2.5 |
Apr 26, 2024 11:50:03.125344038 CEST | 80 | 49740 | 190.187.52.42 | 192.168.2.5 |
Apr 26, 2024 11:50:03.125596046 CEST | 49740 | 80 | 192.168.2.5 | 190.187.52.42 |
Apr 26, 2024 11:50:03.125597000 CEST | 49740 | 80 | 192.168.2.5 | 190.187.52.42 |
Apr 26, 2024 11:50:03.335153103 CEST | 80 | 49740 | 190.187.52.42 | 192.168.2.5 |
Apr 26, 2024 11:50:06.893023968 CEST | 49741 | 80 | 192.168.2.5 | 190.187.52.42 |
Apr 26, 2024 11:50:07.105874062 CEST | 80 | 49741 | 190.187.52.42 | 192.168.2.5 |
Apr 26, 2024 11:50:07.105957985 CEST | 49741 | 80 | 192.168.2.5 | 190.187.52.42 |
Apr 26, 2024 11:50:07.106115103 CEST | 49741 | 80 | 192.168.2.5 | 190.187.52.42 |
Apr 26, 2024 11:50:07.106133938 CEST | 49741 | 80 | 192.168.2.5 | 190.187.52.42 |
Apr 26, 2024 11:50:07.315989017 CEST | 80 | 49741 | 190.187.52.42 | 192.168.2.5 |
Apr 26, 2024 11:50:07.740850925 CEST | 80 | 49741 | 190.187.52.42 | 192.168.2.5 |
Apr 26, 2024 11:50:07.740919113 CEST | 49741 | 80 | 192.168.2.5 | 190.187.52.42 |
Apr 26, 2024 11:50:07.750643969 CEST | 80 | 49741 | 190.187.52.42 | 192.168.2.5 |
Apr 26, 2024 11:50:07.750700951 CEST | 49741 | 80 | 192.168.2.5 | 190.187.52.42 |
Apr 26, 2024 11:50:07.750883102 CEST | 49741 | 80 | 192.168.2.5 | 190.187.52.42 |
Apr 26, 2024 11:50:07.965986967 CEST | 80 | 49741 | 190.187.52.42 | 192.168.2.5 |
Apr 26, 2024 11:50:11.445924044 CEST | 49742 | 80 | 192.168.2.5 | 190.187.52.42 |
Apr 26, 2024 11:50:11.655334949 CEST | 80 | 49742 | 190.187.52.42 | 192.168.2.5 |
Apr 26, 2024 11:50:11.655494928 CEST | 49742 | 80 | 192.168.2.5 | 190.187.52.42 |
Apr 26, 2024 11:50:11.655695915 CEST | 49742 | 80 | 192.168.2.5 | 190.187.52.42 |
Apr 26, 2024 11:50:11.655695915 CEST | 49742 | 80 | 192.168.2.5 | 190.187.52.42 |
Apr 26, 2024 11:50:11.865330935 CEST | 80 | 49742 | 190.187.52.42 | 192.168.2.5 |
Apr 26, 2024 11:50:12.405599117 CEST | 80 | 49742 | 190.187.52.42 | 192.168.2.5 |
Apr 26, 2024 11:50:12.405752897 CEST | 49742 | 80 | 192.168.2.5 | 190.187.52.42 |
Apr 26, 2024 11:50:12.415462971 CEST | 80 | 49742 | 190.187.52.42 | 192.168.2.5 |
Apr 26, 2024 11:50:12.415535927 CEST | 49742 | 80 | 192.168.2.5 | 190.187.52.42 |
Apr 26, 2024 11:50:12.415712118 CEST | 49742 | 80 | 192.168.2.5 | 190.187.52.42 |
Apr 26, 2024 11:50:12.625356913 CEST | 80 | 49742 | 190.187.52.42 | 192.168.2.5 |
Apr 26, 2024 11:50:15.876755953 CEST | 49743 | 80 | 192.168.2.5 | 190.187.52.42 |
Apr 26, 2024 11:50:16.085619926 CEST | 80 | 49743 | 190.187.52.42 | 192.168.2.5 |
Apr 26, 2024 11:50:16.085709095 CEST | 49743 | 80 | 192.168.2.5 | 190.187.52.42 |
Apr 26, 2024 11:50:16.085963964 CEST | 49743 | 80 | 192.168.2.5 | 190.187.52.42 |
Apr 26, 2024 11:50:16.085999012 CEST | 49743 | 80 | 192.168.2.5 | 190.187.52.42 |
Apr 26, 2024 11:50:16.295680046 CEST | 80 | 49743 | 190.187.52.42 | 192.168.2.5 |
Apr 26, 2024 11:50:17.080611944 CEST | 80 | 49743 | 190.187.52.42 | 192.168.2.5 |
Apr 26, 2024 11:50:17.085536957 CEST | 80 | 49743 | 190.187.52.42 | 192.168.2.5 |
Apr 26, 2024 11:50:17.085649014 CEST | 49743 | 80 | 192.168.2.5 | 190.187.52.42 |
Apr 26, 2024 11:50:17.085740089 CEST | 49743 | 80 | 192.168.2.5 | 190.187.52.42 |
Apr 26, 2024 11:50:17.295734882 CEST | 80 | 49743 | 190.187.52.42 | 192.168.2.5 |
Apr 26, 2024 11:50:22.848433018 CEST | 49744 | 80 | 192.168.2.5 | 190.187.52.42 |
Apr 26, 2024 11:50:23.070650101 CEST | 80 | 49744 | 190.187.52.42 | 192.168.2.5 |
Apr 26, 2024 11:50:23.070766926 CEST | 49744 | 80 | 192.168.2.5 | 190.187.52.42 |
Apr 26, 2024 11:50:23.070924997 CEST | 49744 | 80 | 192.168.2.5 | 190.187.52.42 |
Apr 26, 2024 11:50:23.070951939 CEST | 49744 | 80 | 192.168.2.5 | 190.187.52.42 |
Apr 26, 2024 11:50:23.280860901 CEST | 80 | 49744 | 190.187.52.42 | 192.168.2.5 |
Apr 26, 2024 11:50:23.925858974 CEST | 80 | 49744 | 190.187.52.42 | 192.168.2.5 |
Apr 26, 2024 11:50:23.925966978 CEST | 49744 | 80 | 192.168.2.5 | 190.187.52.42 |
Apr 26, 2024 11:50:23.940831900 CEST | 80 | 49744 | 190.187.52.42 | 192.168.2.5 |
Apr 26, 2024 11:50:23.940917969 CEST | 49744 | 80 | 192.168.2.5 | 190.187.52.42 |
Apr 26, 2024 11:50:23.941047907 CEST | 49744 | 80 | 192.168.2.5 | 190.187.52.42 |
Apr 26, 2024 11:50:24.150760889 CEST | 80 | 49744 | 190.187.52.42 | 192.168.2.5 |
Apr 26, 2024 11:50:27.972529888 CEST | 49745 | 80 | 192.168.2.5 | 190.187.52.42 |
Apr 26, 2024 11:50:28.180521965 CEST | 80 | 49745 | 190.187.52.42 | 192.168.2.5 |
Apr 26, 2024 11:50:28.180674076 CEST | 49745 | 80 | 192.168.2.5 | 190.187.52.42 |
Apr 26, 2024 11:50:28.180860996 CEST | 49745 | 80 | 192.168.2.5 | 190.187.52.42 |
Apr 26, 2024 11:50:28.180893898 CEST | 49745 | 80 | 192.168.2.5 | 190.187.52.42 |
Apr 26, 2024 11:50:28.390839100 CEST | 80 | 49745 | 190.187.52.42 | 192.168.2.5 |
Apr 26, 2024 11:50:28.832189083 CEST | 80 | 49745 | 190.187.52.42 | 192.168.2.5 |
Apr 26, 2024 11:50:28.832253933 CEST | 49745 | 80 | 192.168.2.5 | 190.187.52.42 |
Apr 26, 2024 11:50:28.836678982 CEST | 80 | 49745 | 190.187.52.42 | 192.168.2.5 |
Apr 26, 2024 11:50:28.836738110 CEST | 49745 | 80 | 192.168.2.5 | 190.187.52.42 |
Apr 26, 2024 11:50:28.836877108 CEST | 49745 | 80 | 192.168.2.5 | 190.187.52.42 |
Apr 26, 2024 11:50:29.046286106 CEST | 80 | 49745 | 190.187.52.42 | 192.168.2.5 |
Apr 26, 2024 11:50:32.534576893 CEST | 49746 | 80 | 192.168.2.5 | 190.187.52.42 |
Apr 26, 2024 11:50:32.759238958 CEST | 80 | 49746 | 190.187.52.42 | 192.168.2.5 |
Apr 26, 2024 11:50:32.759334087 CEST | 49746 | 80 | 192.168.2.5 | 190.187.52.42 |
Apr 26, 2024 11:50:32.759541035 CEST | 49746 | 80 | 192.168.2.5 | 190.187.52.42 |
Apr 26, 2024 11:50:32.759586096 CEST | 49746 | 80 | 192.168.2.5 | 190.187.52.42 |
Apr 26, 2024 11:50:32.971508026 CEST | 80 | 49746 | 190.187.52.42 | 192.168.2.5 |
Apr 26, 2024 11:50:33.775856972 CEST | 80 | 49746 | 190.187.52.42 | 192.168.2.5 |
Apr 26, 2024 11:50:33.780529022 CEST | 80 | 49746 | 190.187.52.42 | 192.168.2.5 |
Apr 26, 2024 11:50:33.780606031 CEST | 49746 | 80 | 192.168.2.5 | 190.187.52.42 |
Apr 26, 2024 11:50:33.780766010 CEST | 49746 | 80 | 192.168.2.5 | 190.187.52.42 |
Apr 26, 2024 11:50:33.990421057 CEST | 80 | 49746 | 190.187.52.42 | 192.168.2.5 |
Apr 26, 2024 11:50:39.327240944 CEST | 49747 | 80 | 192.168.2.5 | 190.187.52.42 |
Apr 26, 2024 11:50:39.540563107 CEST | 80 | 49747 | 190.187.52.42 | 192.168.2.5 |
Apr 26, 2024 11:50:39.540641069 CEST | 49747 | 80 | 192.168.2.5 | 190.187.52.42 |
Apr 26, 2024 11:50:39.540791988 CEST | 49747 | 80 | 192.168.2.5 | 190.187.52.42 |
Apr 26, 2024 11:50:39.540822983 CEST | 49747 | 80 | 192.168.2.5 | 190.187.52.42 |
Apr 26, 2024 11:50:39.750782967 CEST | 80 | 49747 | 190.187.52.42 | 192.168.2.5 |
Apr 26, 2024 11:50:40.275767088 CEST | 80 | 49747 | 190.187.52.42 | 192.168.2.5 |
Apr 26, 2024 11:50:40.275830030 CEST | 49747 | 80 | 192.168.2.5 | 190.187.52.42 |
Apr 26, 2024 11:50:40.280530930 CEST | 80 | 49747 | 190.187.52.42 | 192.168.2.5 |
Apr 26, 2024 11:50:40.280585051 CEST | 49747 | 80 | 192.168.2.5 | 190.187.52.42 |
Apr 26, 2024 11:50:40.280725002 CEST | 49747 | 80 | 192.168.2.5 | 190.187.52.42 |
Apr 26, 2024 11:50:40.530647993 CEST | 80 | 49747 | 190.187.52.42 | 192.168.2.5 |
Apr 26, 2024 11:50:44.023452044 CEST | 49748 | 80 | 192.168.2.5 | 190.187.52.42 |
Apr 26, 2024 11:50:44.235913038 CEST | 80 | 49748 | 190.187.52.42 | 192.168.2.5 |
Apr 26, 2024 11:50:44.236027956 CEST | 49748 | 80 | 192.168.2.5 | 190.187.52.42 |
Apr 26, 2024 11:50:44.236303091 CEST | 49748 | 80 | 192.168.2.5 | 190.187.52.42 |
Apr 26, 2024 11:50:44.236303091 CEST | 49748 | 80 | 192.168.2.5 | 190.187.52.42 |
Apr 26, 2024 11:50:44.445709944 CEST | 80 | 49748 | 190.187.52.42 | 192.168.2.5 |
Apr 26, 2024 11:50:44.895677090 CEST | 80 | 49748 | 190.187.52.42 | 192.168.2.5 |
Apr 26, 2024 11:50:44.895908117 CEST | 49748 | 80 | 192.168.2.5 | 190.187.52.42 |
Apr 26, 2024 11:50:44.900590897 CEST | 80 | 49748 | 190.187.52.42 | 192.168.2.5 |
Apr 26, 2024 11:50:44.900676012 CEST | 49748 | 80 | 192.168.2.5 | 190.187.52.42 |
Apr 26, 2024 11:50:44.900886059 CEST | 49748 | 80 | 192.168.2.5 | 190.187.52.42 |
Apr 26, 2024 11:50:45.125719070 CEST | 80 | 49748 | 190.187.52.42 | 192.168.2.5 |
Apr 26, 2024 11:50:49.500961065 CEST | 49749 | 80 | 192.168.2.5 | 190.187.52.42 |
Apr 26, 2024 11:50:49.710697889 CEST | 80 | 49749 | 190.187.52.42 | 192.168.2.5 |
Apr 26, 2024 11:50:49.710975885 CEST | 49749 | 80 | 192.168.2.5 | 190.187.52.42 |
Apr 26, 2024 11:50:49.712608099 CEST | 49749 | 80 | 192.168.2.5 | 190.187.52.42 |
Apr 26, 2024 11:50:49.712645054 CEST | 49749 | 80 | 192.168.2.5 | 190.187.52.42 |
Apr 26, 2024 11:50:49.920804977 CEST | 80 | 49749 | 190.187.52.42 | 192.168.2.5 |
Apr 26, 2024 11:50:50.450947046 CEST | 80 | 49749 | 190.187.52.42 | 192.168.2.5 |
Apr 26, 2024 11:50:50.451194048 CEST | 49749 | 80 | 192.168.2.5 | 190.187.52.42 |
Apr 26, 2024 11:50:50.460535049 CEST | 80 | 49749 | 190.187.52.42 | 192.168.2.5 |
Apr 26, 2024 11:50:50.460614920 CEST | 49749 | 80 | 192.168.2.5 | 190.187.52.42 |
Apr 26, 2024 11:50:50.460830927 CEST | 49749 | 80 | 192.168.2.5 | 190.187.52.42 |
Apr 26, 2024 11:50:50.670847893 CEST | 80 | 49749 | 190.187.52.42 | 192.168.2.5 |
Apr 26, 2024 11:50:57.428883076 CEST | 49750 | 80 | 192.168.2.5 | 190.187.52.42 |
Apr 26, 2024 11:50:57.656923056 CEST | 80 | 49750 | 190.187.52.42 | 192.168.2.5 |
Apr 26, 2024 11:50:57.657027960 CEST | 49750 | 80 | 192.168.2.5 | 190.187.52.42 |
Apr 26, 2024 11:50:57.657191992 CEST | 49750 | 80 | 192.168.2.5 | 190.187.52.42 |
Apr 26, 2024 11:50:57.657213926 CEST | 49750 | 80 | 192.168.2.5 | 190.187.52.42 |
Apr 26, 2024 11:50:57.865864038 CEST | 80 | 49750 | 190.187.52.42 | 192.168.2.5 |
Apr 26, 2024 11:50:58.310956955 CEST | 80 | 49750 | 190.187.52.42 | 192.168.2.5 |
Apr 26, 2024 11:50:58.311183929 CEST | 49750 | 80 | 192.168.2.5 | 190.187.52.42 |
Apr 26, 2024 11:50:58.315697908 CEST | 80 | 49750 | 190.187.52.42 | 192.168.2.5 |
Apr 26, 2024 11:50:58.315788031 CEST | 49750 | 80 | 192.168.2.5 | 190.187.52.42 |
Apr 26, 2024 11:50:58.315973997 CEST | 49750 | 80 | 192.168.2.5 | 190.187.52.42 |
Apr 26, 2024 11:50:58.525862932 CEST | 80 | 49750 | 190.187.52.42 | 192.168.2.5 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 26, 2024 11:47:17.315043926 CEST | 64761 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 26, 2024 11:47:18.324919939 CEST | 64761 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 26, 2024 11:47:19.312628031 CEST | 64761 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 26, 2024 11:47:20.623909950 CEST | 53 | 64761 | 1.1.1.1 | 192.168.2.5 |
Apr 26, 2024 11:47:20.623934984 CEST | 53 | 64761 | 1.1.1.1 | 192.168.2.5 |
Apr 26, 2024 11:47:20.623951912 CEST | 53 | 64761 | 1.1.1.1 | 192.168.2.5 |
Apr 26, 2024 11:49:52.809465885 CEST | 60231 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 26, 2024 11:49:53.796881914 CEST | 60231 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 26, 2024 11:49:54.812223911 CEST | 60231 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 26, 2024 11:49:55.923408031 CEST | 53 | 60231 | 1.1.1.1 | 192.168.2.5 |
Apr 26, 2024 11:49:55.923434019 CEST | 53 | 60231 | 1.1.1.1 | 192.168.2.5 |
Apr 26, 2024 11:49:55.923450947 CEST | 53 | 60231 | 1.1.1.1 | 192.168.2.5 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Apr 26, 2024 11:47:17.315043926 CEST | 192.168.2.5 | 1.1.1.1 | 0x7476 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 26, 2024 11:47:18.324919939 CEST | 192.168.2.5 | 1.1.1.1 | 0x7476 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 26, 2024 11:47:19.312628031 CEST | 192.168.2.5 | 1.1.1.1 | 0x7476 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 26, 2024 11:49:52.809465885 CEST | 192.168.2.5 | 1.1.1.1 | 0x7207 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 26, 2024 11:49:53.796881914 CEST | 192.168.2.5 | 1.1.1.1 | 0x7207 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 26, 2024 11:49:54.812223911 CEST | 192.168.2.5 | 1.1.1.1 | 0x7207 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Apr 26, 2024 11:47:20.623909950 CEST | 1.1.1.1 | 192.168.2.5 | 0x7476 | No error (0) | 119.204.11.2 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 11:47:20.623909950 CEST | 1.1.1.1 | 192.168.2.5 | 0x7476 | No error (0) | 190.147.2.86 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 11:47:20.623909950 CEST | 1.1.1.1 | 192.168.2.5 | 0x7476 | No error (0) | 183.100.39.16 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 11:47:20.623909950 CEST | 1.1.1.1 | 192.168.2.5 | 0x7476 | No error (0) | 122.100.154.145 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 11:47:20.623909950 CEST | 1.1.1.1 | 192.168.2.5 | 0x7476 | No error (0) | 181.55.190.201 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 11:47:20.623909950 CEST | 1.1.1.1 | 192.168.2.5 | 0x7476 | No error (0) | 189.57.135.154 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 11:47:20.623909950 CEST | 1.1.1.1 | 192.168.2.5 | 0x7476 | No error (0) | 190.195.60.212 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 11:47:20.623909950 CEST | 1.1.1.1 | 192.168.2.5 | 0x7476 | No error (0) | 85.11.159.22 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 11:47:20.623909950 CEST | 1.1.1.1 | 192.168.2.5 | 0x7476 | No error (0) | 211.119.84.112 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 11:47:20.623909950 CEST | 1.1.1.1 | 192.168.2.5 | 0x7476 | No error (0) | 211.181.24.132 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 11:47:20.623934984 CEST | 1.1.1.1 | 192.168.2.5 | 0x7476 | No error (0) | 119.204.11.2 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 11:47:20.623934984 CEST | 1.1.1.1 | 192.168.2.5 | 0x7476 | No error (0) | 190.147.2.86 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 11:47:20.623934984 CEST | 1.1.1.1 | 192.168.2.5 | 0x7476 | No error (0) | 183.100.39.16 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 11:47:20.623934984 CEST | 1.1.1.1 | 192.168.2.5 | 0x7476 | No error (0) | 122.100.154.145 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 11:47:20.623934984 CEST | 1.1.1.1 | 192.168.2.5 | 0x7476 | No error (0) | 181.55.190.201 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 11:47:20.623934984 CEST | 1.1.1.1 | 192.168.2.5 | 0x7476 | No error (0) | 189.57.135.154 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 11:47:20.623934984 CEST | 1.1.1.1 | 192.168.2.5 | 0x7476 | No error (0) | 190.195.60.212 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 11:47:20.623934984 CEST | 1.1.1.1 | 192.168.2.5 | 0x7476 | No error (0) | 85.11.159.22 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 11:47:20.623934984 CEST | 1.1.1.1 | 192.168.2.5 | 0x7476 | No error (0) | 211.119.84.112 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 11:47:20.623934984 CEST | 1.1.1.1 | 192.168.2.5 | 0x7476 | No error (0) | 211.181.24.132 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 11:47:20.623951912 CEST | 1.1.1.1 | 192.168.2.5 | 0x7476 | No error (0) | 119.204.11.2 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 11:47:20.623951912 CEST | 1.1.1.1 | 192.168.2.5 | 0x7476 | No error (0) | 190.147.2.86 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 11:47:20.623951912 CEST | 1.1.1.1 | 192.168.2.5 | 0x7476 | No error (0) | 183.100.39.16 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 11:47:20.623951912 CEST | 1.1.1.1 | 192.168.2.5 | 0x7476 | No error (0) | 122.100.154.145 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 11:47:20.623951912 CEST | 1.1.1.1 | 192.168.2.5 | 0x7476 | No error (0) | 181.55.190.201 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 11:47:20.623951912 CEST | 1.1.1.1 | 192.168.2.5 | 0x7476 | No error (0) | 189.57.135.154 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 11:47:20.623951912 CEST | 1.1.1.1 | 192.168.2.5 | 0x7476 | No error (0) | 190.195.60.212 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 11:47:20.623951912 CEST | 1.1.1.1 | 192.168.2.5 | 0x7476 | No error (0) | 85.11.159.22 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 11:47:20.623951912 CEST | 1.1.1.1 | 192.168.2.5 | 0x7476 | No error (0) | 211.119.84.112 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 11:47:20.623951912 CEST | 1.1.1.1 | 192.168.2.5 | 0x7476 | No error (0) | 211.181.24.132 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 11:49:55.923408031 CEST | 1.1.1.1 | 192.168.2.5 | 0x7207 | No error (0) | 190.187.52.42 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 11:49:55.923408031 CEST | 1.1.1.1 | 192.168.2.5 | 0x7207 | No error (0) | 201.119.37.26 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 11:49:55.923408031 CEST | 1.1.1.1 | 192.168.2.5 | 0x7207 | No error (0) | 190.28.78.114 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 11:49:55.923408031 CEST | 1.1.1.1 | 192.168.2.5 | 0x7207 | No error (0) | 93.118.137.82 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 11:49:55.923408031 CEST | 1.1.1.1 | 192.168.2.5 | 0x7207 | No error (0) | 210.182.29.70 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 11:49:55.923408031 CEST | 1.1.1.1 | 192.168.2.5 | 0x7207 | No error (0) | 220.125.3.190 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 11:49:55.923408031 CEST | 1.1.1.1 | 192.168.2.5 | 0x7207 | No error (0) | 190.147.2.86 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 11:49:55.923408031 CEST | 1.1.1.1 | 192.168.2.5 | 0x7207 | No error (0) | 109.175.29.39 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 11:49:55.923408031 CEST | 1.1.1.1 | 192.168.2.5 | 0x7207 | No error (0) | 201.103.73.225 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 11:49:55.923408031 CEST | 1.1.1.1 | 192.168.2.5 | 0x7207 | No error (0) | 201.191.99.134 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 11:49:55.923434019 CEST | 1.1.1.1 | 192.168.2.5 | 0x7207 | No error (0) | 190.187.52.42 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 11:49:55.923434019 CEST | 1.1.1.1 | 192.168.2.5 | 0x7207 | No error (0) | 201.119.37.26 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 11:49:55.923434019 CEST | 1.1.1.1 | 192.168.2.5 | 0x7207 | No error (0) | 190.28.78.114 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 11:49:55.923434019 CEST | 1.1.1.1 | 192.168.2.5 | 0x7207 | No error (0) | 93.118.137.82 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 11:49:55.923434019 CEST | 1.1.1.1 | 192.168.2.5 | 0x7207 | No error (0) | 210.182.29.70 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 11:49:55.923434019 CEST | 1.1.1.1 | 192.168.2.5 | 0x7207 | No error (0) | 220.125.3.190 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 11:49:55.923434019 CEST | 1.1.1.1 | 192.168.2.5 | 0x7207 | No error (0) | 190.147.2.86 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 11:49:55.923434019 CEST | 1.1.1.1 | 192.168.2.5 | 0x7207 | No error (0) | 109.175.29.39 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 11:49:55.923434019 CEST | 1.1.1.1 | 192.168.2.5 | 0x7207 | No error (0) | 201.103.73.225 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 11:49:55.923434019 CEST | 1.1.1.1 | 192.168.2.5 | 0x7207 | No error (0) | 201.191.99.134 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 11:49:55.923450947 CEST | 1.1.1.1 | 192.168.2.5 | 0x7207 | No error (0) | 190.187.52.42 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 11:49:55.923450947 CEST | 1.1.1.1 | 192.168.2.5 | 0x7207 | No error (0) | 201.119.37.26 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 11:49:55.923450947 CEST | 1.1.1.1 | 192.168.2.5 | 0x7207 | No error (0) | 190.28.78.114 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 11:49:55.923450947 CEST | 1.1.1.1 | 192.168.2.5 | 0x7207 | No error (0) | 93.118.137.82 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 11:49:55.923450947 CEST | 1.1.1.1 | 192.168.2.5 | 0x7207 | No error (0) | 210.182.29.70 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 11:49:55.923450947 CEST | 1.1.1.1 | 192.168.2.5 | 0x7207 | No error (0) | 220.125.3.190 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 11:49:55.923450947 CEST | 1.1.1.1 | 192.168.2.5 | 0x7207 | No error (0) | 190.147.2.86 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 11:49:55.923450947 CEST | 1.1.1.1 | 192.168.2.5 | 0x7207 | No error (0) | 109.175.29.39 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 11:49:55.923450947 CEST | 1.1.1.1 | 192.168.2.5 | 0x7207 | No error (0) | 201.103.73.225 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 11:49:55.923450947 CEST | 1.1.1.1 | 192.168.2.5 | 0x7207 | No error (0) | 201.191.99.134 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.5 | 49711 | 119.204.11.2 | 80 | 1028 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Apr 26, 2024 11:47:20.949841022 CEST | 279 | OUT | |
Apr 26, 2024 11:47:20.949866056 CEST | 255 | OUT | |
Apr 26, 2024 11:47:22.135804892 CEST | 177 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.5 | 49712 | 119.204.11.2 | 80 | 1028 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Apr 26, 2024 11:47:22.464463949 CEST | 280 | OUT | |
Apr 26, 2024 11:47:22.464495897 CEST | 365 | OUT | |
Apr 26, 2024 11:47:23.658689976 CEST | 510 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.5 | 49713 | 119.204.11.2 | 80 | 1028 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Apr 26, 2024 11:47:23.987965107 CEST | 281 | OUT | |
Apr 26, 2024 11:47:23.987986088 CEST | 157 | OUT | |
Apr 26, 2024 11:47:25.165426970 CEST | 510 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.5 | 49714 | 119.204.11.2 | 80 | 1028 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Apr 26, 2024 11:47:25.556178093 CEST | 283 | OUT | |
Apr 26, 2024 11:47:25.557106018 CEST | 148 | OUT | |
Apr 26, 2024 11:47:26.740653992 CEST | 510 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.5 | 49715 | 119.204.11.2 | 80 | 1028 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Apr 26, 2024 11:47:27.784658909 CEST | 281 | OUT | |
Apr 26, 2024 11:47:27.784682989 CEST | 287 | OUT | |
Apr 26, 2024 11:47:28.977370024 CEST | 510 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.5 | 49716 | 119.204.11.2 | 80 | 1028 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Apr 26, 2024 11:47:29.304265022 CEST | 283 | OUT | |
Apr 26, 2024 11:47:29.304290056 CEST | 343 | OUT | |
Apr 26, 2024 11:47:30.499388933 CEST | 163 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.5 | 49717 | 119.204.11.2 | 80 | 1028 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Apr 26, 2024 11:47:30.826078892 CEST | 281 | OUT | |
Apr 26, 2024 11:47:30.826106071 CEST | 159 | OUT | |
Apr 26, 2024 11:47:32.017399073 CEST | 163 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
7 | 192.168.2.5 | 49718 | 119.204.11.2 | 80 | 1028 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Apr 26, 2024 11:47:32.343784094 CEST | 278 | OUT | |
Apr 26, 2024 11:47:32.343822002 CEST | 277 | OUT | |
Apr 26, 2024 11:47:33.586575985 CEST | 510 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
8 | 192.168.2.5 | 49719 | 119.204.11.2 | 80 | 1028 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Apr 26, 2024 11:47:33.917741060 CEST | 280 | OUT | |
Apr 26, 2024 11:47:33.917766094 CEST | 126 | OUT | |
Apr 26, 2024 11:47:34.821923971 CEST | 510 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
9 | 192.168.2.5 | 49720 | 119.204.11.2 | 80 | 1028 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Apr 26, 2024 11:47:35.150964975 CEST | 281 | OUT | |
Apr 26, 2024 11:47:35.151002884 CEST | 363 | OUT | |
Apr 26, 2024 11:47:36.358182907 CEST | 510 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
10 | 192.168.2.5 | 49722 | 119.204.11.2 | 80 | 1028 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Apr 26, 2024 11:48:43.367328882 CEST | 281 | OUT | |
Apr 26, 2024 11:48:43.367362976 CEST | 338 | OUT | |
Apr 26, 2024 11:48:44.553025007 CEST | 177 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
11 | 192.168.2.5 | 49723 | 119.204.11.2 | 80 | 1028 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Apr 26, 2024 11:48:44.986284971 CEST | 280 | OUT | |
Apr 26, 2024 11:48:44.986316919 CEST | 146 | OUT | |
Apr 26, 2024 11:48:46.168170929 CEST | 177 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
12 | 192.168.2.5 | 49724 | 119.204.11.2 | 80 | 1028 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Apr 26, 2024 11:48:46.715630054 CEST | 283 | OUT | |
Apr 26, 2024 11:48:46.715683937 CEST | 285 | OUT | |
Apr 26, 2024 11:48:47.913717985 CEST | 177 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
13 | 192.168.2.5 | 49725 | 119.204.11.2 | 80 | 1028 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Apr 26, 2024 11:48:48.305830002 CEST | 281 | OUT | |
Apr 26, 2024 11:48:48.305830956 CEST | 151 | OUT | |
Apr 26, 2024 11:48:49.475702047 CEST | 177 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
14 | 192.168.2.5 | 49726 | 119.204.11.2 | 80 | 1028 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Apr 26, 2024 11:48:50.067756891 CEST | 280 | OUT | |
Apr 26, 2024 11:48:50.067790985 CEST | 179 | OUT | |
Apr 26, 2024 11:48:51.259509087 CEST | 177 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
15 | 192.168.2.5 | 49727 | 119.204.11.2 | 80 | 1028 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Apr 26, 2024 11:48:53.977641106 CEST | 281 | OUT | |
Apr 26, 2024 11:48:53.977664948 CEST | 328 | OUT | |
Apr 26, 2024 11:48:55.158829927 CEST | 177 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
16 | 192.168.2.5 | 49728 | 119.204.11.2 | 80 | 1028 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Apr 26, 2024 11:48:55.896378040 CEST | 281 | OUT | |
Apr 26, 2024 11:48:55.896392107 CEST | 302 | OUT | |
Apr 26, 2024 11:48:57.080249071 CEST | 177 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
17 | 192.168.2.5 | 49729 | 119.204.11.2 | 80 | 1028 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Apr 26, 2024 11:48:57.550009012 CEST | 278 | OUT | |
Apr 26, 2024 11:48:57.550569057 CEST | 358 | OUT | |
Apr 26, 2024 11:48:58.732377052 CEST | 177 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
18 | 192.168.2.5 | 49730 | 119.204.11.2 | 80 | 1028 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Apr 26, 2024 11:49:00.896944046 CEST | 283 | OUT | |
Apr 26, 2024 11:49:00.896979094 CEST | 114 | OUT | |
Apr 26, 2024 11:49:02.087163925 CEST | 177 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
19 | 192.168.2.5 | 49731 | 119.204.11.2 | 80 | 1028 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Apr 26, 2024 11:49:05.885668993 CEST | 278 | OUT | |
Apr 26, 2024 11:49:05.885682106 CEST | 135 | OUT | |
Apr 26, 2024 11:49:07.073163986 CEST | 177 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
20 | 192.168.2.5 | 49732 | 119.204.11.2 | 80 | 1028 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Apr 26, 2024 11:49:12.723020077 CEST | 283 | OUT | |
Apr 26, 2024 11:49:12.723020077 CEST | 301 | OUT | |
Apr 26, 2024 11:49:13.929617882 CEST | 177 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
21 | 192.168.2.5 | 49733 | 119.204.11.2 | 80 | 1028 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Apr 26, 2024 11:49:18.365467072 CEST | 279 | OUT | |
Apr 26, 2024 11:49:18.365525007 CEST | 295 | OUT | |
Apr 26, 2024 11:49:19.557686090 CEST | 177 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
22 | 192.168.2.5 | 49734 | 119.204.11.2 | 80 | 1028 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Apr 26, 2024 11:49:23.641505003 CEST | 280 | OUT | |
Apr 26, 2024 11:49:23.641547918 CEST | 147 | OUT | |
Apr 26, 2024 11:49:24.831507921 CEST | 177 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
23 | 192.168.2.5 | 49735 | 119.204.11.2 | 80 | 1028 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Apr 26, 2024 11:49:30.712687016 CEST | 278 | OUT | |
Apr 26, 2024 11:49:30.712704897 CEST | 147 | OUT | |
Apr 26, 2024 11:49:31.674782991 CEST | 177 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
24 | 192.168.2.5 | 49736 | 119.204.11.2 | 80 | 1028 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Apr 26, 2024 11:49:35.592735052 CEST | 278 | OUT | |
Apr 26, 2024 11:49:35.592763901 CEST | 269 | OUT | |
Apr 26, 2024 11:49:36.786492109 CEST | 177 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
25 | 192.168.2.5 | 49737 | 119.204.11.2 | 80 | 1028 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Apr 26, 2024 11:49:40.768532991 CEST | 283 | OUT | |
Apr 26, 2024 11:49:40.768552065 CEST | 116 | OUT | |
Apr 26, 2024 11:49:41.952558041 CEST | 177 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
26 | 192.168.2.5 | 49738 | 119.204.11.2 | 80 | 1028 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Apr 26, 2024 11:49:47.864492893 CEST | 283 | OUT | |
Apr 26, 2024 11:49:47.864531994 CEST | 198 | OUT | |
Apr 26, 2024 11:49:49.062968016 CEST | 177 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
27 | 192.168.2.5 | 49739 | 190.187.52.42 | 80 | 1028 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Apr 26, 2024 11:49:56.135561943 CEST | 278 | OUT | |
Apr 26, 2024 11:49:56.135561943 CEST | 180 | OUT | |
Apr 26, 2024 11:49:56.765465975 CEST | 177 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
28 | 192.168.2.5 | 49740 | 190.187.52.42 | 80 | 1028 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Apr 26, 2024 11:50:02.490715027 CEST | 280 | OUT | |
Apr 26, 2024 11:50:02.490747929 CEST | 296 | OUT | |
Apr 26, 2024 11:50:03.125268936 CEST | 177 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
29 | 192.168.2.5 | 49741 | 190.187.52.42 | 80 | 1028 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Apr 26, 2024 11:50:07.106115103 CEST | 280 | OUT | |
Apr 26, 2024 11:50:07.106133938 CEST | 125 | OUT | |
Apr 26, 2024 11:50:07.750643969 CEST | 177 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
30 | 192.168.2.5 | 49742 | 190.187.52.42 | 80 | 1028 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Apr 26, 2024 11:50:11.655695915 CEST | 278 | OUT | |
Apr 26, 2024 11:50:11.655695915 CEST | 229 | OUT | |
Apr 26, 2024 11:50:12.415462971 CEST | 177 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
31 | 192.168.2.5 | 49743 | 190.187.52.42 | 80 | 1028 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Apr 26, 2024 11:50:16.085963964 CEST | 278 | OUT | |
Apr 26, 2024 11:50:16.085999012 CEST | 348 | OUT | |
Apr 26, 2024 11:50:17.080611944 CEST | 177 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
32 | 192.168.2.5 | 49744 | 190.187.52.42 | 80 | 1028 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Apr 26, 2024 11:50:23.070924997 CEST | 281 | OUT | |
Apr 26, 2024 11:50:23.070951939 CEST | 123 | OUT | |
Apr 26, 2024 11:50:23.940831900 CEST | 177 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
33 | 192.168.2.5 | 49745 | 190.187.52.42 | 80 | 1028 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Apr 26, 2024 11:50:28.180860996 CEST | 281 | OUT | |
Apr 26, 2024 11:50:28.180893898 CEST | 125 | OUT | |
Apr 26, 2024 11:50:28.836678982 CEST | 177 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
34 | 192.168.2.5 | 49746 | 190.187.52.42 | 80 | 1028 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Apr 26, 2024 11:50:32.759541035 CEST | 281 | OUT | |
Apr 26, 2024 11:50:32.759586096 CEST | 134 | OUT | |
Apr 26, 2024 11:50:33.775856972 CEST | 177 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
35 | 192.168.2.5 | 49747 | 190.187.52.42 | 80 | 1028 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Apr 26, 2024 11:50:39.540791988 CEST | 280 | OUT | |
Apr 26, 2024 11:50:39.540822983 CEST | 149 | OUT | |
Apr 26, 2024 11:50:40.280530930 CEST | 177 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
36 | 192.168.2.5 | 49748 | 190.187.52.42 | 80 | 1028 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Apr 26, 2024 11:50:44.236303091 CEST | 278 | OUT | |
Apr 26, 2024 11:50:44.236303091 CEST | 282 | OUT | |
Apr 26, 2024 11:50:44.900590897 CEST | 177 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
37 | 192.168.2.5 | 49749 | 190.187.52.42 | 80 | 1028 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Apr 26, 2024 11:50:49.712608099 CEST | 283 | OUT | |
Apr 26, 2024 11:50:49.712645054 CEST | 253 | OUT | |
Apr 26, 2024 11:50:50.460535049 CEST | 177 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
38 | 192.168.2.5 | 49750 | 190.187.52.42 | 80 | 1028 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Apr 26, 2024 11:50:57.657191992 CEST | 282 | OUT | |
Apr 26, 2024 11:50:57.657213926 CEST | 153 | OUT | |
Apr 26, 2024 11:50:58.315697908 CEST | 177 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 11:46:51 |
Start date: | 26/04/2024 |
Path: | C:\Users\user\Desktop\rBwTlpgnjc.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 305'152 bytes |
MD5 hash: | EE4E08FEBD22E594C7BCB70EA1B0252A |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 2 |
Start time: | 11:46:57 |
Start date: | 26/04/2024 |
Path: | C:\Windows\explorer.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff674740000 |
File size: | 5'141'208 bytes |
MD5 hash: | 662F4F92FDE3557E86D110526BB578D5 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 4 |
Start time: | 11:47:17 |
Start date: | 26/04/2024 |
Path: | C:\Users\user\AppData\Roaming\ivfjsrs |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 305'152 bytes |
MD5 hash: | EE4E08FEBD22E594C7BCB70EA1B0252A |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Antivirus matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 6 |
Start time: | 11:50:01 |
Start date: | 26/04/2024 |
Path: | C:\Users\user\AppData\Roaming\ivfjsrs |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 305'152 bytes |
MD5 hash: | EE4E08FEBD22E594C7BCB70EA1B0252A |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | false |
Execution Graph
Execution Coverage: | 6.4% |
Dynamic/Decrypted Code Coverage: | 18.2% |
Signature Coverage: | 29% |
Total number of Nodes: | 269 |
Total number of Limit Nodes: | 10 |
Graph
Function 004013ED Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 310nativeCOMMON
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0434B756 Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0413003C Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 515memoryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04130E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004018C3 Relevance: 1.3, APIs: 1, Instructions: 66sleepCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004018CE Relevance: 1.3, APIs: 1, Instructions: 60sleepCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004018ED Relevance: 1.3, APIs: 1, Instructions: 54sleepCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004018F4 Relevance: 1.3, APIs: 1, Instructions: 51sleepCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401907 Relevance: 1.3, APIs: 1, Instructions: 49sleepCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0434B415 Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0413092B Relevance: 3.8, Strings: 3, Instructions: 90COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040142C Relevance: 1.3, Strings: 1, Instructions: 66COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004032D5 Relevance: .1, Instructions: 78COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0434B033 Relevance: .1, Instructions: 61COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04130D90 Relevance: .0, Instructions: 43COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402381 Relevance: .0, Instructions: 12COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
Execution Coverage: | 6.5% |
Dynamic/Decrypted Code Coverage: | 18.5% |
Signature Coverage: | 0% |
Total number of Nodes: | 265 |
Total number of Limit Nodes: | 10 |
Graph
Function 004013ED Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 310nativeCOMMON
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 041A003C Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 515memoryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0406B826 Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 041A0E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004018C3 Relevance: 1.3, APIs: 1, Instructions: 66sleepCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004018CE Relevance: 1.3, APIs: 1, Instructions: 60sleepCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004018ED Relevance: 1.3, APIs: 1, Instructions: 54sleepCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004018F4 Relevance: 1.3, APIs: 1, Instructions: 51sleepCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401907 Relevance: 1.3, APIs: 1, Instructions: 49sleepCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0406B4E5 Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
Execution Coverage: | 5.4% |
Dynamic/Decrypted Code Coverage: | 21.9% |
Signature Coverage: | 0% |
Total number of Nodes: | 215 |
Total number of Limit Nodes: | 10 |
Graph
Function 05C6003C Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 515memoryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05C60E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0413CCBE Relevance: 1.5, APIs: 1, Instructions: 41COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004018C2 Relevance: 1.3, APIs: 1, Instructions: 66sleepCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004018C3 Relevance: 1.3, APIs: 1, Instructions: 66sleepCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004018CE Relevance: 1.3, APIs: 1, Instructions: 60sleepCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004018ED Relevance: 1.3, APIs: 1, Instructions: 54sleepCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004018F4 Relevance: 1.3, APIs: 1, Instructions: 51sleepCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401907 Relevance: 1.3, APIs: 1, Instructions: 49sleepCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0413C97D Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |