Windows
Analysis Report
Quotation.scr.exe
Overview
General Information
Detection
Snake Keylogger, VIP Keylogger
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected AntiVM3
Yara detected Snake Keylogger
Yara detected Telegram RAT
Yara detected VIP Keylogger
.NET source code contains potential unpacker
AI detected suspicious sample
Allocates memory in foreign processes
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Machine Learning detection for sample
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect the country of the analysis system (by using the IP)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses the Telegram API (likely for C&C communication)
Writes to foreign memory regions
Yara detected Costura Assembly Loader
Yara detected Generic Downloader
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality to call native functions
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer
Yara signature match
Classification
- System is w10x64
Quotation.scr.exe (PID: 3108 cmdline:
"C:\Users\ user\Deskt op\Quotati on.scr.exe " MD5: E0A5EE16DD5018801A0AFADB2559B555) RegAsm.exe (PID: 2432 cmdline:
"C:\Window s\Microsof t.NET\Fram ework\v4.0 .30319\Reg Asm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
404 Keylogger, Snake Keylogger | Snake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram. | No Attribution |
{"Exfil Mode": "Telegram", "Bot Token": "7291671710:AAGCLF2_8yzxPxb9Vlxy9pUy6yBLGLfnO5g", "Chat id": "2052461776", "Version": "4.4"}
{"Exfil Mode": "Telegram", "Token": "7291671710:AAGCLF2_8yzxPxb9Vlxy9pUy6yBLGLfnO5g", "Chat_id": "2052461776", "Version": "4.4"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_CosturaAssemblyLoader | Yara detected Costura Assembly Loader | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_VIPKeylogger | Yara detected VIP Keylogger | Joe Security | ||
JoeSecurity_TelegramRAT | Yara detected Telegram RAT | Joe Security | ||
Windows_Trojan_SnakeKeylogger_af3faa65 | unknown | unknown |
| |
Click to see the 21 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_CosturaAssemblyLoader | Yara detected Costura Assembly Loader | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_GenericDownloader_1 | Yara detected Generic Downloader | Joe Security | ||
JoeSecurity_VIPKeylogger | Yara detected VIP Keylogger | Joe Security | ||
JoeSecurity_TelegramRAT | Yara detected Telegram RAT | Joe Security | ||
Click to see the 23 entries |
⊘No Sigma rule has matched
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-09T08:55:17.814271+0200 | 2803305 | 3 | Unknown Traffic | 192.168.2.6 | 49719 | 188.114.96.3 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-09T08:55:16.251452+0200 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.6 | 49713 | 132.226.8.169 | 80 | TCP |
2024-09-09T08:55:17.251451+0200 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.6 | 49713 | 132.226.8.169 | 80 | TCP |
2024-09-09T08:55:18.642109+0200 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.6 | 49720 | 132.226.8.169 | 80 | TCP |
2024-09-09T08:55:21.173447+0200 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.6 | 49723 | 132.226.8.169 | 80 | TCP |
2024-09-09T08:55:23.548357+0200 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.6 | 49725 | 132.226.8.169 | 80 | TCP |
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | Avira: |
Source: | URL Reputation: | ||
Source: | URL Reputation: |
Source: | Malware Configuration Extractor: | ||
Source: | Malware Configuration Extractor: |
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Source: | Integrated Neural Analysis Model: |
Source: | Joe Sandbox ML: |
Location Tracking |
---|
Source: | DNS query: |
Source: | Static PE information: |
Source: | HTTPS traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 0_2_0586B790 | |
Source: | Code function: | 0_2_0586B798 | |
Source: | Code function: | 0_2_05864FD0 | |
Source: | Code function: | 0_2_05864FE0 | |
Source: | Code function: | 0_2_058651D0 | |
Source: | Code function: | 0_2_05864899 | |
Source: | Code function: | 0_2_058648A8 | |
Source: | Code function: | 0_2_058D4BB0 | |
Source: | Code function: | 0_2_058D1546 | |
Source: | Code function: | 0_2_058D144B | |
Source: | Code function: | 0_2_058D1458 | |
Source: | Code function: | 0_2_058D0006 | |
Source: | Code function: | 0_2_058D0040 | |
Source: | Code function: | 0_2_0593D578 | |
Source: | Code function: | 2_2_012DF428 | |
Source: | Code function: | 2_2_012DF614 | |
Source: | Code function: | 2_2_012DFAC8 |
Networking |
---|
Source: | DNS query: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | IP Address: | ||
Source: | IP Address: |
Source: | ASN Name: | ||
Source: | ASN Name: |
Source: | JA3 fingerprint: | ||
Source: | JA3 fingerprint: |
Source: | DNS query: | ||
Source: | DNS query: |
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | HTTPS traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Static PE information: |
Source: | Process Stats: |
Source: | Code function: | 0_2_0586CCB0 | |
Source: | Code function: | 0_2_0586E1A0 | |
Source: | Code function: | 0_2_0586CCA9 | |
Source: | Code function: | 0_2_0586E198 |
Source: | Code function: | 0_2_0224A9B0 | |
Source: | Code function: | 0_2_02246729 | |
Source: | Code function: | 0_2_02246738 | |
Source: | Code function: | 0_2_02246F09 | |
Source: | Code function: | 0_2_02247188 | |
Source: | Code function: | 0_2_0578F5EF | |
Source: | Code function: | 0_2_05785CB9 | |
Source: | Code function: | 0_2_057868A0 | |
Source: | Code function: | 0_2_0578EFC0 | |
Source: | Code function: | 0_2_0578FA30 | |
Source: | Code function: | 0_2_05780040 | |
Source: | Code function: | 0_2_0578003B | |
Source: | Code function: | 0_2_05785368 | |
Source: | Code function: | 0_2_05785359 | |
Source: | Code function: | 0_2_0578EFB1 | |
Source: | Code function: | 0_2_05786E50 | |
Source: | Code function: | 0_2_0578FA20 | |
Source: | Code function: | 0_2_058417B0 | |
Source: | Code function: | 0_2_058451F0 | |
Source: | Code function: | 0_2_05842DB8 | |
Source: | Code function: | 0_2_05841AD7 | |
Source: | Code function: | 0_2_05867D80 | |
Source: | Code function: | 0_2_0586747E | |
Source: | Code function: | 0_2_05869F20 | |
Source: | Code function: | 0_2_058672AB | |
Source: | Code function: | 0_2_05861AF8 | |
Source: | Code function: | 0_2_05866278 | |
Source: | Code function: | 0_2_05866DEB | |
Source: | Code function: | 0_2_05867D70 | |
Source: | Code function: | 0_2_05866CAF | |
Source: | Code function: | 0_2_05869F11 | |
Source: | Code function: | 0_2_05866F35 | |
Source: | Code function: | 0_2_05866766 | |
Source: | Code function: | 0_2_058666B9 | |
Source: | Code function: | 0_2_05866996 | |
Source: | Code function: | 0_2_05867092 | |
Source: | Code function: | 0_2_058670EA | |
Source: | Code function: | 0_2_058693B7 | |
Source: | Code function: | 0_2_05866BF9 | |
Source: | Code function: | 0_2_0586735F | |
Source: | Code function: | 0_2_05866A29 | |
Source: | Code function: | 0_2_058D1546 | |
Source: | Code function: | 0_2_058D6567 | |
Source: | Code function: | 0_2_058D144B | |
Source: | Code function: | 0_2_058D1458 | |
Source: | Code function: | 0_2_058DC3C0 | |
Source: | Code function: | 0_2_058DC3D0 | |
Source: | Code function: | 0_2_058D0BE8 | |
Source: | Code function: | 0_2_0593ECA0 | |
Source: | Code function: | 0_2_05930006 | |
Source: | Code function: | 0_2_05930040 | |
Source: | Code function: | 0_2_05B80006 | |
Source: | Code function: | 0_2_05B80040 | |
Source: | Code function: | 0_2_05B9CB38 | |
Source: | Code function: | 2_2_012DC146 | |
Source: | Code function: | 2_2_012D5370 | |
Source: | Code function: | 2_2_012DD599 | |
Source: | Code function: | 2_2_012DC468 | |
Source: | Code function: | 2_2_012DC738 | |
Source: | Code function: | 2_2_012D69A0 | |
Source: | Code function: | 2_2_012DE990 | |
Source: | Code function: | 2_2_012D29E0 | |
Source: | Code function: | 2_2_012DCA08 | |
Source: | Code function: | 2_2_012D9DE0 | |
Source: | Code function: | 2_2_012DCCD8 | |
Source: | Code function: | 2_2_012DCFA9 | |
Source: | Code function: | 2_2_012D6FC8 | |
Source: | Code function: | 2_2_012DE983 | |
Source: | Code function: | 2_2_012DFAC8 | |
Source: | Code function: | 2_2_012D3E09 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: |
Source: | Task registration methods: | ||
Source: | Task registration methods: | ||
Source: | Task registration methods: | ||
Source: | Task registration methods: | ||
Source: | Task registration methods: | ||
Source: | Task registration methods: |
Source: | Base64 encoded string: |
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: |
Source: | Classification label: |
Source: | Mutant created: |
Source: | Static PE information: |
Source: | Static file information: |
Source: | Key opened: | Jump to behavior |
Source: | Binary or memory string: |
Source: | Virustotal: | ||
Source: | ReversingLabs: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Data Obfuscation |
---|
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Code function: | 0_2_0578A414 | |
Source: | Code function: | 0_2_0586BBCD | |
Source: | Code function: | 0_2_058D1DA1 | |
Source: | Code function: | 0_2_058D7027 | |
Source: | Code function: | 0_2_059336CC | |
Source: | Code function: | 0_2_05B831B3 | |
Source: | Code function: | 0_2_05B80891 | |
Source: | Code function: | 0_2_05B85740 | |
Source: | Code function: | 2_2_012DB53D | |
Source: | Code function: | 2_2_012D891F | |
Source: | Code function: | 2_2_012D8DE0 | |
Source: | Code function: | 2_2_012D8C30 |
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | File source: |
Source: | Binary or memory string: |
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Source: | Process token adjusted: | Jump to behavior | ||
Source: | Process token adjusted: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Memory allocated: | Jump to behavior |
Source: | Memory written: | Jump to behavior |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Stealing of Sensitive Information |
---|
Source: | File source: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Scheduled Task/Job | 1 Scheduled Task/Job | 311 Process Injection | 1 Disable or Modify Tools | 1 OS Credential Dumping | 11 Security Software Discovery | Remote Services | 1 Email Collection | 1 Web Service | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | 1 DLL Side-Loading | 1 Scheduled Task/Job | 31 Virtualization/Sandbox Evasion | LSASS Memory | 1 Process Discovery | Remote Desktop Protocol | 11 Archive Collected Data | 11 Encrypted Channel | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 1 DLL Side-Loading | 311 Process Injection | Security Account Manager | 31 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | 1 Data from Local System | 3 Ingress Tool Transfer | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Deobfuscate/Decode Files or Information | NTDS | 1 Application Window Discovery | Distributed Component Object Model | Input Capture | 3 Non-Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 21 Obfuscated Files or Information | LSA Secrets | 1 System Network Configuration Discovery | SSH | Keylogging | 14 Application Layer Protocol | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 Software Packing | Cached Domain Credentials | 13 System Information Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 1 DLL Side-Loading | DCSync | Remote System Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
29% | Virustotal | Browse | ||
32% | ReversingLabs | Win32.Dropper.Generic | ||
100% | Avira | HEUR/AGEN.1308518 | ||
100% | Joe Sandbox ML |
⊘No Antivirus matches
⊘No Antivirus matches
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
2% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
100% | URL Reputation | malware | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
100% | URL Reputation | malware | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
1% | Virustotal | Browse | ||
1% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
2% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
eg-mart.com | 135.181.160.46 | true | false |
| unknown |
reallyfreegeoip.org | 188.114.96.3 | true | true |
| unknown |
api.telegram.org | 149.154.167.220 | true | true |
| unknown |
checkip.dyndns.com | 132.226.8.169 | true | false |
| unknown |
checkip.dyndns.org | unknown | unknown | true |
| unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
| unknown | |
false |
| unknown | |
false |
| unknown | |
false |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
true |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
true |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
132.226.8.169 | checkip.dyndns.com | United States | 16989 | UTMEMUS | false | |
149.154.167.220 | api.telegram.org | United Kingdom | 62041 | TELEGRAMRU | true | |
188.114.96.3 | reallyfreegeoip.org | European Union | 13335 | CLOUDFLARENETUS | true | |
135.181.160.46 | eg-mart.com | Germany | 24940 | HETZNER-ASDE | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1507754 |
Start date and time: | 2024-09-09 08:54:04 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 8m 19s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 8 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | Quotation.scr.exe |
Detection: | MAL |
Classification: | mal100.troj.spyw.evad.winEXE@3/0@4/4 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, slscr.update.microsoft.com, 4.8.2.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.0.2.0.c.0.0.3.0.1.3.0.6.2.ip6.arpa, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Execution Graph export aborted for target RegAsm.exe, PID 2432 because it is empty
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
- Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Time | Type | Description |
---|---|---|
02:55:16 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
132.226.8.169 | Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| |
Get hash | malicious | MassLogger RAT, Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | GuLoader | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
149.154.167.220 | Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse | ||
Get hash | malicious | Blank Grabber, Redline Clipper, Xmrig | Browse | |||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse | |||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse | |||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse | |||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse | |||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse | |||
Get hash | malicious | DCRat, PureLog Stealer, zgRAT | Browse | |||
Get hash | malicious | MicroClip, RedLine | Browse | |||
Get hash | malicious | Fredy Stealer | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
reallyfreegeoip.org | Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| |
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | MassLogger RAT, Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
api.telegram.org | Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| |
Get hash | malicious | Blank Grabber, Redline Clipper, Xmrig | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | DCRat, PureLog Stealer, zgRAT | Browse |
| ||
Get hash | malicious | MicroClip, RedLine | Browse |
| ||
Get hash | malicious | Fredy Stealer | Browse |
| ||
checkip.dyndns.com | Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| |
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | MassLogger RAT, Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
TELEGRAMRU | Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| |
Get hash | malicious | Blank Grabber, Redline Clipper, Xmrig | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | DCRat, PureLog Stealer, zgRAT | Browse |
| ||
Get hash | malicious | LummaC, Amadey, LummaC Stealer, Neoreklami, PureLog Stealer, RedLine, Stealc | Browse |
| ||
Get hash | malicious | LummaC, Stealc, Vidar | Browse |
| ||
UTMEMUS | Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| |
Get hash | malicious | MassLogger RAT, Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
CLOUDFLARENETUS | Get hash | malicious | HTMLPhisher | Browse |
| |
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
54328bd36c14bd82ddaa0c04b25ed9ad | Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| |
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | MassLogger RAT, Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
3b5074b1b5d032e5620f69f9f700ff0e | Get hash | malicious | Remcos, GuLoader | Browse |
| |
Get hash | malicious | Remcos, GuLoader | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | Remcos, GuLoader | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, Remcos | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | PureLog Stealer, Raccoon Stealer v2, RedLine, zgRAT | Browse |
|
⊘No context
⊘No created / dropped files found
File type: | |
Entropy (8bit): | 4.432801846329874 |
TrID: |
|
File name: | Quotation.scr.exe |
File size: | 6'144 bytes |
MD5: | e0a5ee16dd5018801a0afadb2559b555 |
SHA1: | 26443711531805d3e268212b552632558e90a015 |
SHA256: | 6b89ca3745f66447d9dab6fc2bd79820dd3ee4ce5edc40c25d1c7bf2c9250352 |
SHA512: | 79b0405fcf1a4931867834278f771e5be1f1637bd8746a16934f6e6118ee6559dc546de2d3e912bb269e4e22e938d0b6599473813b6ca1de27623615110ae473 |
SSDEEP: | 48:6gmEHl21SxTrP8tMVjKRHD8MB+MuER8YwNjkGlqLcyxwssJh7VeCtnUlaaIFWpfG:t2weW5OHN+2yBNjLScyxNGhQcczNt |
TLSH: | 5DC1D910A3F8437BDD720B719CB3A3406278F351995BCF9D1985214B3E53B918A53FA2 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...'D.f.............................,... ...@....@.. ....................................`................................ |
Icon Hash: | 00928e8e8686b000 |
Entrypoint: | 0x402c8e |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x66DE4427 [Mon Sep 9 00:41:11 2024 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
Instruction |
---|
jmp dword ptr [00402000h] |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x2c38 | 0x53 | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x4000 | 0x5a6 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x6000 | 0xc | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x2000 | 0x8 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x2008 | 0x48 | .text |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x2000 | 0xc94 | 0xe00 | dd5605ee7baf6ea3867e8966ac7f3f55 | False | 0.5415736607142857 | data | 5.040385941640028 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rsrc | 0x4000 | 0x5a6 | 0x600 | ca94ddebdb95a1c56a83a191de7faac4 | False | 0.4173177083333333 | data | 4.075974040120256 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x6000 | 0xc | 0x200 | 880af27eaae1f8845d7921a8312b435f | False | 0.044921875 | data | 0.08153941234324169 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_VERSION | 0x40a0 | 0x31c | data | 0.4321608040201005 | ||
RT_MANIFEST | 0x43bc | 0x1ea | XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators | 0.5489795918367347 |
DLL | Import |
---|---|
mscoree.dll | _CorExeMain |
Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-09T08:55:16.251452+0200 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.6 | 49713 | 132.226.8.169 | 80 | TCP |
2024-09-09T08:55:17.251451+0200 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.6 | 49713 | 132.226.8.169 | 80 | TCP |
2024-09-09T08:55:17.814271+0200 | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 192.168.2.6 | 49719 | 188.114.96.3 | 443 | TCP |
2024-09-09T08:55:18.642109+0200 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.6 | 49720 | 132.226.8.169 | 80 | TCP |
2024-09-09T08:55:21.173447+0200 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.6 | 49723 | 132.226.8.169 | 80 | TCP |
2024-09-09T08:55:23.548357+0200 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.6 | 49725 | 132.226.8.169 | 80 | TCP |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 9, 2024 08:54:55.550035954 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:55.550084114 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:55.550168991 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:55.563877106 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:55.563893080 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:56.268280983 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:56.268399000 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:56.272428036 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:56.272438049 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:56.272679090 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:56.329550982 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:56.348726034 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:56.396500111 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:56.690891027 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:56.690917969 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:56.690926075 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:56.690952063 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:56.690964937 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:56.690969944 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:56.691040993 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:56.691065073 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:56.691139936 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:56.692837000 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:56.692854881 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:56.692943096 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:56.692949057 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:56.735846043 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:56.796092033 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:56.796118975 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:56.796327114 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:56.796346903 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:56.796400070 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:56.799290895 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:56.799308062 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:56.799386978 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:56.799397945 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:56.799438953 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:56.801459074 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:56.801480055 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:56.801532984 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:56.801538944 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:56.801553011 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:56.801580906 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:56.844454050 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:56.844497919 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:56.844702005 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:56.844716072 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:56.844780922 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:56.904742956 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:56.904771090 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:56.904838085 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:56.904849052 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:56.904896021 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:56.904896021 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:56.905673027 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:56.905694008 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:56.905778885 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:56.905786037 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:56.905834913 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:56.907480955 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:56.907495022 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:56.907579899 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:56.907586098 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:56.907624960 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:56.908571959 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:56.908587933 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:56.908648014 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:56.908653975 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:56.908703089 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:56.935439110 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:56.935463905 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:56.935703993 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:56.935710907 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:56.935805082 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:56.996886015 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:56.996920109 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:56.997138977 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:56.997153044 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:56.997201920 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:56.997378111 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:56.997395992 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:56.997456074 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:56.997461081 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:56.997535944 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:57.012737036 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.012756109 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.012844086 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:57.012852907 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.013022900 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:57.013633966 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.013650894 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.013750076 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:57.013756037 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.013823032 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:57.014487982 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.014516115 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.014570951 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:57.014575958 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.014594078 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:57.014616966 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:57.027772903 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.027797937 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.027884007 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:57.027892113 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.028074980 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:57.089224100 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.089278936 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.089370012 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:57.089379072 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.089400053 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:57.089442968 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:57.089993000 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.090013027 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.090059996 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:57.090064049 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.090095043 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:57.090109110 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:57.111474037 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.111517906 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.111608028 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:57.111613989 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.111680984 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:57.111979961 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.112024069 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.112059116 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:57.112062931 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.112087011 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:57.112112999 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:57.112287045 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.112313032 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.112370968 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:57.112375975 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.112404108 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:57.112422943 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:57.121716976 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.121750116 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.121853113 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:57.121860027 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.121922016 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:57.122332096 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.122379065 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.122417927 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:57.122432947 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.122446060 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:57.122471094 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:57.183583021 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.183619022 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.183760881 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:57.183769941 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.183819056 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:57.184499979 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.184518099 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.184673071 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:57.184679031 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.184741020 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:57.185516119 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.185535908 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.185621977 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:57.185627937 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.185679913 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:57.199737072 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.199767113 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.199919939 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:57.199925900 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.200108051 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:57.200593948 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.200611115 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.200683117 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:57.200689077 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.200726986 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:57.201773882 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.201817036 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.201852083 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:57.201857090 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.201888084 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:57.201931000 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:57.213941097 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.213970900 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.214109898 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:57.214118004 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.214169025 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:57.275540113 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.275567055 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.275732994 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:57.275743008 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.275795937 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:57.276261091 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.276274920 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.276369095 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:57.276375055 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.276437998 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:57.277009964 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.277023077 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.277091026 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:57.277097940 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.277148962 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:57.291604042 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.291616917 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.291697979 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:57.291702986 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.291810036 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:57.292253017 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.292267084 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.292335033 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:57.292340040 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.292390108 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:57.293162107 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.293179989 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.293875933 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.293904066 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.294019938 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:57.294028044 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.305994987 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.306011915 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.306112051 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:57.306124926 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.360805035 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:57.366223097 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.366245985 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.366297960 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:57.366303921 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.366318941 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:57.366355896 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:57.366569996 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.366585970 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.366658926 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:57.366664886 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.366715908 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:57.367578983 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.367594004 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.367650032 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:57.367654085 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.367691994 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:57.367691994 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:57.384076118 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.384092093 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.384136915 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:57.384143114 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.384162903 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:57.384190083 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:57.384773016 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.384788036 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.384850025 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:57.384855986 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.384932995 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:57.385535955 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.385550976 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.385648966 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:57.385653973 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.385720015 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:57.386181116 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.386195898 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.386259079 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:57.386265993 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.386310101 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:57.397192955 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.397219896 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.397277117 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:57.397285938 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.397335052 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:57.458705902 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.458729982 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.458842993 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:57.458854914 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.458904982 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:57.458992004 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.459007978 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.459080935 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:57.459088087 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.459187984 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:57.459681988 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.459723949 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.459768057 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:57.459773064 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.459803104 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:57.459830046 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:57.477905035 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.477929115 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.478015900 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:57.478022099 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.478077888 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:57.478719950 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.478741884 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.478797913 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:57.478804111 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.478856087 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:57.479357004 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.479372978 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.479428053 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:57.479434013 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.479479074 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:57.480015993 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.480030060 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.480074883 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:57.480078936 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.480107069 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:57.480124950 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:57.490957975 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.490972042 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.491035938 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:57.491040945 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.491091013 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:57.553639889 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.553662062 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.553730965 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:57.553740978 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.553766012 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.553781033 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:57.553781033 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:57.553787947 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.553797960 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.553823948 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:57.553868055 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:57.553868055 CEST | 443 | 49710 | 135.181.160.46 | 192.168.2.6 |
Sep 9, 2024 08:54:57.553910017 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:54:57.563776016 CEST | 49710 | 443 | 192.168.2.6 | 135.181.160.46 |
Sep 9, 2024 08:55:08.622186899 CEST | 49713 | 80 | 192.168.2.6 | 132.226.8.169 |
Sep 9, 2024 08:55:08.627079010 CEST | 80 | 49713 | 132.226.8.169 | 192.168.2.6 |
Sep 9, 2024 08:55:08.627141953 CEST | 49713 | 80 | 192.168.2.6 | 132.226.8.169 |
Sep 9, 2024 08:55:08.627346992 CEST | 49713 | 80 | 192.168.2.6 | 132.226.8.169 |
Sep 9, 2024 08:55:08.632149935 CEST | 80 | 49713 | 132.226.8.169 | 192.168.2.6 |
Sep 9, 2024 08:55:14.479773045 CEST | 80 | 49713 | 132.226.8.169 | 192.168.2.6 |
Sep 9, 2024 08:55:14.484637976 CEST | 49713 | 80 | 192.168.2.6 | 132.226.8.169 |
Sep 9, 2024 08:55:14.489500999 CEST | 80 | 49713 | 132.226.8.169 | 192.168.2.6 |
Sep 9, 2024 08:55:16.208054066 CEST | 80 | 49713 | 132.226.8.169 | 192.168.2.6 |
Sep 9, 2024 08:55:16.251451969 CEST | 49713 | 80 | 192.168.2.6 | 132.226.8.169 |
Sep 9, 2024 08:55:16.257600069 CEST | 49718 | 443 | 192.168.2.6 | 188.114.96.3 |
Sep 9, 2024 08:55:16.257635117 CEST | 443 | 49718 | 188.114.96.3 | 192.168.2.6 |
Sep 9, 2024 08:55:16.257859945 CEST | 49718 | 443 | 192.168.2.6 | 188.114.96.3 |
Sep 9, 2024 08:55:16.262526989 CEST | 49718 | 443 | 192.168.2.6 | 188.114.96.3 |
Sep 9, 2024 08:55:16.262541056 CEST | 443 | 49718 | 188.114.96.3 | 192.168.2.6 |
Sep 9, 2024 08:55:16.736151934 CEST | 443 | 49718 | 188.114.96.3 | 192.168.2.6 |
Sep 9, 2024 08:55:16.736227036 CEST | 49718 | 443 | 192.168.2.6 | 188.114.96.3 |
Sep 9, 2024 08:55:16.740923882 CEST | 49718 | 443 | 192.168.2.6 | 188.114.96.3 |
Sep 9, 2024 08:55:16.740936995 CEST | 443 | 49718 | 188.114.96.3 | 192.168.2.6 |
Sep 9, 2024 08:55:16.741333008 CEST | 443 | 49718 | 188.114.96.3 | 192.168.2.6 |
Sep 9, 2024 08:55:16.782702923 CEST | 49718 | 443 | 192.168.2.6 | 188.114.96.3 |
Sep 9, 2024 08:55:16.793402910 CEST | 49718 | 443 | 192.168.2.6 | 188.114.96.3 |
Sep 9, 2024 08:55:16.836507082 CEST | 443 | 49718 | 188.114.96.3 | 192.168.2.6 |
Sep 9, 2024 08:55:16.898658037 CEST | 443 | 49718 | 188.114.96.3 | 192.168.2.6 |
Sep 9, 2024 08:55:16.898792028 CEST | 443 | 49718 | 188.114.96.3 | 192.168.2.6 |
Sep 9, 2024 08:55:16.898951054 CEST | 49718 | 443 | 192.168.2.6 | 188.114.96.3 |
Sep 9, 2024 08:55:16.904515028 CEST | 49718 | 443 | 192.168.2.6 | 188.114.96.3 |
Sep 9, 2024 08:55:16.907978058 CEST | 49713 | 80 | 192.168.2.6 | 132.226.8.169 |
Sep 9, 2024 08:55:16.913168907 CEST | 80 | 49713 | 132.226.8.169 | 192.168.2.6 |
Sep 9, 2024 08:55:17.202359915 CEST | 80 | 49713 | 132.226.8.169 | 192.168.2.6 |
Sep 9, 2024 08:55:17.205106974 CEST | 49719 | 443 | 192.168.2.6 | 188.114.96.3 |
Sep 9, 2024 08:55:17.205158949 CEST | 443 | 49719 | 188.114.96.3 | 192.168.2.6 |
Sep 9, 2024 08:55:17.205246925 CEST | 49719 | 443 | 192.168.2.6 | 188.114.96.3 |
Sep 9, 2024 08:55:17.205569029 CEST | 49719 | 443 | 192.168.2.6 | 188.114.96.3 |
Sep 9, 2024 08:55:17.205579996 CEST | 443 | 49719 | 188.114.96.3 | 192.168.2.6 |
Sep 9, 2024 08:55:17.251451015 CEST | 49713 | 80 | 192.168.2.6 | 132.226.8.169 |
Sep 9, 2024 08:55:17.666810989 CEST | 443 | 49719 | 188.114.96.3 | 192.168.2.6 |
Sep 9, 2024 08:55:17.668876886 CEST | 49719 | 443 | 192.168.2.6 | 188.114.96.3 |
Sep 9, 2024 08:55:17.668908119 CEST | 443 | 49719 | 188.114.96.3 | 192.168.2.6 |
Sep 9, 2024 08:55:17.814291000 CEST | 443 | 49719 | 188.114.96.3 | 192.168.2.6 |
Sep 9, 2024 08:55:17.814393044 CEST | 443 | 49719 | 188.114.96.3 | 192.168.2.6 |
Sep 9, 2024 08:55:17.814450026 CEST | 49719 | 443 | 192.168.2.6 | 188.114.96.3 |
Sep 9, 2024 08:55:17.814990997 CEST | 49719 | 443 | 192.168.2.6 | 188.114.96.3 |
Sep 9, 2024 08:55:17.819384098 CEST | 49713 | 80 | 192.168.2.6 | 132.226.8.169 |
Sep 9, 2024 08:55:17.824527025 CEST | 80 | 49713 | 132.226.8.169 | 192.168.2.6 |
Sep 9, 2024 08:55:17.824604988 CEST | 49713 | 80 | 192.168.2.6 | 132.226.8.169 |
Sep 9, 2024 08:55:17.830879927 CEST | 49720 | 80 | 192.168.2.6 | 132.226.8.169 |
Sep 9, 2024 08:55:17.835700035 CEST | 80 | 49720 | 132.226.8.169 | 192.168.2.6 |
Sep 9, 2024 08:55:17.835786104 CEST | 49720 | 80 | 192.168.2.6 | 132.226.8.169 |
Sep 9, 2024 08:55:17.847739935 CEST | 49720 | 80 | 192.168.2.6 | 132.226.8.169 |
Sep 9, 2024 08:55:17.852525949 CEST | 80 | 49720 | 132.226.8.169 | 192.168.2.6 |
Sep 9, 2024 08:55:18.599803925 CEST | 80 | 49720 | 132.226.8.169 | 192.168.2.6 |
Sep 9, 2024 08:55:18.601231098 CEST | 49721 | 443 | 192.168.2.6 | 188.114.96.3 |
Sep 9, 2024 08:55:18.601277113 CEST | 443 | 49721 | 188.114.96.3 | 192.168.2.6 |
Sep 9, 2024 08:55:18.601346970 CEST | 49721 | 443 | 192.168.2.6 | 188.114.96.3 |
Sep 9, 2024 08:55:18.601608992 CEST | 49721 | 443 | 192.168.2.6 | 188.114.96.3 |
Sep 9, 2024 08:55:18.601622105 CEST | 443 | 49721 | 188.114.96.3 | 192.168.2.6 |
Sep 9, 2024 08:55:18.642108917 CEST | 49720 | 80 | 192.168.2.6 | 132.226.8.169 |
Sep 9, 2024 08:55:19.075015068 CEST | 443 | 49721 | 188.114.96.3 | 192.168.2.6 |
Sep 9, 2024 08:55:19.076679945 CEST | 49721 | 443 | 192.168.2.6 | 188.114.96.3 |
Sep 9, 2024 08:55:19.076699018 CEST | 443 | 49721 | 188.114.96.3 | 192.168.2.6 |
Sep 9, 2024 08:55:19.218861103 CEST | 443 | 49721 | 188.114.96.3 | 192.168.2.6 |
Sep 9, 2024 08:55:19.218976974 CEST | 443 | 49721 | 188.114.96.3 | 192.168.2.6 |
Sep 9, 2024 08:55:19.219048977 CEST | 49721 | 443 | 192.168.2.6 | 188.114.96.3 |
Sep 9, 2024 08:55:19.219679117 CEST | 49721 | 443 | 192.168.2.6 | 188.114.96.3 |
Sep 9, 2024 08:55:19.223922014 CEST | 49720 | 80 | 192.168.2.6 | 132.226.8.169 |
Sep 9, 2024 08:55:19.225599051 CEST | 49723 | 80 | 192.168.2.6 | 132.226.8.169 |
Sep 9, 2024 08:55:19.228890896 CEST | 80 | 49720 | 132.226.8.169 | 192.168.2.6 |
Sep 9, 2024 08:55:19.228972912 CEST | 49720 | 80 | 192.168.2.6 | 132.226.8.169 |
Sep 9, 2024 08:55:19.230420113 CEST | 80 | 49723 | 132.226.8.169 | 192.168.2.6 |
Sep 9, 2024 08:55:19.230499029 CEST | 49723 | 80 | 192.168.2.6 | 132.226.8.169 |
Sep 9, 2024 08:55:19.232568026 CEST | 49723 | 80 | 192.168.2.6 | 132.226.8.169 |
Sep 9, 2024 08:55:19.237287045 CEST | 80 | 49723 | 132.226.8.169 | 192.168.2.6 |
Sep 9, 2024 08:55:21.121956110 CEST | 80 | 49723 | 132.226.8.169 | 192.168.2.6 |
Sep 9, 2024 08:55:21.123646975 CEST | 49724 | 443 | 192.168.2.6 | 188.114.96.3 |
Sep 9, 2024 08:55:21.123694897 CEST | 443 | 49724 | 188.114.96.3 | 192.168.2.6 |
Sep 9, 2024 08:55:21.123765945 CEST | 49724 | 443 | 192.168.2.6 | 188.114.96.3 |
Sep 9, 2024 08:55:21.124095917 CEST | 49724 | 443 | 192.168.2.6 | 188.114.96.3 |
Sep 9, 2024 08:55:21.124114990 CEST | 443 | 49724 | 188.114.96.3 | 192.168.2.6 |
Sep 9, 2024 08:55:21.173446894 CEST | 49723 | 80 | 192.168.2.6 | 132.226.8.169 |
Sep 9, 2024 08:55:21.579633951 CEST | 443 | 49724 | 188.114.96.3 | 192.168.2.6 |
Sep 9, 2024 08:55:21.581279039 CEST | 49724 | 443 | 192.168.2.6 | 188.114.96.3 |
Sep 9, 2024 08:55:21.581298113 CEST | 443 | 49724 | 188.114.96.3 | 192.168.2.6 |
Sep 9, 2024 08:55:21.713253975 CEST | 443 | 49724 | 188.114.96.3 | 192.168.2.6 |
Sep 9, 2024 08:55:21.713342905 CEST | 443 | 49724 | 188.114.96.3 | 192.168.2.6 |
Sep 9, 2024 08:55:21.713392973 CEST | 49724 | 443 | 192.168.2.6 | 188.114.96.3 |
Sep 9, 2024 08:55:21.713865995 CEST | 49724 | 443 | 192.168.2.6 | 188.114.96.3 |
Sep 9, 2024 08:55:21.716948986 CEST | 49723 | 80 | 192.168.2.6 | 132.226.8.169 |
Sep 9, 2024 08:55:21.718267918 CEST | 49725 | 80 | 192.168.2.6 | 132.226.8.169 |
Sep 9, 2024 08:55:21.722095013 CEST | 80 | 49723 | 132.226.8.169 | 192.168.2.6 |
Sep 9, 2024 08:55:21.722168922 CEST | 49723 | 80 | 192.168.2.6 | 132.226.8.169 |
Sep 9, 2024 08:55:21.723037004 CEST | 80 | 49725 | 132.226.8.169 | 192.168.2.6 |
Sep 9, 2024 08:55:21.723129034 CEST | 49725 | 80 | 192.168.2.6 | 132.226.8.169 |
Sep 9, 2024 08:55:21.723191023 CEST | 49725 | 80 | 192.168.2.6 | 132.226.8.169 |
Sep 9, 2024 08:55:21.727931976 CEST | 80 | 49725 | 132.226.8.169 | 192.168.2.6 |
Sep 9, 2024 08:55:23.497507095 CEST | 80 | 49725 | 132.226.8.169 | 192.168.2.6 |
Sep 9, 2024 08:55:23.499212027 CEST | 49726 | 443 | 192.168.2.6 | 188.114.96.3 |
Sep 9, 2024 08:55:23.499255896 CEST | 443 | 49726 | 188.114.96.3 | 192.168.2.6 |
Sep 9, 2024 08:55:23.499324083 CEST | 49726 | 443 | 192.168.2.6 | 188.114.96.3 |
Sep 9, 2024 08:55:23.499625921 CEST | 49726 | 443 | 192.168.2.6 | 188.114.96.3 |
Sep 9, 2024 08:55:23.499638081 CEST | 443 | 49726 | 188.114.96.3 | 192.168.2.6 |
Sep 9, 2024 08:55:23.548357010 CEST | 49725 | 80 | 192.168.2.6 | 132.226.8.169 |
Sep 9, 2024 08:55:23.975264072 CEST | 443 | 49726 | 188.114.96.3 | 192.168.2.6 |
Sep 9, 2024 08:55:23.976938009 CEST | 49726 | 443 | 192.168.2.6 | 188.114.96.3 |
Sep 9, 2024 08:55:23.976957083 CEST | 443 | 49726 | 188.114.96.3 | 192.168.2.6 |
Sep 9, 2024 08:55:24.112828016 CEST | 443 | 49726 | 188.114.96.3 | 192.168.2.6 |
Sep 9, 2024 08:55:24.112929106 CEST | 443 | 49726 | 188.114.96.3 | 192.168.2.6 |
Sep 9, 2024 08:55:24.112987995 CEST | 49726 | 443 | 192.168.2.6 | 188.114.96.3 |
Sep 9, 2024 08:55:24.113500118 CEST | 49726 | 443 | 192.168.2.6 | 188.114.96.3 |
Sep 9, 2024 08:55:24.117928982 CEST | 49727 | 80 | 192.168.2.6 | 132.226.8.169 |
Sep 9, 2024 08:55:24.122826099 CEST | 80 | 49727 | 132.226.8.169 | 192.168.2.6 |
Sep 9, 2024 08:55:24.122936010 CEST | 49727 | 80 | 192.168.2.6 | 132.226.8.169 |
Sep 9, 2024 08:55:24.123039961 CEST | 49727 | 80 | 192.168.2.6 | 132.226.8.169 |
Sep 9, 2024 08:55:24.128107071 CEST | 80 | 49727 | 132.226.8.169 | 192.168.2.6 |
Sep 9, 2024 08:55:25.702794075 CEST | 80 | 49727 | 132.226.8.169 | 192.168.2.6 |
Sep 9, 2024 08:55:25.704144955 CEST | 49728 | 443 | 192.168.2.6 | 188.114.96.3 |
Sep 9, 2024 08:55:25.704178095 CEST | 443 | 49728 | 188.114.96.3 | 192.168.2.6 |
Sep 9, 2024 08:55:25.704245090 CEST | 49728 | 443 | 192.168.2.6 | 188.114.96.3 |
Sep 9, 2024 08:55:25.704500914 CEST | 49728 | 443 | 192.168.2.6 | 188.114.96.3 |
Sep 9, 2024 08:55:25.704516888 CEST | 443 | 49728 | 188.114.96.3 | 192.168.2.6 |
Sep 9, 2024 08:55:25.751498938 CEST | 49727 | 80 | 192.168.2.6 | 132.226.8.169 |
Sep 9, 2024 08:55:26.167380095 CEST | 443 | 49728 | 188.114.96.3 | 192.168.2.6 |
Sep 9, 2024 08:55:26.169081926 CEST | 49728 | 443 | 192.168.2.6 | 188.114.96.3 |
Sep 9, 2024 08:55:26.169101000 CEST | 443 | 49728 | 188.114.96.3 | 192.168.2.6 |
Sep 9, 2024 08:55:26.308089972 CEST | 443 | 49728 | 188.114.96.3 | 192.168.2.6 |
Sep 9, 2024 08:55:26.308163881 CEST | 443 | 49728 | 188.114.96.3 | 192.168.2.6 |
Sep 9, 2024 08:55:26.308212996 CEST | 49728 | 443 | 192.168.2.6 | 188.114.96.3 |
Sep 9, 2024 08:55:26.309263945 CEST | 49728 | 443 | 192.168.2.6 | 188.114.96.3 |
Sep 9, 2024 08:55:26.313462019 CEST | 49727 | 80 | 192.168.2.6 | 132.226.8.169 |
Sep 9, 2024 08:55:26.314685106 CEST | 49729 | 80 | 192.168.2.6 | 132.226.8.169 |
Sep 9, 2024 08:55:26.319525957 CEST | 80 | 49727 | 132.226.8.169 | 192.168.2.6 |
Sep 9, 2024 08:55:26.319572926 CEST | 49727 | 80 | 192.168.2.6 | 132.226.8.169 |
Sep 9, 2024 08:55:26.319619894 CEST | 80 | 49729 | 132.226.8.169 | 192.168.2.6 |
Sep 9, 2024 08:55:26.319683075 CEST | 49729 | 80 |