Play interactive tour
Edit tourAnalysis Report a.exe
Overview
General Information
| Sample Name: | a.exe |
| Analysis ID: | 385479 |
| MD5: | 6321729b9f33fea55483fbb3792c611b |
| SHA1: | 816ad37e36a68f89ab2ca4fea4f83879caeb6586 |
| SHA256: | 369cfe293c93b001240bdee35859037c7513ceef781c8174938d0650c9e5575d |
| Tags: | gozi |
| Infos: | |
Most interesting Screenshot:  | |
Detection
Ursnif
| Score: | 100 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected Ursnif
Yara detected AntiVM3
Hooks registry keys query functions (used to hide registry keys)
Injects a PE file into a foreign processes
Modifies the export address table of user mode modules (user mode EAT hooks)
Modifies the import address table of user mode modules (user mode IAT hooks)
Modifies the prolog of user mode functions (user mode inline hooks)
Performs DNS queries to domains with low reputation
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Writes or reads registry keys via WMI
Writes registry values via WMI
Antivirus or Machine Learning detection for unpacked file
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains long sleeps (>= 3 min)
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE / OLE file has an invalid certificate
PE file contains executable resources (Code or Archives)
PE file contains strange resources
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Classification
Startup |
|---|
|
Malware Configuration |
|---|
Threatname: Ursnif |
|---|
[{"RSA Public Key": "pQo4KM3R8eFYLdoECMIPO/fNsO/R/HK4kV0BXYECYloQSK7KS4zZTuTDX2DjIg0QQ/f/kuwGstNk0nYCXnXvpcTnWc5tfeErS6XtajLNuQFk3xd1/kTT3SeWu19JsEsxjPY+c7yLsdZjJRyX+jOCMjDszRu/faKKDVHAdoeOLdX64WevI8mc3fiPLbvB4KOP"}, {"c2_domain": ["c1.microsoft.com", "ctldl.windowsupdate.com", "195.123.214.61", "195.123.213.250", "195.123.214.20", "puvj2jr.xyz", "6ffddg2.xyz", "8iqnb33.xyz"], "dns_server": ["107.174.86.134", "107.175.127.22"], "DGA_count": "10", "ip_check_url": ["api.wipmania.com", "ipinfo.io/ip", "api.wipmania.com", "curlmyip.net"], "server": "12", "serpent_key": "10386128UJANFYTR", "sleep_time": "1", "SetWaitableTimer_value(CRC_CONFIGTIMEOUT)": "300", "time_value": "300", "SetWaitableTimer_value(CRC_TASKTIMEOUT)": "300", "SetWaitableTimer_value(CRC_SENDTIMEOUT)": "300", "SetWaitableTimer_value(CRC_KNOCKERTIMEOUT)": "300", "not_use(CRC_BCTIMEOUT)": "10", "botnet": "7676", "capture_window_title?(CRC_KEYLOGLIST)": "notepad, iexplore, chrome, firefox, terminal, mstsc, edge", "SetWaitableTimer_value": "60"}]Yara Overview |
|---|
Memory Dumps |
|---|
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_AntiVM_3 | Yara detected AntiVM_3 | Joe Security | ||
| JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
| JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
| JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
| JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
| Click to see the 7 entries | ||||
Sigma Overview |
|---|
| No Sigma rule has matched |
|---|
Signature Overview |
|---|
Click to jump to signature section
Show All Signature Results
AV Detection: |   |
|---|
| Found malware configuration | Show sources | ||
| Source: | Malware Configuration Extractor: | ||
| Multi AV Scanner detection for submitted file | Show sources | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | Metadefender: | Perma Link | ||
| Source: | ReversingLabs: | |||
| Source: | Avira: | ||
| Source: | Avira: | ||
| Source: | Static PE information: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Static PE information: | ||
Networking: | |
|---|
| Performs DNS queries to domains with low reputation | Show sources | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | ASN Name: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | DNS traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
Key, Mouse, Clipboard, Microphone and Screen Capturing: | |
|---|
| Yara detected Ursnif | Show sources | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | Binary or memory string: | ||
E-Banking Fraud: | |
|---|
| Yara detected Ursnif | Show sources | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
System Summary: | |
|---|
| Writes or reads registry keys via WMI | Show sources | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Writes registry values via WMI | Show sources | ||
| Source: | WMI Registry write: | ||
| Source: | WMI Registry write: | ||
| Source: | WMI Registry write: | ||
| Source: | WMI Registry write: | ||
| Source: | WMI Registry write: | ||
| Source: | WMI Registry write: | ||
| Source: | WMI Registry write: | ||
| Source: | WMI Registry write: | ||
| Source: | Code function: | 4_2_004015F8 | |
| Source: | Code function: | 4_2_00401179 | |
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Classification label: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Virustotal: | ||
| Source: | Metadefender: | ||
| Source: | ReversingLabs: | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Window detected: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | Static file information: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 4_2_00401303 | |
| Source: | Code function: | 0_2_006B7350 | |
| Source: | Code function: | 4_2_005E7350 | |
| Source: | Static PE information: | ||
Hooking and other Techniques for Hiding and Protection: | |
|---|
| Yara detected Ursnif | Show sources | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Hooks registry keys query functions (used to hide registry keys) | Show sources | ||
| Source: | IAT, EAT, inline or SSDT hook detected: | ||
| Modifies the export address table of user mode modules (user mode EAT hooks) | Show sources | ||
| Source: | IAT of a user mode module has changed: | ||
| Modifies the import address table of user mode modules (user mode IAT hooks) | Show sources | ||
| Source: | EAT of a user mode module has changed: | ||
| Modifies the prolog of user mode functions (user mode inline hooks) | Show sources | ||
| Source: | User mode code has changed: | ||
| Source: | Registry key monitored for changes: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
Malware Analysis System Evasion: | |
|---|
| Yara detected AntiVM3 | Show sources | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) | Show sources | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Process information queried: | Jump to behavior | ||
| Source: | Code function: | 4_2_00401303 | |
| Source: | Memory allocated: | Jump to behavior | ||
HIPS / PFW / Operating System Protection Evasion: | |
|---|
| Injects a PE file into a foreign processes | Show sources | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Code function: | 4_2_0040140E | |
| Source: | Code function: | 4_2_00401AFF | |
| Source: | Key value queried: | Jump to behavior | ||
Stealing of Sensitive Information: | |
|---|
| Yara detected Ursnif | Show sources | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
Remote Access Functionality: | |
|---|
| Yara detected Ursnif | Show sources | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
Mitre Att&ck Matrix |
|---|
| Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Valid Accounts | Windows Management Instrumentation2 | Path Interception | Process Injection112 | Rootkit4 | Credential API Hooking3 | System Time Discovery1 | Remote Services | Credential API Hooking3 | Exfiltration Over Other Network Medium | Ingress Tool Transfer1 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
| Default Accounts | Command and Scripting Interpreter1 | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Masquerading1 | Input Capture1 | Query Registry1 | Remote Desktop Protocol | Input Capture1 | Exfiltration Over Bluetooth | Non-Application Layer Protocol2 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
| Domain Accounts | Native API1 | Logon Script (Windows) | Logon Script (Windows) | Disable or Modify Tools1 | Security Account Manager | Security Software Discovery11 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Application Layer Protocol2 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
| Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Virtualization/Sandbox Evasion21 | NTDS | Process Discovery2 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Protocol Impersonation | SIM Card Swap | Carrier Billing Fraud | |
| Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Process Injection112 | LSA Secrets | Virtualization/Sandbox Evasion21 | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
| Replication Through Removable Media | Launchd | Rc.common | Rc.common | Obfuscated Files or Information2 | Cached Domain Credentials | File and Directory Discovery1 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
| External Remote Services | Scheduled Task | Startup Items | Startup Items | Software Packing3 | DCSync | System Information Discovery14 | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact |
Behavior Graph |
|---|
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetScreenshots |
|---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
|---|
Initial Sample |
|---|
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 46% | Virustotal | Browse | ||
| 19% | Metadefender | Browse | ||
| 31% | ReversingLabs | ByteCode-MSIL.Trojan.AgentTesla |
Dropped Files |
|---|
| No Antivirus matches |
|---|
Unpacked PE Files |
|---|
| Source | Detection | Scanner | Label | Link | Download |
|---|---|---|---|---|---|
| 100% | Avira | TR/Crypt.ZPACK.Gen | Download File | ||
| 100% | Avira | HEUR/AGEN.1108168 | Download File | ||
| 100% | Avira | TR/Patched.Ren.Gen4 | Download File |
Domains |
|---|
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | Virustotal | Browse | ||
| 0% | Virustotal | Browse | ||
| 0% | Virustotal | Browse |
URLs |
|---|
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | Avira URL Cloud | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe |
Domains and IPs |
|---|
Contacted Domains |
|---|
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| 2q7mfx2.xyz | 142.93.7.187 | true | true |
| unknown |
| resolver1.opendns.com | 208.67.222.222 | true | false | high | |
| 1.0.0.127.in-addr.arpa | unknown | unknown | false |
| unknown |
| 8.8.8.8.in-addr.arpa | unknown | unknown | false |
| unknown |
Contacted URLs |
|---|
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| false |
| unknown | |
| false |
| unknown | |
| false |
| unknown | |
| false |
| unknown |
URLs from Memory and Binaries |
|---|
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false | high |
Contacted IPs |
|---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
|---|
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 142.93.7.187 | 2q7mfx2.xyz | United States | 14061 | DIGITALOCEAN-ASNUS | true |
General Information |
|---|
| Joe Sandbox Version: | 31.0.0 Emerald |
| Analysis ID: | 385479 |
| Start date: | 12.04.2021 |
| Start time: | 15:22:17 |
| Joe Sandbox Product: | CloudBasic |
| Overall analysis duration: | 0h 8m 47s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Sample file name: | a.exe |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
| Number of analysed new started processes analysed: | 38 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Detection: | MAL |
| Classification: | mal100.troj.evad.winEXE@14/37@6/1 |
| EGA Information: | Failed |
| HDC Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
| Warnings: | Show All
|
Simulations |
|---|
Behavior and APIs |
|---|
| Time | Type | Description |
|---|---|---|
| 15:23:19 | API Interceptor |
Joe Sandbox View / Context |
|---|
IPs |
|---|
| No context |
|---|
Domains |
|---|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
|---|---|---|---|---|---|
| resolver1.opendns.com | Get hash | malicious | Browse |
| |
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
|
ASN |
|---|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
|---|---|---|---|---|---|
| DIGITALOCEAN-ASNUS | Get hash | malicious | Browse |
| |
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
|
JA3 Fingerprints |
|---|
| No context |
|---|
Dropped Files |
|---|
| No context |
|---|
Created / dropped Files |
|---|
| Process: | C:\Users\user\Desktop\a.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1216 |
| Entropy (8bit): | 5.355304211458859 |
| Encrypted: | false |
| SSDEEP: | 24:MLUE4K5E4Ks2E1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4x84j:MIHK5HKXE1qHiYHKhQnoPtHoxHhAHKzr |
| MD5: | FED34146BF2F2FA59DCF8702FCC8232E |
| SHA1: | B03BFEA175989D989850CF06FE5E7BBF56EAA00A |
| SHA-256: | 123BE4E3590609A008E85501243AF5BC53FA0C26C82A92881B8879524F8C0D5C |
| SHA-512: | 1CC89F2ED1DBD70628FA1DC41A32BA0BFA3E81EAE1A1CF3C5F6A48F2DA0BF1F21A5001B8A18B04043C5B8FE4FBE663068D86AA8C4BD8E17933F75687C3178FF6 |
| Malicious: | true |
| Reputation: | high, very likely benign file |
| Preview: |
|
| Process: | C:\Program Files\internet explorer\iexplore.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 29272 |
| Entropy (8bit): | 1.7791572136811602 |
| Encrypted: | false |
| SSDEEP: | 48:IweGcprnGwpLk9G/ap8kVGIpckF0GvnZpvkF4Gooqp9kFEWGo4xpmkFnGW2G9GWZ:rCZxZk52kXWkF9tkFUfkFsxMkFdkkumB |
| MD5: | 3A52BE236B6B342ED6E51DCE945FA1CE |
| SHA1: | 23CE836FCF6D8844E79564840B151E31C000D49D |
| SHA-256: | 6158F823A7AA85AEFBAE170B888CDD4120B89589C3B04408E3BF17FC7C7E428D |
| SHA-512: | A0832870E572CB72E6E99E430640CD345AACF6545A5C8C8257AE2C182A059E269C0E8EC2A0AD4C33F777E747F794E9CFACF1574943C21B3380CACC2E4E0B5486 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
|
| Process: | C:\Program Files\internet explorer\iexplore.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 71784 |
| Entropy (8bit): | 2.0462565138176716 |
| Encrypted: | false |
| SSDEEP: | 192:rSZpZw2nWut3fFxM1lHt/sMt1NsWQZbzRsEtDODrfp:rO/nWOPIfNk40BbWQGfp |
| MD5: | 2260DAD92544072244868E489FB34DB9 |
| SHA1: | 3124D173E749643C1D5AA834DB7F8DDA541EBD8B |
| SHA-256: | CBB2EC98E72C52BF489ED5278322874F85334CF35FD4DFF111B9758BF6B62DB5 |
| SHA-512: | 137A4C6C297623B82CA6A9CF495F8835343FAE6E847D337159548CAE87453208BBEBF1567333442B6C3B663DA277771E0923AE6724E0C2AD799464C177FC4628 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
|
| Process: | C:\Program Files\internet explorer\iexplore.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 27380 |
| Entropy (8bit): | 1.84595127048021 |
| Encrypted: | false |
| SSDEEP: | 96:rtZaQq68BShjN25WSM+WiydalIBhxiydalIBLA:rtZaQq68khjN25WSM+WiHchxiHcLA |
| MD5: | E9163B2AE7B15B237A167FC198DE5641 |
| SHA1: | ACFDB46751B4CF1B75A3D6C084A779ADF7B0BE9B |
| SHA-256: | ADBB426A2EBE81808897B9DEAF2F52988CA933FFBA39831AFAFA98073EFEDB4C |
| SHA-512: | 0EACE6B67C22CE43E05FBB5DABEBD304B90A77D56732476F93C02C24380AE63F5193687DD68FBB2D24DDC8354A407AAF66DC0AF685CF5B214D8D31D46F2B9BD4 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
|
| Process: | C:\Program Files\internet explorer\iexplore.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 27372 |
| Entropy (8bit): | 1.8411793585877265 |
| Encrypted: | false |
| SSDEEP: | 48:IwNGcproGwpacG4pQMGrapbSfGQpByGHHpccTGUp8RGzYpmrxGopch/tiXubGw4q:rTZwQ86KBSJjJ2UWfMf+GXtxGX4zA |
| MD5: | 5C933E422E4D05693D6F892E4D6B27EC |
| SHA1: | 1EA59403C943FFB2C1576C1F5318AEF6A5A33E44 |
| SHA-256: | 705CD2D5F7AED685D8090014E2CA1BBF59B8E8427D501E4E4324206FCAA3764C |
| SHA-512: | 7EE3C2DABF3D4A1077C58700BF62FCA4495CA5B5E3B7BDCDCD91B7D2D5B9EA094CD1D3AFA6A1FB15C10C8857C2741F53B4016B69F52BCA50225CDED275365AFC |
| Malicious: | false |
| Reputation: | low |
| Preview: |
|
| Process: | C:\Program Files\internet explorer\iexplore.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 27380 |
| Entropy (8bit): | 1.8482883646521673 |
| Encrypted: | false |
| SSDEEP: | 96:rwZHQ76tBSbjB25WlM4Wz7PvUwoF08xz7PvUwoF0m7PvUdA:rwZHQ76tkbjB25WlM4WnkF08xnkF0UoA |
| MD5: | 097FC8EEADA8DD01DAEC6C462A31DD35 |
| SHA1: | 46F1B7583CC86AAB9395B1FAEC946D1658BB848E |
| SHA-256: | 25C296ADBF630517DDD009DE945AB0F22F1D618445E49B710579A2CF28CF300E |
| SHA-512: | 9C50F30F128187F3D6BB9237AD905014FE4F5B507C4A99676E16B84416597D41C13BB11F3E8A7C7134D1559A21021629C3266F30F91D36DAD594393CCAE587B3 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
|
| Process: | C:\Program Files\internet explorer\iexplore.exe |
| File Type: | |
| Category: | modified |
| Size (bytes): | 27400 |
| Entropy (8bit): | 1.8512199349283107 |
| Encrypted: | false |
| SSDEEP: | 192:rtZS7Q66rkCjp2FWdMZCHjJUuxHjJUXjHA:rDSUlw84cuMtTtv |
| MD5: | A60BDB9CE0572FB572173F9286057CC6 |
| SHA1: | 646547C9026FADE61A6BFDF3AC88C95537EDFB3A |
| SHA-256: | 5400AF4183D85C04D3C66185EC8E6D4EEC28824743C0EEDABD3B4488FC278A4E |
| SHA-512: | D14C2397EAA0DD1E31339BF24757491AE2F1E9CBD2F7ADCE8B67332E4F602AB2912702DE6480ABD978645F08F576109671B381F65841CE275B52F3D9A611F1B4 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
|
| Process: | C:\Program Files\internet explorer\iexplore.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 656 |
| Entropy (8bit): | 5.072068705558107 |
| Encrypted: | false |
| SSDEEP: | 12:TMHdNMNxOEwn+NnWimI002EtM3MHdNMNxOEwn+NnWimI00ObVbkEtMb:2d6NxOQNSZHKd6NxOQNSZ76b |
| MD5: | 104EA9756A37CE24C209ABE77B98F3A5 |
| SHA1: | FCC6FFC3D5FBF4AA530D5AB41F1CD90DF88CD730 |
| SHA-256: | F72E3179F8A5F64112306C8EBAA3DFA6E6FEAE8916CBC9AD56C69FD30616A7D5 |
| SHA-512: | 4BAB80F61EE5BA4932899F20326C4C9B02064578CBF5BB7140A601C6968E02B8C489B41A1779BE61C47A60E8EB4FBF8A78598E5A474D1BDB4109BE8994DAC224 |
| Malicious: | false |
| Preview: |
|
| Process: | C:\Program Files\internet explorer\iexplore.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 653 |
| Entropy (8bit): | 5.1106973961329505 |
| Encrypted: | false |
| SSDEEP: | 12:TMHdNMNxe2kmN+NnWimI002EtM3MHdNMNxe2kmjVCNnWimI00Obkak6EtMb:2d6Nxr/N+NSZHKd6Nxr/jINSZ7Aa7b |
| MD5: | A3890CF386C48AFBFF0CCDDBCC18FC78 |
| SHA1: | FE7D07A2C1859452C0A6F1BE56D9C3A9B4F0016C |
| SHA-256: | 207BDEC62E8237E33327B55531D9B038CA4BFA8A64C7BE613F09E69EAD4F0284 |
| SHA-512: | BF00621DFF303A2B3C196AD96A07E754F318CBF48447CCC6F292EE9B2A2C4C58DF0DCF2C489BBCE7A82FC758010A31B4674933432AE9994BEF35F9B66B04CEC8 |
| Malicious: | false |
| Preview: |
|
| Process: | C:\Program Files\internet explorer\iexplore.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 662 |
| Entropy (8bit): | 5.09065647313195 |
| Encrypted: | false |
| SSDEEP: | 12:TMHdNMNxvLwn+NnWimI002EtM3MHdNMNxvLwn+NnWimI00ObmZEtMb:2d6Nxv5NSZHKd6Nxv5NSZ7mb |
| MD5: | C6783F79FC2C7C093739362FBC19AD58 |
| SHA1: | 95CF3A457071FD9500752349BBE23E5F79F86486 |
| SHA-256: | 19A3E1563758AEAFBE82DC46F4E8877F3948D0CE8E5BAFE9C1B70D27E92CA9BD |
| SHA-512: | 95893B060D037DFDD18888BCCA8C63D5BFE466D78EC954E69910A508BFCB5FC02F92393FB06181C64F1DDE11BA329C79A23253AA6ABE98E13D784F98D94111ED |
| Malicious: | false |
| Preview: |
|
| Process: | C:\Program Files\internet explorer\iexplore.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 647 |
| Entropy (8bit): | 5.0730429585372505 |
| Encrypted: | false |
| SSDEEP: | 12:TMHdNMNxiToCNnWimI002EtM3MHdNMNxiToCNnWimI00Obd5EtMb:2d6Nx8NSZHKd6Nx8NSZ7Jjb |
| MD5: | FD02998C22261C6B189F2CD8BB716682 |
| SHA1: | C780C96F5FC30738892BA31E040A04E845C3883F |
| SHA-256: | DAFFD1D4A7296FADEE934437AF3C15FDB866BBB2F6C70799E07BC3A11EFF25E1 |
| SHA-512: | FD33F6197FF1D685FC6232D054A188603DB2902A44EC224AA0FA19E28D70709CF27B79D6DB2EC0E2DB808E950AC980E3CBE920DE1D592A0BA097501F13ED1153 |
| Malicious: | false |
| Preview: |
|
| Process: | C:\Program Files\internet explorer\iexplore.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 656 |
| Entropy (8bit): | 5.104107694083284 |
| Encrypted: | false |
| SSDEEP: | 12:TMHdNMNxhGwnx+xYNnWimI002EtM3MHdNMNxhGwnx+xYNnWimI00Ob8K075EtMb:2d6NxQGNSZHKd6NxQGNSZ7YKajb |
| MD5: | FEFACF8DC8E0F5BD4BD693A79A676BC9 |
| SHA1: | 004B7037005FED294B5B35F2F7F1C5AB310F5529 |
| SHA-256: | 994BD02B6D29BF113359853BC88C438BAECE65FD6BD584706339825857148621 |
| SHA-512: | 4FD75B2FECE4E5154829AEB5D6FF9D9E8ECC6E3F809B3410D1BB9478C3F89BB4A295F84A7B2D64DC9D33A239B5D6E9AF31974526AB678BF594A740DE1D11F580 |
| Malicious: | false |
| Preview: |
|
| Process: | C:\Program Files\internet explorer\iexplore.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 653 |
| Entropy (8bit): | 5.075137191538691 |
| Encrypted: | false |
| SSDEEP: | 12:TMHdNMNx0nwn+NnWimI002EtM3MHdNMNx0nwn+NnWimI00ObxEtMb:2d6Nx0tNSZHKd6Nx0tNSZ7nb |
| MD5: | 9182047FE1AD40E359EC65E81BEEB6DE |
| SHA1: | FA4F828D0C3F346E54665A7411ED5C7AEC11D9FC |
| SHA-256: | 06452FCBE9F3F0949CDBCEA9D5A10D90BC27B39AC78458ABC2BE115A42F55381 |
| SHA-512: | 7A71E42780068083730709D6C347736EF722BEB44B7BF20BDC9B19AD4BF23BA4846D3BC72460B51910A5FD98E6AC1BB6A2F5803ADB6CD0FC4AC8C0F08D3647D5 |
| Malicious: | false |
| Preview: |
|
| Process: | C:\Program Files\internet explorer\iexplore.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 656 |
| Entropy (8bit): | 5.09821601153262 |
| Encrypted: | false |
| SSDEEP: | 12:TMHdNMNxxToCNnWimI002EtM3MHdNMNxxToCNnWimI00Ob6Kq5EtMb:2d6Nx1NSZHKd6Nx1NSZ7ob |
| MD5: | B63D3515E361EC45FA7A2DC40E01A2E9 |
| SHA1: | 0D2DA8B3216B435FEA5BC0F77B1678213DDB45C4 |
| SHA-256: | 05B68CD384A5578FF167A7BD6EEB6DF99772D8E6D96126FC9AF070E2FC4C1A54 |
| SHA-512: | 34633B0D4065F910EE3BC407A2CDDE205E924F5025F5FD131913F9915AEDD4BA9C1C2E0CEA74FEA5F60104BDEF5F823604DAD6008489D30C89B3F9201DBF0261 |
| Malicious: | false |
| Preview: |
|
| Process: | C:\Program Files\internet explorer\iexplore.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 659 |
| Entropy (8bit): | 5.064753423680847 |
| Encrypted: | false |
| SSDEEP: | 12:TMHdNMNxcxpBNnWimI002EtM3MHdNMNxcxpBNnWimI00ObVEtMb:2d6Nx4NSZHKd6Nx4NSZ7Db |
| MD5: | 40A5818F11F5D8FFA5187812F7958082 |
| SHA1: | 34ED6B6CEA9E17223E294C1F4B3B1D24EB648845 |
| SHA-256: | 11343298EAB949A86764BE7AFCE8AA5A8E342641C9F7D3D5FD28D7B2737F2391 |
| SHA-512: | 65BD43CDF24FA7AB4E78DB4AD5BE9F48F54E14FC4B0BB90AEC95892A989667BE4F9D7533AB4C83A5D7F8D048B2A6AA87108DA587ECEDA0B67D2A3D1EEFF2C9F4 |
| Malicious: | false |
| Preview: |
|
| Process: | C:\Program Files\internet explorer\iexplore.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 653 |
| Entropy (8bit): | 5.05905642409462 |
| Encrypted: | false |
| SSDEEP: | 12:TMHdNMNxfnToCNnWimI002EtM3MHdNMNxfnToCNnWimI00Obe5EtMb:2d6NxPNSZHKd6NxPNSZ7ijb |
| MD5: | EBB9B026838431F21584ECA99905F355 |
| SHA1: | 31D69AFA1E195294CD7E7DC2C5B955908A0AAB44 |
| SHA-256: | D332E45F4AB77AB12E74BED8E225123A276693E5D92D2B3F7458A68EEFCCA373 |
| SHA-512: | A18A1B6E333A055E756659A77DB0493B000BA4F5CC5F0E8AD6F2EE29FD125ECA0E1497829FDE7D3B39096A05BC50D9C72792349D070B0FC04CA4B7F06ECB6665 |
| Malicious: | false |
| Preview: |
|
| Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 5640 |
| Entropy (8bit): | 4.1265870418243935 |
| Encrypted: | false |
| SSDEEP: | 96:c0aWBQm5zDlvV2rkG4zuAZMXJFG62q7mQT:cCBZ5zZ0IG46AaXJFG6v7mW |
| MD5: | F8299DB9AE12D225CE908F04E23EA5FD |
| SHA1: | 2D42D9AB1C3A86D2B6791A08C4B405D2D44D88B0 |
| SHA-256: | A22B096359F4B27E7F6D21AB950ACE3536B279F4DF78FD181172E4542F690C5E |
| SHA-512: | 00634F0D8EDD9E93BCBBB0A6B22A6C3948CBA1E69600008DEDCD20266A3C6A5F2C001036651BB3081B0A7F331572046F13BE8F4C7507212F557AE8140A8F2C29 |
| Malicious: | false |
| Preview: |
|
| Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 295680 |
| Entropy (8bit): | 5.999838219242012 |
| Encrypted: | false |
| SSDEEP: | 6144:ssOrYIRRX/tITapfIocFNVmmsiRWaqgb9SCEIYd:s1cILmTapZlmBvPICYd |
| MD5: | 34949583D1A13C7274DB206072CB036B |
| SHA1: | B98EDF13C8BCB184B772B7273A3F4E39A8D2CBBE |
| SHA-256: | E062F92191A2EADD3DC9F4A9592820430830071E4E185210F314A0A41B6565D4 |
| SHA-512: | EE1DCCBE7804407FCAE112F3D94DA64D1E39716D15537370F9A2A4E782109238F54F4468E0E40BE9EC5C564B49B107767CF099D746568756729881AA7447FE3A |
| Malicious: | false |
| Preview: |
|
| Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2480 |
| Entropy (8bit): | 5.976543235649517 |
| Encrypted: | false |
| SSDEEP: | 48:BqdSyvgPpigpNpFoa5UKXDLYTPuBTkv6pb9xdjF0OaHs8CZD:0DwpNpFb5UKXDLYTakvKfdj+pED |
| MD5: | 991597F4F6A721FEC09222FE9072765F |
| SHA1: | DAF979C636308196196CD15F700FCB6D33E9F5DB |
| SHA-256: | A1306CD411F6DDAD5523C1AEBA5049FF58196AC76557B1BFAFE8BE9DC2893D70 |
| SHA-512: | E7DBBFB6D4962B12409D24A8E91DA9A4C94B2ECD35BFEDC893340589BA83840BCEBEA45E0B933AC38C99EDCFDF3596BF6944ED1F977B8D4321F3E60901A7B596 |
| Malicious: | false |
| Preview: |
|
| Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 4720 |
| Entropy (8bit): | 5.164796203267696 |
| Encrypted: | false |
| SSDEEP: | 96:z9UUiqRxqH211CUIRgRLnRynjZbRXkRPRk6C87Apsat/5/+mhPcF+5g+mOQb7A9o:JsUOG1yNlX6ZzWpHOWLia16Cb7bk |
| MD5: | D65EC06F21C379C87040B83CC1ABAC6B |
| SHA1: | 208D0A0BB775661758394BE7E4AFB18357E46C8B |
| SHA-256: | A1270E90CEA31B46432EC44731BF4400D22B38EB2855326BF934FE8F1B169A4F |
| SHA-512: | 8A166D26B49A5D95AEA49BC649E5EA58786A2191F4D2ADAC6F5FBB7523940CE4482D6A2502AA870A931224F215CB2010A8C9B99A2C1820150E4D365CAB28299E |
| Malicious: | false |
| IE Cache URL: | res://ieframe.dll/errorPageStrings.js |
| Preview: |
|
| Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 232892 |
| Entropy (8bit): | 5.999794384299331 |
| Encrypted: | false |
| SSDEEP: | 6144:nIFOOm/lCwt+UtT0poYFtDGen+Cka4z3xNx7POOtXOCed:nIFOF/h75ooYr7nVka4/JO4+C8 |
| MD5: | E67BEC1196B42DDCF081B749F65E9AEA |
| SHA1: | F2608D77DEE635179828DA3A3DFB55679EA3C173 |
| SHA-256: | A44F94C2F8C5D548B24E4AE11DCB417E099034D8D936D1031EE90655F3B44948 |
| SHA-512: | B2A21051EAC20CC1AD59CE083299DBEE32DBA00412E079AC9A40B0666695A794EC1687482D60156FFBD03718EF14ACDFE0B4730D05B0235AE2563E2DBB8DFC6F |
| Malicious: | false |
| Preview: |
|
| Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 1612 |
| Entropy (8bit): | 4.869554560514657 |
| Encrypted: | false |
| SSDEEP: | 24:5Y0bQ573pHpACtUZtJD0lFBopZleqw87xTe4D8FaFJ/Doz9AtjJgbCzg:5m73jcJqQep89TEw7Uxkk |
| MD5: | DFEABDE84792228093A5A270352395B6 |
| SHA1: | E41258C9576721025926326F76063C2305586F76 |
| SHA-256: | 77B138AB5D0A90FF04648C26ADDD5E414CC178165E3B54A4CB3739DA0F58E075 |
| SHA-512: | E256F603E67335151BB709294749794E2E3085F4063C623461A0B3DECBCCA8E620807B707EC9BCBE36DCD7D639C55753DA0495BE85B4AE5FB6BFC52AB4B284FD |
| Malicious: | false |
| IE Cache URL: | res://ieframe.dll/NewErrorPageTemplate.css |
| Preview: |
|
| Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 5430 |
| Entropy (8bit): | 4.0126861171462025 |
| Encrypted: | false |
| SSDEEP: | 96:n0aWBDm5zDlvV2rkG4zuAZMXJFG62q7mQ:nCBy5zZ0IG46AaXJFG6v7m |
| MD5: | F74755B4757448D71FDCB4650A701816 |
| SHA1: | 0BCBE73D6A198F6E5EBAFA035B734A12809CEFA6 |
| SHA-256: | E78286D0F5DFA2C85615D11845D1B29B0BFEC227BC077E74CB1FF98CE8DF4C5A |
| SHA-512: | E0FB5F740D67366106E80CBF22F1DA3CF1D236FE11F469B665236EC8F7C08DEA86C21EC8F8E66FC61493D6A8F4785292CE911D38982DBFA7F5F51DADEBCC8725 |
| Malicious: | false |
| IE Cache URL: | http://2q7mfx2.xyz/favicon.ico |
| Preview: |
|
| Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 12105 |
| Entropy (8bit): | 5.451485481468043 |
| Encrypted: | false |
| SSDEEP: | 192:x20iniOciwd1BtvjrG8tAGGGVWnvyJVUrUiki3ayimi5ezLCvJG1gwm3z:xPini/i+1Btvjy815ZVUwiki3ayimi5f |
| MD5: | 9234071287E637F85D721463C488704C |
| SHA1: | CCA09B1E0FBA38BA29D3972ED8DCECEFDEF8C152 |
| SHA-256: | 65CC039890C7CEB927CE40F6F199D74E49B8058C3F8A6E22E8F916AD90EA8649 |
| SHA-512: | 87D691987E7A2F69AD8605F35F94241AB7E68AD4F55AD384F1F0D40DC59FFD1432C758123661EE39443D624C881B01DCD228A67AFB8700FE5E66FC794A6C0384 |
| Malicious: | false |
| IE Cache URL: | res://ieframe.dll/httpErrorPagesScripts.js |
| Preview: |
|
| Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 2997 |
| Entropy (8bit): | 4.4885437940628465 |
| Encrypted: | false |
| SSDEEP: | 48:u7u5V4VyhhV2lFUW29vj0RkpNc7KpAP8Rra:vIlJ6G7Ao8Ra |
| MD5: | 2DC61EB461DA1436F5D22BCE51425660 |
| SHA1: | E1B79BCAB0F073868079D807FAEC669596DC46C1 |
| SHA-256: | ACDEB4966289B6CE46ECC879531F85E9C6F94B718AAB521D38E2E00F7F7F7993 |
| SHA-512: | A88BECB4FBDDC5AFC55E4DC0135AF714A3EEC4A63810AE5A989F2CECB824A686165D3CEDB8CBD8F35C7E5B9F4136C29DEA32736AABB451FE8088B978B493AC6D |
| Malicious: | false |
| IE Cache URL: | res://ieframe.dll/dnserror.htm?ErrorStatus=0x800C0005&DNSError=9003 |
| Preview: |
|
| Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 748 |
| Entropy (8bit): | 7.249606135668305 |
| Encrypted: | false |
| SSDEEP: | 12:6v/7/2QeZ7HVJ6o6yiq1p4tSQfAVFcm6R2HkZuU4fB4CsY4NJlrvMezoW2uONroc:GeZ6oLiqkbDuU4fqzTrvMeBBlE |
| MD5: | C4F558C4C8B56858F15C09037CD6625A |
| SHA1: | EE497CC061D6A7A59BB66DEFEA65F9A8145BA240 |
| SHA-256: | 39E7DE847C9F731EAA72338AD9053217B957859DE27B50B6474EC42971530781 |
| SHA-512: | D60353D3FBEA2992D96795BA30B20727B022B9164B2094B922921D33CA7CE1634713693AC191F8F5708954544F7648F4840BCD5B62CB6A032EF292A8B0E52A44 |
| Malicious: | false |
| IE Cache URL: | res://ieframe.dll/down.png |
| Preview: |
|
| Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
| File Type: | |
| Category: | modified |
| Size (bytes): | 89 |
| Entropy (8bit): | 4.404363038876712 |
| Encrypted: | false |
| SSDEEP: | 3:oVXU1IGSl5W8JOGXnE1IGSlXun:o9UuG6sqEuG6e |
| MD5: | F7132E2A4581FD2A66ABEC8596CD904F |
| SHA1: | A6B9C948622C9535880FF67064B24D60BBD0CB5B |
| SHA-256: | 172BCA8C8E6BF40480AE4800EF3A6C91F45C499E80E30E4743D0F0F362A43C51 |
| SHA-512: | B086397C66F1CB4779C65861241BFFCDCE3314BE38AA6759184C3D6486D9C1DA01EF58648ACD7B2FEA4C8B744A195D6846A20A5602FD8F1C479DC00516D80E66 |
| Malicious: | false |
| Preview: |
|
| Process: | C:\Program Files\internet explorer\iexplore.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 12933 |
| Entropy (8bit): | 0.4119836537037507 |
| Encrypted: | false |
| SSDEEP: | 24:c9lLh9lLh9lIn9lIn9loksF9lokM9lWk+KaRKI:kBqoIkHkhkFawI |
| MD5: | E7304731218D0A21816902154E3A2862 |
| SHA1: | 3652095508BF24BF22040BB354D7AE5DB5997C35 |
| SHA-256: | DE6D3D72BD433288B6E4FC0A3EF5472E2F3DB44C66F6BE678AEE6CB57B0DB307 |
| SHA-512: | 34ED0BD457BA81D46A89EAC9EB2BAE0781C15166155E6A942DB9FE871D60C9970127F1F30A943B1FF87BC32424891DC979F6B46FAD33F9A3EBBBBBF82863358C |
| Malicious: | false |
| Preview: |
|
| Process: | C:\Program Files\internet explorer\iexplore.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 39697 |
| Entropy (8bit): | 0.5816249520286889 |
| Encrypted: | false |
| SSDEEP: | 96:kBqoxKAuvScS+rl3elfHjJUEHjJUUHjJUV:kBqoxKAuqR+rl3elfHjJUEHjJUUHjJUV |
| MD5: | D1CA8C84A39C0131E5F002D81E55E99D |
| SHA1: | 4F117FD477FA721888F7AB96CEC30FD10ADAFAC6 |
| SHA-256: | 07CD6F74BB27322D1E975659A69FB56B1A46D6827FDD432D20D91ED25C508FC3 |
| SHA-512: | 767C26DDEA4935E3BA343D41A1CA14E7EF7FB9FAA12EC911478651777B6E10A7A470747DECCA5DBAD19073D82074E6AB7224C0B42B35560C55A2598F836BECBD |
| Malicious: | false |
| Preview: |
|
| Process: | C:\Program Files\internet explorer\iexplore.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 39657 |
| Entropy (8bit): | 0.5741968145122208 |
| Encrypted: | false |
| SSDEEP: | 96:kBqoxKAuvScS+NTRwz1iydalIBgiydalIB8iydalIBV:kBqoxKAuqR+NTRwz1iHcgiHc8iHcV |
| MD5: | B79CEA388C876E77DD717E2B99C69E95 |
| SHA1: | 3474C496DE60A1C287D1FDD69DAC32018A796482 |
| SHA-256: | 5DB3920463679492559C84D18E95F272019BBECAC7C7528777FE3F4D91B91A9B |
| SHA-512: | CCC83B679F1FA2D0D23BDD79AA4500447EC628E87BA6913AFE9109F735A28BE8C0BC37A0B02A57A8D59E9306142DD564EE56B2008B30680B00E587CBE2EE4E82 |
| Malicious: | false |
| Preview: |
|
| Process: | C:\Program Files\internet explorer\iexplore.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 39641 |
| Entropy (8bit): | 0.5694116611230048 |
| Encrypted: | false |
| SSDEEP: | 48:kBqoxKAuvScS+iEOnrIrih/tiXIh/tiX8h/tiXV:kBqoxKAuvScS+iEOnUmGXIGX8GXV |
| MD5: | 2B13179292292C769EBAD6871EB13664 |
| SHA1: | D309B7A9458FB58599BD55F21BFE208574388FC7 |
| SHA-256: | B792AC45DFCC7E71416650144D5DE6CB426441650D68344ADA08739789A0B43A |
| SHA-512: | 9C50AF6BD96999F994105B3AA54CE41095B1021ED36F191CF888D45560A6604EEB77DD30AEA7A1B7C68C0462CC1952046A79C304EA34A8C5ED8C7DF0E9C91FE2 |
| Malicious: | false |
| Preview: |
|
| Process: | C:\Program Files\internet explorer\iexplore.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 13269 |
| Entropy (8bit): | 0.61455347003618 |
| Encrypted: | false |
| SSDEEP: | 24:c9lLh9lLh9lIn9lIn9loMHF9loMF9lWMwGILbdxazsoZ:kBqoIMOMwMwDLSww |
| MD5: | 6760E270CB99A210BAB4DD00A16BF912 |
| SHA1: | 9D3E1A5CFA4F6CA45C93548F814489737AEC9E55 |
| SHA-256: | D2ED9F6E353CA1294C6C036BEC21EC635CC307DF36BC877F0BADF0115F3C5B78 |
| SHA-512: | 1AA0284E70622F28161DDEF0A65277D781F6B184222F5D48D382EBF4996400AC223C46852179108642230184F66AC21817EAFC10F58B94B55B89EC1EF2D9C13E |
| Malicious: | false |
| Preview: |
|
| Process: | C:\Program Files\internet explorer\iexplore.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 39657 |
| Entropy (8bit): | 0.5751583597524867 |
| Encrypted: | false |
| SSDEEP: | 96:kBqoxKAuvScS+yU+Xk+z7PvUwoF0gz7PvUwoF08z7PvUwoF0V:kBqoxKAuqR+yU+Xk+nkF0gnkF08nkF0V |
| MD5: | 9B186DBB32A4354DDF22BAECDF97D9B3 |
| SHA1: | 7FF158EED342DD310BABC2169132E7F75456D283 |
| SHA-256: | B38E5E4EA9554C1E1A99B6B209C5A5C4A41B297D4180DAECB80D4A5A726BEC07 |
| SHA-512: | F47572142C483BB0A7283B99E077E8CE42A02B1379927EF1B1DDB7F2A0AB573A96DD5A971E4A8BF9D82A4A58AAFDDD6DEBDB5EC53F5D500FC9EFF53B70B17684 |
| Malicious: | false |
| Preview: |
|
Static File Info |
|---|
General | |
|---|---|
| File type: | |
| Entropy (8bit): | 7.5732728241196945 |
| TrID: |
|
| File name: | a.exe |
| File size: | 1878352 |
| MD5: | 6321729b9f33fea55483fbb3792c611b |
| SHA1: | 816ad37e36a68f89ab2ca4fea4f83879caeb6586 |
| SHA256: | 369cfe293c93b001240bdee35859037c7513ceef781c8174938d0650c9e5575d |
| SHA512: | 12fed64d4b9eb2e409845f5c681df1427667880374743b1c3c873c72a361b2bf486249286fde6fca881a9c3ce064aea71d36e3c0789fce4f194f98b8e8930f7e |
| SSDEEP: | 49152:bYLlc5NGbPDu/xkxyuS2N3Qz0f9qqgdaE5LUSJpYnY/:IIE/u2YuSCQz0VqqadHDYnY/ |
| File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...H.o`................................. ........@.. ....................................@................................ |
File Icon |
|---|
 | |
| Icon Hash: | e4e2a1a1a4bcbcfc |
Static PE Info |
|---|
General | |
|---|---|
| Entrypoint: | 0x4fd01e |
| Entrypoint Section: | .text |
| Digitally signed: | true |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED |
| DLL Characteristics: | NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT |
| Time Stamp: | 0x606F0C48 [Thu Apr 8 13:59:36 2021 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | v4.0.30319 |
| OS Version Major: | 4 |
| OS Version Minor: | 0 |
| File Version Major: | 4 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 4 |
| Subsystem Version Minor: | 0 |
| Import Hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
Authenticode Signature |
|---|
| Signature Valid: | false |
| Signature Issuer: | CN=DigiCert EV Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US |
| Signature Validation Error: | The digital signature of the object did not verify |
| Error Number: | -2146869232 |
| Not Before, Not After |
|
| Subject Chain |
|
| Version: | 3 |
| Thumbprint MD5: | 7B0CA4029E3A73373CE0BD3DF12A08C1 |
| Thumbprint SHA-1: | 37A0BACB152A547382195095AB33601929877364 |
| Thumbprint SHA-256: | B08CF4E204D1BA2BA8642D7709499D61CFF8CF7AA75CCD832A6BA1D7F1B82DF7 |
| Serial: | 0320BE3EB866526927F999B97B04346E |
Entrypoint Preview |
|---|
| Instruction |
|---|
| jmp dword ptr [00402000h] |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
Data Directories |
|---|
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0xfcfd0 | 0x4b | .text |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x100000 | 0xc8548 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x1c4000 | 0x6950 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x1ca000 | 0xc | .reloc |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x2000 | 0x8 | .text |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x2008 | 0x48 | .text |
Sections |
|---|
| Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|
| .text | 0x2000 | 0xfb024 | 0xfb200 | False | 0.730614578148 | data | 7.41934248302 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
| .sdata | 0xfe000 | 0x1e8 | 0x200 | False | 0.857421875 | data | 6.63844624893 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
| .rsrc | 0x100000 | 0xc8548 | 0xc8600 | False | 0.816314868606 | data | 7.63005068838 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .reloc | 0x1ca000 | 0xc | 0x200 | False | 0.044921875 | data | 0.101910425663 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Resources |
|---|
| Name | RVA | Size | Type | Language | Country |
|---|---|---|---|---|---|
| RT_ICON | 0x10047c | 0x4228 | dBase IV DBT of \200.DBF, blocks size 0, block length 16384, next free block index 40, next free block 0, next used block 0 | ||
| RT_ICON | 0x1046a4 | 0x25a8 | dBase IV DBT of `.DBF, block length 9216, next free block index 40, next free block 191989917, next used block 57969567 | ||
| RT_ICON | 0x106c4c | 0x10a8 | dBase IV DBT of @.DBF, block length 4096, next free block index 40, next free block 1436266176, next used block 1436200639 | ||
| RT_ICON | 0x107cf4 | 0x468 | GLS_BINARY_LSB_FIRST | ||
| RT_ICON | 0x10815c | 0x468 | GLS_BINARY_LSB_FIRST | ||
| RT_ICON | 0x1085c4 | 0x10a8 | dBase IV DBT of @.DBF, block length 4096, next free block index 40, next free block 1738321857, next used block 1738256320 | ||
| RT_ICON | 0x10966c | 0x25a8 | dBase IV DBT of `.DBF, block length 9216, next free block index 40, next free block 544179868, next used block 175081371 | ||
| RT_ICON | 0x10bc14 | 0x4228 | dBase IV DBT of \200.DBF, blocks size 0, block length 16384, next free block index 40, next free block 7637919, next used block 7637919 | ||
| RT_ICON | 0x10fe3c | 0x10828 | dBase III DBT, version number 0, next free block index 40 | ||
| RT_ICON | 0x120664 | 0x24d8 | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | ||
| RT_ICON | 0x122b3c | 0x468 | GLS_BINARY_LSB_FIRST | ||
| RT_ICON | 0x122fa4 | 0x10a8 | dBase IV DBT of @.DBF, block length 4096, next free block index 40, next free block 1738387650, next used block 1738322113 | ||
| RT_ICON | 0x12404c | 0x25a8 | dBase IV DBT of `.DBF, block length 9216, next free block index 40, next free block 577734556, next used block 191924124 | ||
| RT_ICON | 0x1265f4 | 0x4228 | dBase IV DBT of \200.DBF, blocks size 0, block length 16384, next free block index 40, next free block 7637919, next used block 7637919 | ||
| RT_ICON | 0x12a81c | 0x10828 | dBase III DBT, version number 0, next free block index 40 | ||
| RT_ICON | 0x13b044 | 0x2f360 | PNG image data, 256 x 256, 16-bit/color RGBA, non-interlaced | ||
| RT_RCDATA | 0x16a3a4 | 0x5db52 | Zip archive data, at least v2.0 to extract | ||
| RT_GROUP_ICON | 0x1c7ef8 | 0xe6 | data | ||
| RT_VERSION | 0x1c7fe0 | 0x37c | data | ||
| RT_MANIFEST | 0x1c835c | 0x1ea | XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators |
Imports |
|---|
| DLL | Import |
|---|---|
| mscoree.dll | _CorExeMain |
Version Infos |
|---|
| Description | Data |
|---|---|
| Translation | 0x0000 0x04b0 |
| LegalCopyright | Copyright Oleg Pylypchak 2017 - 2021 |
| Assembly Version | 2.1.0.0 |
| InternalName | .exe |
| FileVersion | 2.1.0.0 |
| CompanyName | LNU |
| LegalTrademarks | |
| Comments | Image eritor |
| ProductName | Picturesque Editor |
| ProductVersion | 2.1.0.0 |
| FileDescription | Picturesque Editor |
| OriginalFilename | .exe |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library NodeNetwork Behavior |
|---|
Network Port Distribution |
|---|
TCP Packets |
|---|
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Apr 12, 2021 15:25:02.776364088 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:02.777048111 CEST | 49740 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:02.900579929 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:02.900882006 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:02.900895119 CEST | 80 | 49740 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:02.901050091 CEST | 49740 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:02.902010918 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.026987076 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.051784992 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.051810026 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.051826000 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.051841974 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.051856995 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.051872969 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.051888943 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.051907063 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.051923990 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.051939964 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.051945925 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.052031040 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.176145077 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.176175117 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.176192045 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.176211119 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.176228046 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.176244020 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.176265955 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.176284075 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.176300049 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.176317930 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.176340103 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.176345110 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.176359892 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.176378012 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.176394939 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.176417112 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.176419020 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.176436901 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.176445961 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.176455975 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.176470995 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.176476002 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.176493883 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.176513910 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.176513910 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.176541090 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.176567078 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.300709963 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.300745964 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.300767899 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.300790071 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.300811052 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.300832033 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.300853968 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.300856113 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.300875902 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.300899982 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.300920010 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.300921917 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.300936937 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.300940037 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.300944090 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.300965071 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.300971985 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.300986052 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.300993919 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.301008940 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.301013947 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.301031113 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.301038980 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.301052094 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.301054955 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.301073074 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.301079988 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.301095963 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.301099062 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.301116943 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.301124096 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.301137924 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.301140070 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.301156998 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.301158905 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.301177979 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.301178932 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.301197052 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.301198959 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.301223040 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.301235914 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.301243067 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.301254988 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.301266909 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.301289082 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.301295042 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.301301003 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.301318884 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.301322937 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.301341057 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.301343918 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.301364899 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.301364899 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.301417112 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.301424980 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.301446915 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.301469088 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.301491976 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.301512003 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.301512957 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.301537037 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.301547050 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.301559925 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.301577091 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.301584005 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.301599026 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.301605940 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.301625013 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.301645994 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.301673889 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.301702023 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.425812960 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.425858021 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.425887108 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.425915956 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.425951004 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.425982952 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.426012993 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.426065922 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.426096916 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.426129103 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.426157951 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.426204920 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.426239014 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.426265001 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.426338911 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.426340103 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.426343918 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.426376104 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.426405907 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.426445007 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.426491976 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.426496029 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.426537991 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.426575899 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.426613092 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.426644087 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.426677942 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.426706076 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.426733971 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.426753044 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.426757097 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.426763058 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.426790953 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.426825047 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.426855087 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.426887035 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.426914930 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.426930904 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.426937103 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.426944017 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.426970959 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.427000046 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.427027941 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.427054882 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.427062035 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.427062988 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.427103043 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.427129984 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.427141905 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.427159071 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.427186966 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.427213907 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.427228928 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.427236080 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.427243948 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.427273035 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.427306890 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.427308083 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.427340031 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.427366972 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.427396059 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.427409887 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.427414894 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.427423954 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.427450895 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.427476883 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.427479029 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.427508116 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.427541971 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.427583933 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.427592039 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.427598000 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.427634954 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.427638054 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.427674055 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.427711964 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.427748919 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.427786112 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.427788973 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.427809000 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.427824020 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.427864075 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.427870989 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.427912951 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.427949905 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.427988052 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.427994967 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.428014994 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.428028107 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.428066969 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.428103924 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.428142071 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.428154945 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.428159952 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.428189993 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.428234100 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.428268909 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.428272963 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.428276062 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.428306103 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.428345919 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.428375006 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.428392887 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.428433895 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.428472042 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.428478956 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.428484917 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.428508997 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.428548098 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.428584099 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.428621054 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.428658009 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.428670883 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.428678036 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.428704977 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.428746939 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.428786039 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.428786039 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.428793907 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.429426908 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.553210020 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.553309917 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.553356886 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.553421974 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.553440094 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.553445101 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.553450108 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.553483963 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.553512096 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.553538084 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.553586006 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.553589106 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.553594112 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.553627968 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.553664923 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.553675890 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.553683996 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.553704977 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.553742886 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.553749084 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.553752899 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.553780079 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.553817987 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.553823948 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.553828001 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.553857088 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.553900957 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.553903103 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.553908110 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.553946972 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.553983927 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.553993940 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.553997993 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.554023027 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.554061890 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.554063082 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.554066896 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.554100037 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.554136992 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.554136992 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.554142952 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.554176092 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.554214954 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.554223061 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.554227114 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.554267883 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.554300070 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.554311037 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.554315090 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.554327965 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.554363966 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.554367065 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.642203093 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.767584085 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.767628908 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.767662048 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.767690897 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.767713070 CEST | 80 | 49739 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:03.767790079 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:03.767932892 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:04.653017044 CEST | 49739 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:04.653304100 CEST | 49740 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:05.613487959 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:05.613935947 CEST | 49742 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:05.738095999 CEST | 80 | 49742 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:05.738132000 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:05.738471985 CEST | 49742 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:05.739439011 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:05.763164043 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:05.887753963 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:05.913686991 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:05.913719893 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:05.913741112 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:05.913758039 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:05.913774967 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:05.913790941 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:05.913808107 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:05.913824081 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:05.913841009 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:05.913856983 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:05.913857937 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:05.913958073 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.038388014 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.038427114 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.038448095 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.038464069 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.038480043 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.038496017 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.038512945 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.038532972 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.038549900 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.038564920 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.038572073 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.038580894 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.038595915 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.038613081 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.038629055 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.038644075 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.038646936 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.038665056 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.038683891 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.038701057 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.038716078 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.038732052 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.038747072 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.038834095 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.163417101 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.163472891 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.163513899 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.163518906 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.163549900 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.163552999 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.163573027 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.163592100 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.163616896 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.163631916 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.163646936 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.163671970 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.163697004 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.163721085 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.163723946 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.163764000 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.163803101 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.163816929 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.163841009 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.163867950 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.163881063 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.163907051 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.163918972 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.163942099 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.163958073 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.163984060 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.163996935 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.164010048 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.164047956 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.164091110 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.164105892 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.164129972 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.164146900 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.164170027 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.164187908 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.164210081 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.164223909 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.164248943 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.164259911 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.164287090 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.164299965 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.164325953 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.164340019 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.164374113 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.164378881 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.164417982 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.164432049 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.164458036 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.164470911 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.164499044 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.164510012 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.164536953 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.164549112 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.164577007 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.164587975 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.164616108 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.164627075 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.164654970 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.164665937 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.164701939 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.164710045 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.164746046 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.164766073 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.164792061 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.164803028 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.164832115 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.164844036 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.164872885 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.164885044 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.164913893 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.164918900 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.164952993 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.164966106 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.164993048 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.165004015 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.165039062 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.165041924 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.165092945 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.289694071 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.289747000 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.289788008 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.289827108 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.289829969 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.289865017 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.289884090 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.289905071 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.289943933 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.289973021 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.289993048 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.290023088 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.290035963 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.290075064 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.290105104 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.290113926 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.290153980 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.290190935 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.290198088 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.290232897 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.290257931 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.290292025 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.290334940 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.290357113 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.290402889 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.290437937 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.290441036 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.290482998 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.290514946 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.290529013 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.290566921 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.290570974 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.290605068 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.290643930 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.290647030 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.290689945 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.290719032 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.290733099 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.290770054 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.290774107 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.290807962 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.290846109 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.290849924 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.290883064 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.290920973 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.290936947 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.290958881 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.290986061 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.291007042 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.291045904 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.291049004 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.291086912 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.291120052 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.291126013 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.291165113 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.291193008 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.291201115 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.291239977 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.291249990 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.291277885 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.291321993 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.291325092 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.291368961 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.291404963 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.291414976 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.291445017 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.291469097 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.291485071 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.291522980 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.291524887 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.291562080 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.291599989 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.291610956 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.291649103 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.291692019 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.291692019 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.291732073 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.291757107 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.291769981 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.291800976 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.291807890 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.291846037 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.291883945 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.291889906 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.291922092 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.291969061 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.291995049 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.292011023 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.292046070 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.292047977 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.292088032 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.292103052 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.292124987 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.292161942 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.292184114 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.292201042 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.292238951 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.292274952 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.292285919 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.292330027 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.292335033 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.292368889 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.292407036 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.292408943 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.292445898 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.292483091 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.292485952 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.292521000 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.292553902 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.292560101 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.292607069 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.292607069 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.292649984 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.292685986 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.292686939 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.292726040 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.292762995 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.292769909 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.292800903 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.292834997 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.292840958 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.292879105 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.292903900 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.292926073 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.292962074 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.293042898 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.417649984 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.417715073 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.417743921 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.417757034 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.417769909 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.417793989 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.417798996 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.417833090 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.417838097 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.417876005 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.417879105 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.417915106 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.417943954 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.417965889 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.417980909 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.418003082 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.418025017 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.418026924 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.418066025 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.418066978 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.418106079 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.418118954 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.418158054 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.418162107 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.418196917 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.418198109 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.418235064 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.418236017 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.418276072 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.418277025 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.418313980 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.418334961 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.418354988 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.418361902 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.418406010 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.418407917 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.418446064 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.418447971 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.418487072 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.418493986 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.418525934 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.418528080 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.418564081 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.418567896 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.418606043 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.418621063 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.418661118 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.418663979 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.418698072 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.418703079 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.418741941 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.418745041 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.418788910 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.418790102 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.418828964 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.418833971 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.418868065 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.418870926 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.418905973 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.418908119 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.418943882 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.418950081 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.418982029 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.418987036 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.419019938 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.419033051 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.419059992 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.419070005 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.419114113 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.419115067 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.419153929 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.419157982 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.419192076 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.419194937 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.419231892 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.419234991 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.419269085 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.419271946 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.419308901 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.419311047 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.419347048 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.419353008 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.419390917 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.419394970 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.419437885 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.419437885 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.419478893 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.419481039 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.419517040 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.419519901 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.419555902 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.419560909 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.419594049 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.419600964 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.419632912 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.419639111 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.419672012 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.419672966 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.419715881 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.419719934 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.419763088 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.419764042 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.419802904 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.419806957 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.419842005 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.419842005 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.419881105 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.419887066 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.419919014 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.419922113 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.419956923 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.419959068 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.419996977 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.420001984 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.420039892 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.420043945 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.420085907 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.420090914 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.420136929 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.420147896 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.420195103 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.420202971 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.420243025 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.420243979 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.420283079 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.420285940 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.420320988 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.420324087 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.420360088 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.420362949 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.420403004 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.420408010 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.420452118 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.420458078 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.420492887 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.420495987 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.420531034 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.420532942 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.420571089 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.420574903 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.420602083 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.420614958 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.420629978 CEST | 80 | 49741 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:06.420641899 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:06.420682907 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:07.526192904 CEST | 49741 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:07.526294947 CEST | 49742 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:08.616070032 CEST | 49743 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:08.616095066 CEST | 49744 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:08.740902901 CEST | 80 | 49743 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:08.742511034 CEST | 49743 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:08.742588043 CEST | 80 | 49744 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:08.742758036 CEST | 49744 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:08.746000051 CEST | 49743 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:08.870661020 CEST | 80 | 49743 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:08.888124943 CEST | 80 | 49743 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:08.888151884 CEST | 80 | 49743 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:08.888168097 CEST | 80 | 49743 | 142.93.7.187 | 192.168.2.3 |
| Apr 12, 2021 15:25:08.888324022 CEST | 49743 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:08.888403893 CEST | 49743 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:09.966922998 CEST | 49744 | 80 | 192.168.2.3 | 142.93.7.187 |
| Apr 12, 2021 15:25:09.967046022 CEST | 49743 | 80 | 192.168.2.3 | 142.93.7.187 |
UDP Packets |
|---|
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Apr 12, 2021 15:23:00.706065893 CEST | 60152 | 53 | 192.168.2.3 | 8.8.8.8 |
| Apr 12, 2021 15:23:00.754926920 CEST | 53 | 60152 | 8.8.8.8 | 192.168.2.3 |
| Apr 12, 2021 15:23:01.743762016 CEST | 57544 | 53 | 192.168.2.3 | 8.8.8.8 |
| Apr 12, 2021 15:23:01.792388916 CEST | 53 | 57544 | 8.8.8.8 | 192.168.2.3 |
| Apr 12, 2021 15:23:02.263736963 CEST | 55984 | 53 | 192.168.2.3 | 8.8.8.8 |
| Apr 12, 2021 15:23:02.322920084 CEST | 53 | 55984 | 8.8.8.8 | 192.168.2.3 |
| Apr 12, 2021 15:23:09.586616993 CEST | 64185 | 53 | 192.168.2.3 | 8.8.8.8 |
| Apr 12, 2021 15:23:09.638266087 CEST | 53 | 64185 | 8.8.8.8 | 192.168.2.3 |
| Apr 12, 2021 15:23:10.787715912 CEST | 65110 | 53 | 192.168.2.3 | 8.8.8.8 |
| Apr 12, 2021 15:23:10.844995975 CEST | 53 | 65110 | 8.8.8.8 | 192.168.2.3 |
| Apr 12, 2021 15:23:11.899132967 CEST | 58361 | 53 | 192.168.2.3 | 8.8.8.8 |
| Apr 12, 2021 15:23:11.948110104 CEST | 53 | 58361 | 8.8.8.8 | 192.168.2.3 |
| Apr 12, 2021 15:23:12.841348886 CEST | 63492 | 53 | 192.168.2.3 | 8.8.8.8 |
| Apr 12, 2021 15:23:12.890022993 CEST | 53 | 63492 | 8.8.8.8 | 192.168.2.3 |
| Apr 12, 2021 15:23:13.963922024 CEST | 60831 | 53 | 192.168.2.3 | 8.8.8.8 |
| Apr 12, 2021 15:23:14.012795925 CEST | 53 | 60831 | 8.8.8.8 | 192.168.2.3 |
| Apr 12, 2021 15:23:15.025738001 CEST | 60100 | 53 | 192.168.2.3 | 8.8.8.8 |
| Apr 12, 2021 15:23:15.085608959 CEST | 53 | 60100 | 8.8.8.8 | 192.168.2.3 |
| Apr 12, 2021 15:23:30.308027029 CEST | 53195 | 53 | 192.168.2.3 | 8.8.8.8 |
| Apr 12, 2021 15:23:30.357639074 CEST | 53 | 53195 | 8.8.8.8 | 192.168.2.3 |
| Apr 12, 2021 15:23:31.614057064 CEST | 50141 | 53 | 192.168.2.3 | 8.8.8.8 |
| Apr 12, 2021 15:23:31.675573111 CEST | 53 | 50141 | 8.8.8.8 | 192.168.2.3 |
| Apr 12, 2021 15:23:33.081099987 CEST | 53023 | 53 | 192.168.2.3 | 8.8.8.8 |
| Apr 12, 2021 15:23:33.130013943 CEST | 53 | 53023 | 8.8.8.8 | 192.168.2.3 |
| Apr 12, 2021 15:23:34.054116964 CEST | 49563 | 53 | 192.168.2.3 | 8.8.8.8 |
| Apr 12, 2021 15:23:34.105585098 CEST | 53 | 49563 | 8.8.8.8 | 192.168.2.3 |
| Apr 12, 2021 15:23:34.841895103 CEST | 51352 | 53 | 192.168.2.3 | 8.8.8.8 |
| Apr 12, 2021 15:23:34.914217949 CEST | 53 | 51352 | 8.8.8.8 | 192.168.2.3 |
| Apr 12, 2021 15:23:38.578038931 CEST | 59349 | 53 | 192.168.2.3 | 8.8.8.8 |
| Apr 12, 2021 15:23:38.626732111 CEST | 53 | 59349 | 8.8.8.8 | 192.168.2.3 |
| Apr 12, 2021 15:23:56.047646046 CEST | 57084 | 53 | 192.168.2.3 | 8.8.8.8 |
| Apr 12, 2021 15:23:56.096541882 CEST | 53 | 57084 | 8.8.8.8 | 192.168.2.3 |
| Apr 12, 2021 15:23:57.380353928 CEST | 58823 | 53 | 192.168.2.3 | 8.8.8.8 |
| Apr 12, 2021 15:23:57.439158916 CEST | 53 | 58823 | 8.8.8.8 | 192.168.2.3 |
| Apr 12, 2021 15:24:01.374420881 CEST | 57568 | 53 | 192.168.2.3 | 8.8.8.8 |
| Apr 12, 2021 15:24:01.423293114 CEST | 53 | 57568 | 8.8.8.8 | 192.168.2.3 |
| Apr 12, 2021 15:24:06.992815971 CEST | 50540 | 53 | 192.168.2.3 | 8.8.8.8 |
| Apr 12, 2021 15:24:07.064850092 CEST | 53 | 50540 | 8.8.8.8 | 192.168.2.3 |
| Apr 12, 2021 15:24:15.840255976 CEST | 54366 | 53 | 192.168.2.3 | 8.8.8.8 |
| Apr 12, 2021 15:24:15.899010897 CEST | 53 | 54366 | 8.8.8.8 | 192.168.2.3 |
| Apr 12, 2021 15:24:18.159683943 CEST | 53034 | 53 | 192.168.2.3 | 8.8.8.8 |
| Apr 12, 2021 15:24:18.239736080 CEST | 53 | 53034 | 8.8.8.8 | 192.168.2.3 |
| Apr 12, 2021 15:24:19.470577955 CEST | 57762 | 53 | 192.168.2.3 | 8.8.8.8 |
| Apr 12, 2021 15:24:19.551584959 CEST | 53 | 57762 | 8.8.8.8 | 192.168.2.3 |
| Apr 12, 2021 15:24:19.569940090 CEST | 55435 | 53 | 192.168.2.3 | 8.8.8.8 |
| Apr 12, 2021 15:24:19.632415056 CEST | 53 | 55435 | 8.8.8.8 | 192.168.2.3 |
| Apr 12, 2021 15:24:22.163717031 CEST | 50713 | 53 | 192.168.2.3 | 8.8.8.8 |
| Apr 12, 2021 15:24:22.212479115 CEST | 53 | 50713 | 8.8.8.8 | 192.168.2.3 |
| Apr 12, 2021 15:24:22.434473991 CEST | 56132 | 53 | 192.168.2.3 | 8.8.8.8 |
| Apr 12, 2021 15:24:22.494507074 CEST | 53 | 56132 | 8.8.8.8 | 192.168.2.3 |
| Apr 12, 2021 15:24:23.610680103 CEST | 58987 | 53 | 192.168.2.3 | 8.8.8.8 |
| Apr 12, 2021 15:24:23.660708904 CEST | 53 | 58987 | 8.8.8.8 | 192.168.2.3 |
| Apr 12, 2021 15:24:24.856631994 CEST | 56579 | 53 | 192.168.2.3 | 8.8.8.8 |
| Apr 12, 2021 15:24:24.906588078 CEST | 53 | 56579 | 8.8.8.8 | 192.168.2.3 |
| Apr 12, 2021 15:24:25.940203905 CEST | 60633 | 53 | 192.168.2.3 | 8.8.8.8 |
| Apr 12, 2021 15:24:25.988925934 CEST | 53 | 60633 | 8.8.8.8 | 192.168.2.3 |
| Apr 12, 2021 15:24:26.359051943 CEST | 61292 | 53 | 192.168.2.3 | 8.8.8.8 |
| Apr 12, 2021 15:24:26.423470974 CEST | 53 | 61292 | 8.8.8.8 | 192.168.2.3 |
| Apr 12, 2021 15:24:45.818052053 CEST | 63619 | 53 | 192.168.2.3 | 8.8.8.8 |
| Apr 12, 2021 15:24:45.879401922 CEST | 53 | 63619 | 8.8.8.8 | 192.168.2.3 |
| Apr 12, 2021 15:24:46.841341972 CEST | 63619 | 53 | 192.168.2.3 | 8.8.8.8 |
| Apr 12, 2021 15:24:46.899437904 CEST | 53 | 63619 | 8.8.8.8 | 192.168.2.3 |
| Apr 12, 2021 15:24:47.859688997 CEST | 63619 | 53 | 192.168.2.3 | 8.8.8.8 |
| Apr 12, 2021 15:24:47.918108940 CEST | 53 | 63619 | 8.8.8.8 | 192.168.2.3 |
| Apr 12, 2021 15:24:49.873609066 CEST | 63619 | 53 | 192.168.2.3 | 8.8.8.8 |
| Apr 12, 2021 15:24:49.932416916 CEST | 53 | 63619 | 8.8.8.8 | 192.168.2.3 |
| Apr 12, 2021 15:24:53.874862909 CEST | 63619 | 53 | 192.168.2.3 | 8.8.8.8 |
| Apr 12, 2021 15:24:53.934123993 CEST | 53 | 63619 | 8.8.8.8 | 192.168.2.3 |
| Apr 12, 2021 15:24:57.524413109 CEST | 64938 | 53 | 192.168.2.3 | 8.8.8.8 |
| Apr 12, 2021 15:24:57.575867891 CEST | 53 | 64938 | 8.8.8.8 | 192.168.2.3 |
| Apr 12, 2021 15:24:59.287909985 CEST | 61946 | 53 | 192.168.2.3 | 8.8.8.8 |
| Apr 12, 2021 15:24:59.352837086 CEST | 53 | 61946 | 8.8.8.8 | 192.168.2.3 |
| Apr 12, 2021 15:25:01.664540052 CEST | 64910 | 53 | 192.168.2.3 | 8.8.8.8 |
| Apr 12, 2021 15:25:01.713258982 CEST | 53 | 64910 | 8.8.8.8 | 192.168.2.3 |
| Apr 12, 2021 15:25:02.675496101 CEST | 52123 | 53 | 192.168.2.3 | 8.8.8.8 |
| Apr 12, 2021 15:25:02.756053925 CEST | 53 | 52123 | 8.8.8.8 | 192.168.2.3 |
| Apr 12, 2021 15:25:05.522825956 CEST | 56130 | 53 | 192.168.2.3 | 8.8.8.8 |
| Apr 12, 2021 15:25:05.597975016 CEST | 53 | 56130 | 8.8.8.8 | 192.168.2.3 |
| Apr 12, 2021 15:25:08.548417091 CEST | 56338 | 53 | 192.168.2.3 | 8.8.8.8 |
| Apr 12, 2021 15:25:08.605376005 CEST | 53 | 56338 | 8.8.8.8 | 192.168.2.3 |
| Apr 12, 2021 15:25:19.387145996 CEST | 59420 | 53 | 192.168.2.3 | 8.8.8.8 |
| Apr 12, 2021 15:25:19.435950041 CEST | 53 | 59420 | 8.8.8.8 | 192.168.2.3 |
| Apr 12, 2021 15:25:21.507421970 CEST | 59424 | 53 | 192.168.2.3 | 8.8.8.8 |
| Apr 12, 2021 15:25:21.556360006 CEST | 53 | 59424 | 8.8.8.8 | 192.168.2.3 |
| Apr 12, 2021 15:25:21.557013035 CEST | 59425 | 53 | 192.168.2.3 | 8.8.8.8 |
| Apr 12, 2021 15:25:21.614744902 CEST | 53 | 59425 | 8.8.8.8 | 192.168.2.3 |
DNS Queries |
|---|
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
|---|---|---|---|---|---|---|---|
| Apr 12, 2021 15:25:02.675496101 CEST | 192.168.2.3 | 8.8.8.8 | 0xb583 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 12, 2021 15:25:05.522825956 CEST | 192.168.2.3 | 8.8.8.8 | 0x360 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 12, 2021 15:25:08.548417091 CEST | 192.168.2.3 | 8.8.8.8 | 0x571b | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 12, 2021 15:25:19.387145996 CEST | 192.168.2.3 | 8.8.8.8 | 0x1254 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 12, 2021 15:25:21.507421970 CEST | 192.168.2.3 | 8.8.8.8 | 0x1 | Standard query (0) | PTR (Pointer record) | IN (0x0001) | |
| Apr 12, 2021 15:25:21.557013035 CEST | 192.168.2.3 | 8.8.8.8 | 0x2 | Standard query (0) | PTR (Pointer record) | IN (0x0001) |
DNS Answers |
|---|
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
|---|---|---|---|---|---|---|---|---|---|
| Apr 12, 2021 15:25:02.756053925 CEST | 8.8.8.8 | 192.168.2.3 | 0xb583 | No error (0) | 142.93.7.187 | A (IP address) | IN (0x0001) | ||
| Apr 12, 2021 15:25:05.597975016 CEST | 8.8.8.8 | 192.168.2.3 | 0x360 | No error (0) | 142.93.7.187 | A (IP address) | IN (0x0001) | ||
| Apr 12, 2021 15:25:08.605376005 CEST | 8.8.8.8 | 192.168.2.3 | 0x571b | No error (0) | 142.93.7.187 | A (IP address) | IN (0x0001) | ||
| Apr 12, 2021 15:25:19.435950041 CEST | 8.8.8.8 | 192.168.2.3 | 0x1254 | No error (0) | 208.67.222.222 | A (IP address) | IN (0x0001) | ||
| Apr 12, 2021 15:25:21.556360006 CEST | 8.8.8.8 | 192.168.2.3 | 0x1 | No error (0) | PTR (Pointer record) | IN (0x0001) | |||
| Apr 12, 2021 15:25:21.614744902 CEST | 8.8.8.8 | 192.168.2.3 | 0x2 | Name error (3) | none | none | PTR (Pointer record) | IN (0x0001) |
HTTP Request Dependency Graph |
|---|
|
HTTP Packets |
|---|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 0 | 192.168.2.3 | 49739 | 142.93.7.187 | 80 | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| Apr 12, 2021 15:25:02.902010918 CEST | 5589 | OUT | |
| Apr 12, 2021 15:25:03.051784992 CEST | 5590 | IN |