Windows Analysis Report U001P56ybm.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Process Tree |
---|
|
Malware Configuration |
---|
Threatname: Lokibot |
---|
{"C2 list": ["http://kbfvzoboss.bid/alien/fre.php", "http://alphastand.trade/alien/fre.php", "http://alphastand.win/alien/fre.php", "http://alphastand.top/alien/fre.php"]}
Yara Overview |
---|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_aPLib_compressed_binary | Yara detected aPLib compressed binary | Joe Security | ||
JoeSecurity_Lokibot | Yara detected Lokibot | Joe Security | ||
Loki_1 | Loki Payload | kevoreilly |
| |
Lokibot | detect Lokibot in memory | JPCERT/CC Incident Response Group |
| |
Click to see the 36 entries |
Unpacked PEs |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
SUSP_XORed_URL_in_EXE | Detects an XORed URL in an executable | Florian Roth |
| |
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_aPLib_compressed_binary | Yara detected aPLib compressed binary | Joe Security | ||
JoeSecurity_Lokibot | Yara detected Lokibot | Joe Security | ||
Loki_1 | Loki Payload | kevoreilly |
| |
Click to see the 82 entries |
Sigma Overview |
---|
No Sigma rule has matched |
---|
Jbx Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Found malware configuration | Show sources |
Source: | Malware Configuration Extractor: |
Multi AV Scanner detection for submitted file | Show sources |
Source: | ReversingLabs: |
Antivirus detection for URL or domain | Show sources |
Source: | Avira URL Cloud: |
Multi AV Scanner detection for dropped file | Show sources |
Source: | ReversingLabs: |
Source: | Avira: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 0_2_00405250 | |
Source: | Code function: | 0_2_00405C22 | |
Source: | Code function: | 0_2_00402630 | |
Source: | Code function: | 2_2_00403D74 | |
Source: | Code function: | 2_1_00403D74 |
Networking: |
---|
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) | Show sources |
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: |
C2 URLs / IPs found in malware configuration | Show sources |
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: |
Source: | ASN Name: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | HTTP traffic detected: |
Source: | Code function: | 2_2_00404ED4 |
Source: | Code function: | 0_2_00404E07 |
System Summary: |
---|
Malicious sample detected (through community Yara rule) | Show sources |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Code function: | 0_2_004030E3 |
Source: | Code function: | 0_2_00406043 | |
Source: | Code function: | 0_2_00404618 | |
Source: | Code function: | 0_2_0040681A | |
Source: | Code function: | 0_2_10014844 | |
Source: | Code function: | 0_2_1000C47B | |
Source: | Code function: | 0_2_10013D60 | |
Source: | Code function: | 0_2_1000C96F | |
Source: | Code function: | 0_2_1000CD87 | |
Source: | Code function: | 0_2_1000D1BC | |
Source: | Code function: | 0_2_1000F1CD | |
Source: | Code function: | 0_2_100169CC | |
Source: | Code function: | 0_2_1000D5F1 | |
Source: | Code function: | 0_2_10015AB1 | |
Source: | Code function: | 0_2_100142D2 | |
Source: | Code function: | 2_2_0040549C | |
Source: | Code function: | 2_2_004029D4 | |
Source: | Code function: | 2_1_0040549C | |
Source: | Code function: | 2_1_004029D4 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | ReversingLabs: |
Source: | File read: | Jump to behavior |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Code function: | 2_2_0040650A | |
Source: | Code function: | 2_1_0040650A |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | Code function: | 0_2_00402012 |
Source: | File read: | Jump to behavior |
Source: | Code function: | 0_2_0040411B |
Source: | Mutant created: |
Source: | Key opened: | Jump to behavior |
Source: | Binary string: | ||
Source: | Binary string: |
Data Obfuscation: |
---|
Yara detected aPLib compressed binary | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Code function: | 0_2_10011718 | |
Source: | Code function: | 2_2_00402AD4 | |
Source: | Code function: | 2_2_00402AFC | |
Source: | Code function: | 2_1_00402AD4 | |
Source: | Code function: | 2_1_00402AFC |
Source: | Code function: | 0_2_00405C49 |
Source: | File created: | Jump to dropped file |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior |
Source: | Code function: | 0_2_00405250 | |
Source: | Code function: | 0_2_00405C22 | |
Source: | Code function: | 0_2_00402630 | |
Source: | Code function: | 2_2_00403D74 | |
Source: | Code function: | 2_1_00403D74 |
Source: | Thread delayed: | Jump to behavior |
Source: | Code function: | 0_2_10010C55 |
Source: | Code function: | 0_2_10013280 |
Source: | Code function: | 0_2_00405C49 |
Source: | Code function: | 0_2_10001000 |
Source: | Process token adjusted: | Jump to behavior |
Source: | Code function: | 2_2_0040317B | |
Source: | Code function: | 2_1_0040317B |
Source: | Code function: | 0_2_1000EE31 |
HIPS / PFW / Operating System Protection Evasion: |
---|
Injects a PE file into a foreign processes | Show sources |
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 0_2_10010E55 |
Source: | Key value queried: | Jump to behavior |
Source: | Code function: | 0_2_0040594D |
Source: | Code function: | 2_2_00406069 |
Stealing of Sensitive Information: |
---|
Yara detected Lokibot | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Tries to steal Mail credentials (via file / registry access) | Show sources |
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) | Show sources |
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Tries to harvest and steal ftp login credentials | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Tries to steal Mail credentials (via file registry) | Show sources |
Source: | Code function: | 2_2_0040D069 | |
Source: | Code function: | 2_2_0040D069 | |
Source: | Code function: | 2_1_0040D069 | |
Source: | Code function: | 2_1_0040D069 |
Tries to harvest and steal browser information (history, passwords, etc) | Show sources |
Source: | File opened: | Jump to behavior |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality: |
---|
Yara detected Lokibot | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Native API1 | Path Interception | Access Token Manipulation1 | Deobfuscate/Decode Files or Information1 | OS Credential Dumping2 | Account Discovery1 | Remote Services | Archive Collected Data1 | Exfiltration Over Other Network Medium | Ingress Tool Transfer1 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | System Shutdown/Reboot1 |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Process Injection112 | Obfuscated Files or Information2 | Credentials in Registry2 | File and Directory Discovery2 | Remote Desktop Protocol | Data from Local System2 | Exfiltration Over Bluetooth | Encrypted Channel1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Software Packing1 | Security Account Manager | System Information Discovery15 | SMB/Windows Admin Shares | Email Collection1 | Automated Exfiltration | Non-Application Layer Protocol1 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Masquerading1 | NTDS | Security Software Discovery13 | Distributed Component Object Model | Clipboard Data1 | Scheduled Transfer | Application Layer Protocol111 | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Virtualization/Sandbox Evasion11 | LSA Secrets | Process Discovery1 | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Access Token Manipulation1 | Cached Domain Credentials | Virtualization/Sandbox Evasion11 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | Process Injection112 | DCSync | System Owner/User Discovery1 | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
25% | ReversingLabs | Win32.Trojan.Nsisx |
Dropped Files |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
23% | ReversingLabs | Win32.Trojan.Tedy |
Unpacked PE Files |
---|
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen2 | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File |
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira URL Cloud | malware | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe |
Domains and IPs |
---|
Contacted Domains |
---|
No contacted domains info |
---|
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false |
| unknown |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
194.85.248.167 | unknown | Russian Federation | 35478 | DATACENTERRO | true |
General Information |
---|
Joe Sandbox Version: | 34.0.0 Boulder Opal |
Analysis ID: | 528740 |
Start date: | 25.11.2021 |
Start time: | 18:21:15 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 6m 41s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | U001P56ybm.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 22 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.troj.spyw.evad.winEXE@3/4@0/1 |
EGA Information: | Failed |
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
18:22:21 | API Interceptor |
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
194.85.248.167 | Get hash | malicious | Browse |
|
Domains |
---|
No context |
---|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
DATACENTERRO | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
No context |
---|
Dropped Files |
---|
No context |
---|
Created / dropped Files |
---|
Process: | C:\Users\user\Desktop\U001P56ybm.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 217431 |
Entropy (8bit): | 7.987953901401436 |
Encrypted: | false |
SSDEEP: | 6144:/KdbhrnUV0fmvApS9oPiEPS3nwOJ2WF9WjNZHq98e2:/crneIEKqN2GWj3r |
MD5: | 1B63DA395BAFC5116F3F6FF8AAD7A350 |
SHA1: | 372869F185066FED68D1573158761EB4859459DB |
SHA-256: | 19D7869C47AF19341916AE58B2F82536CF130942C05DFEE3092C65CD0C9E897B |
SHA-512: | E9D93E22D5D4C547A80ACF658C4F2A6409CD00E88F73602789FEED597BEBB6073EEDDBE6A4439C3EC11A26C9EE5D9FF341BB1F8888BFEA751DFA7921E8FA5714 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Users\user\Desktop\U001P56ybm.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 120320 |
Entropy (8bit): | 6.283877419444271 |
Encrypted: | false |
SSDEEP: | 1536:DkJ/CJk6kcjZwfqMkzLaRJ+cxfNdtTisu01vzG4CNrutUo7HC5mo5wTIDLmUleNg:c6+sz2+cjdx1lmNE7i5IIXRlCi3nJ |
MD5: | 7464D22DB87D13EBEF8364866100E33C |
SHA1: | 6A64B31B7EE5F853A1CC142D0B3300A796D21B28 |
SHA-256: | 8142F4110C4DAF020DF138E7A281FD19A3295AF855D7527177E5DAB204EE9D8F |
SHA-512: | E7366C3617B958B3A4FA55548DCE997BD335D7B871494154BA9BDFD077B4C2488D80C9EA571D171B3CCFC18A579ECE85E76AE54C14AF33306BB50AB48BF32631 |
Malicious: | true |
Antivirus: |
|
Reputation: | low |
Preview: |
|
Process: | C:\Users\user\Desktop\U001P56ybm.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:U:U |
MD5: | C4CA4238A0B923820DCC509A6F75849B |
SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
|
Process: | C:\Users\user\Desktop\U001P56ybm.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 46 |
Entropy (8bit): | 1.0424600748477153 |
Encrypted: | false |
SSDEEP: | 3:/lbON:u |
MD5: | 89CA7E02D8B79ED50986F098D5686EC9 |
SHA1: | A602E0D4398F00C827BFCF711066E67718CA1377 |
SHA-256: | 30AC626CBD4A97DB480A0379F6D2540195F594C967B7087A26566E352F24C794 |
SHA-512: | C5F453E32C0297E51BE43F84A7E63302E7D1E471FADF8BB789C22A4D6E03712D26E2B039D6FBDBD9EBD35C4E93EC27F03684A7BBB67C4FADCCE9F6279417B5DE |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 7.929625872337307 |
TrID: |
|
File name: | U001P56ybm.exe |
File size: | 301040 |
MD5: | 969e2ccfcacf3573de922d9bce81e3fd |
SHA1: | c3dd33a00d4dad9330d0c2dbc0c3b75396c70f8b |
SHA256: | 4a059628d9f56799d68937821b355477502fe0704d41a75c372b1c036061d59f |
SHA512: | 9a8e5104bc18ac2bb0987324ce0f602b26ee4435da9d8c869516052067b6d911e4cec839a5619553d15129b6652c75fa489710eca815496b688e25cfeced65bf |
SSDEEP: | 6144:rGiOg+450MRKEIC/ICcr8Cnvvso/Y9oPiEPS3nwOJ2YF9WjNZHqo8eXzo9:P5vRYMICasowKqN24Wj3ro9 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........uJ...$...$...$./.{...$...%.:.$.".y...$..7....$.f."...$.Rich..$.................PE..L......H.................\...........0..... |
File Icon |
---|
Icon Hash: | b2a88c96b2ca6a72 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x4030e3 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
DLL Characteristics: | |
Time Stamp: | 0x48EFCDCD [Fri Oct 10 21:49:01 2008 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | 7fa974366048f9c551ef45714595665e |
Entrypoint Preview |
---|
Instruction |
---|
sub esp, 00000180h |
push ebx |
push ebp |
push esi |
xor ebx, ebx |
push edi |
mov dword ptr [esp+18h], ebx |
mov dword ptr [esp+10h], 00409158h |
xor esi, esi |
mov byte ptr [esp+14h], 00000020h |
call dword ptr [00407030h] |
push 00008001h |
call dword ptr [004070B0h] |
push ebx |
call dword ptr [0040727Ch] |
push 00000008h |
mov dword ptr [0042EC18h], eax |
call 00007FD554597328h |
mov dword ptr [0042EB64h], eax |
push ebx |
lea eax, dword ptr [esp+34h] |
push 00000160h |
push eax |
push ebx |
push 00428F90h |
call dword ptr [00407158h] |
push 0040914Ch |
push 0042E360h |
call 00007FD554596FDFh |
call dword ptr [004070ACh] |
mov edi, 00434000h |
push eax |
push edi |
call 00007FD554596FCDh |
push ebx |
call dword ptr [0040710Ch] |
cmp byte ptr [00434000h], 00000022h |
mov dword ptr [0042EB60h], eax |
mov eax, edi |
jne 00007FD55459480Ch |
mov byte ptr [esp+14h], 00000022h |
mov eax, 00434001h |
push dword ptr [esp+14h] |
push eax |
call 00007FD554596AC0h |
push eax |
call dword ptr [0040721Ch] |
mov dword ptr [esp+1Ch], eax |
jmp 00007FD554594865h |
cmp cl, 00000020h |
jne 00007FD554594808h |
inc eax |
cmp byte ptr [eax], 00000020h |
je 00007FD5545947FCh |
cmp byte ptr [eax], 00000022h |
mov byte ptr [eax+eax+00h], 00000000h |
Rich Headers |
---|
Programming Language: |
|
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x74b0 | 0xb4 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x37000 | 0x900 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x7000 | 0x28c | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x5b68 | 0x5c00 | False | 0.67722486413 | data | 6.48746502716 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rdata | 0x7000 | 0x129c | 0x1400 | False | 0.4337890625 | data | 5.04904254867 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x9000 | 0x25c58 | 0x400 | False | 0.58203125 | data | 4.76995537906 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.ndata | 0x2f000 | 0x8000 | 0x0 | False | 0 | empty | 0.0 | IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.rsrc | 0x37000 | 0x900 | 0xa00 | False | 0.4078125 | data | 3.93441125971 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_ICON | 0x37190 | 0x2e8 | data | English | United States |
RT_DIALOG | 0x37478 | 0x100 | data | English | United States |
RT_DIALOG | 0x37578 | 0x11c | data | English | United States |
RT_DIALOG | 0x37698 | 0x60 | data | English | United States |
RT_GROUP_ICON | 0x376f8 | 0x14 | data | English | United States |
RT_MANIFEST | 0x37710 | 0x1eb | XML 1.0 document, ASCII text, with very long lines, with no line terminators | English | United States |
Imports |
---|
DLL | Import |
---|---|
KERNEL32.dll | CompareFileTime, SearchPathA, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CreateDirectoryA, SetFileAttributesA, Sleep, GetTickCount, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, GetWindowsDirectoryA, SetFileTime, GetCommandLineA, SetErrorMode, LoadLibraryA, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, CreateFileA, GetTempFileNameA, lstrlenA, lstrcatA, GetSystemDirectoryA, GetVersion, CloseHandle, lstrcmpiA, lstrcmpA, ExpandEnvironmentStringsA, GlobalFree, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GetModuleHandleA, LoadLibraryExA, GetProcAddress, FreeLibrary, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, WriteFile, ReadFile, MulDiv, SetFilePointer, FindClose, FindNextFileA, FindFirstFileA, DeleteFileA, GetTempPathA |
USER32.dll | EndDialog, ScreenToClient, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, DestroyWindow, CreateDialogParamA, SetTimer, SetWindowTextA, PostQuitMessage, SetForegroundWindow, wsprintfA, SendMessageTimeoutA, FindWindowExA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, OpenClipboard, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongA, LoadImageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, ShowWindow |
GDI32.dll | SetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectA, SetBkMode, SetTextColor, SelectObject |
SHELL32.dll | SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA, SHGetSpecialFolderLocation |
ADVAPI32.dll | RegQueryValueExA, RegSetValueExA, RegEnumKeyA, RegEnumValueA, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA |
COMCTL32.dll | ImageList_AddMasked, ImageList_Destroy, ImageList_Create |
ole32.dll | CoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance |
VERSION.dll | GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA |
Possible Origin |
---|
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Network Behavior |
---|
Snort IDS Alerts |
---|
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
11/25/21-18:22:15.658540 | TCP | 2024312 | ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 | 49744 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:22:15.658540 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49744 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:22:15.658540 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49744 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:22:15.658540 | TCP | 2024317 | ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2 | 49744 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:22:18.837898 | TCP | 2024312 | ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 | 49745 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:22:18.837898 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49745 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:22:18.837898 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49745 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:22:18.837898 | TCP | 2024317 | ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2 | 49745 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:22:21.772417 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49746 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:22:21.772417 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49746 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:22:21.772417 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49746 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:22:21.772417 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49746 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:22:21.949354 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49746 | 194.85.248.167 | 192.168.2.3 |
11/25/21-18:22:23.379975 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49747 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:22:23.379975 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49747 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:22:23.379975 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49747 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:22:23.379975 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49747 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:22:23.474404 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49747 | 194.85.248.167 | 192.168.2.3 |
11/25/21-18:22:25.292669 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49748 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:22:25.292669 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49748 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:22:25.292669 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49748 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:22:25.292669 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49748 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:22:25.843662 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49748 | 194.85.248.167 | 192.168.2.3 |
11/25/21-18:22:26.868772 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49749 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:22:26.868772 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49749 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:22:26.868772 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49749 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:22:26.868772 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49749 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:22:26.965338 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49749 | 194.85.248.167 | 192.168.2.3 |
11/25/21-18:22:28.257549 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49750 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:22:28.257549 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49750 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:22:28.257549 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49750 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:22:28.257549 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49750 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:22:28.383367 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49750 | 194.85.248.167 | 192.168.2.3 |
11/25/21-18:22:29.608133 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49751 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:22:29.608133 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49751 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:22:29.608133 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49751 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:22:29.608133 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49751 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:22:30.439113 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49751 | 194.85.248.167 | 192.168.2.3 |
11/25/21-18:22:31.618850 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49752 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:22:31.618850 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49752 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:22:31.618850 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49752 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:22:31.618850 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49752 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:22:32.376492 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49752 | 194.85.248.167 | 192.168.2.3 |
11/25/21-18:22:35.179306 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49755 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:22:35.179306 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49755 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:22:35.179306 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49755 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:22:35.179306 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49755 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:22:35.268660 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49755 | 194.85.248.167 | 192.168.2.3 |
11/25/21-18:22:37.775846 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49756 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:22:37.775846 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49756 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:22:37.775846 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49756 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:22:37.775846 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49756 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:22:39.011205 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49756 | 194.85.248.167 | 192.168.2.3 |
11/25/21-18:22:40.734394 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49757 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:22:40.734394 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49757 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:22:40.734394 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49757 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:22:40.734394 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49757 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:22:41.150241 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49757 | 194.85.248.167 | 192.168.2.3 |
11/25/21-18:22:44.172505 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49758 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:22:44.172505 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49758 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:22:44.172505 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49758 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:22:44.172505 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49758 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:22:44.258064 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49758 | 194.85.248.167 | 192.168.2.3 |
11/25/21-18:22:45.537822 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49759 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:22:45.537822 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49759 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:22:45.537822 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49759 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:22:45.537822 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49759 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:22:46.363115 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49759 | 194.85.248.167 | 192.168.2.3 |
11/25/21-18:22:47.475042 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49760 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:22:47.475042 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49760 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:22:47.475042 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49760 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:22:47.475042 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49760 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:22:47.564037 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49760 | 194.85.248.167 | 192.168.2.3 |
11/25/21-18:22:48.480656 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49761 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:22:48.480656 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49761 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:22:48.480656 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49761 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:22:48.480656 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49761 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:22:48.579071 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49761 | 194.85.248.167 | 192.168.2.3 |
11/25/21-18:22:51.071537 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49762 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:22:51.071537 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49762 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:22:51.071537 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49762 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:22:51.071537 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49762 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:22:51.163780 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49762 | 194.85.248.167 | 192.168.2.3 |
11/25/21-18:22:52.226443 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49763 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:22:52.226443 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49763 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:22:52.226443 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49763 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:22:52.226443 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49763 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:22:52.969004 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49763 | 194.85.248.167 | 192.168.2.3 |
11/25/21-18:22:54.348325 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49765 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:22:54.348325 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49765 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:22:54.348325 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49765 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:22:54.348325 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49765 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:22:54.655710 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49765 | 194.85.248.167 | 192.168.2.3 |
11/25/21-18:22:55.798213 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49766 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:22:55.798213 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49766 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:22:55.798213 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49766 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:22:55.798213 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49766 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:22:56.114465 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49766 | 194.85.248.167 | 192.168.2.3 |
11/25/21-18:22:58.836459 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49769 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:22:58.836459 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49769 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:22:58.836459 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49769 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:22:58.836459 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49769 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:22:59.163004 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49769 | 194.85.248.167 | 192.168.2.3 |
11/25/21-18:23:01.423938 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49770 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:23:01.423938 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49770 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:23:01.423938 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49770 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:23:01.423938 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49770 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:23:02.684122 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49770 | 194.85.248.167 | 192.168.2.3 |
11/25/21-18:23:07.452292 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49785 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:23:07.452292 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49785 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:23:07.452292 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49785 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:23:07.452292 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49785 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:23:07.544955 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49785 | 194.85.248.167 | 192.168.2.3 |
11/25/21-18:23:09.396769 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49809 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:23:09.396769 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49809 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:23:09.396769 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49809 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:23:09.396769 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49809 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:23:09.919206 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49809 | 194.85.248.167 | 192.168.2.3 |
11/25/21-18:23:13.834390 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49813 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:23:13.834390 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49813 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:23:13.834390 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49813 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:23:13.834390 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49813 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:23:13.931422 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49813 | 194.85.248.167 | 192.168.2.3 |
11/25/21-18:23:19.463239 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49814 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:23:19.463239 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49814 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:23:19.463239 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49814 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:23:19.463239 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49814 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:23:20.086960 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49814 | 194.85.248.167 | 192.168.2.3 |
11/25/21-18:23:23.655365 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49817 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:23:23.655365 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49817 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:23:23.655365 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49817 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:23:23.655365 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49817 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:23:24.492060 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49817 | 194.85.248.167 | 192.168.2.3 |
11/25/21-18:23:26.318058 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49818 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:23:26.318058 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49818 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:23:26.318058 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49818 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:23:26.318058 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49818 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:23:26.435048 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49818 | 194.85.248.167 | 192.168.2.3 |
11/25/21-18:23:27.828008 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49819 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:23:27.828008 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49819 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:23:27.828008 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49819 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:23:27.828008 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49819 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:23:27.923948 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49819 | 194.85.248.167 | 192.168.2.3 |
11/25/21-18:23:29.237002 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49820 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:23:29.237002 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49820 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:23:29.237002 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49820 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:23:29.237002 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49820 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:23:29.329433 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49820 | 194.85.248.167 | 192.168.2.3 |
11/25/21-18:23:30.587831 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49821 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:23:30.587831 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49821 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:23:30.587831 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49821 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:23:30.587831 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49821 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:23:30.896799 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49821 | 194.85.248.167 | 192.168.2.3 |
11/25/21-18:23:32.864603 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49822 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:23:32.864603 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49822 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:23:32.864603 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49822 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:23:32.864603 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49822 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:23:32.960193 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49822 | 194.85.248.167 | 192.168.2.3 |
11/25/21-18:23:35.140691 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49823 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:23:35.140691 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49823 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:23:35.140691 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49823 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:23:35.140691 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49823 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:23:35.375536 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49823 | 194.85.248.167 | 192.168.2.3 |
11/25/21-18:23:36.493113 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49825 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:23:36.493113 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49825 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:23:36.493113 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49825 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:23:36.493113 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49825 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:23:37.014189 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49825 | 194.85.248.167 | 192.168.2.3 |
11/25/21-18:23:40.295826 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49827 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:23:40.295826 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49827 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:23:40.295826 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49827 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:23:40.295826 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49827 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:23:40.387692 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49827 | 194.85.248.167 | 192.168.2.3 |
11/25/21-18:23:41.914761 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49829 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:23:41.914761 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49829 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:23:41.914761 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49829 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:23:41.914761 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49829 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:23:42.233618 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49829 | 194.85.248.167 | 192.168.2.3 |
11/25/21-18:23:44.612994 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49833 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:23:44.612994 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49833 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:23:44.612994 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49833 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:23:44.612994 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49833 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:23:44.707285 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49833 | 194.85.248.167 | 192.168.2.3 |
11/25/21-18:23:45.744734 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49845 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:23:45.744734 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49845 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:23:45.744734 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49845 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:23:45.744734 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49845 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:23:45.839464 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49845 | 194.85.248.167 | 192.168.2.3 |
11/25/21-18:23:46.879979 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49851 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:23:46.879979 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49851 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:23:46.879979 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49851 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:23:46.879979 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49851 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:23:47.403833 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49851 | 194.85.248.167 | 192.168.2.3 |
11/25/21-18:23:48.864530 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49855 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:23:48.864530 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49855 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:23:48.864530 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49855 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:23:48.864530 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49855 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:23:48.959683 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49855 | 194.85.248.167 | 192.168.2.3 |
11/25/21-18:23:51.197910 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49856 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:23:51.197910 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49856 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:23:51.197910 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49856 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:23:51.197910 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49856 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:23:53.573219 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49856 | 194.85.248.167 | 192.168.2.3 |
11/25/21-18:23:55.025972 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49857 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:23:55.025972 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49857 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:23:55.025972 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49857 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:23:55.025972 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49857 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:23:55.525480 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49857 | 194.85.248.167 | 192.168.2.3 |
11/25/21-18:23:56.479058 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49858 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:23:56.479058 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49858 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:23:56.479058 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49858 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:23:56.479058 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49858 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:23:57.486293 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49858 | 194.85.248.167 | 192.168.2.3 |
11/25/21-18:23:59.056904 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49859 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:23:59.056904 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49859 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:23:59.056904 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49859 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:23:59.056904 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49859 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:23:59.210264 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49859 | 194.85.248.167 | 192.168.2.3 |
11/25/21-18:24:00.760570 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49860 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:24:00.760570 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49860 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:24:00.760570 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49860 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:24:00.760570 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49860 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:24:00.858030 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49860 | 194.85.248.167 | 192.168.2.3 |
11/25/21-18:24:02.488226 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49861 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:24:02.488226 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49861 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:24:02.488226 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49861 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:24:02.488226 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49861 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:24:02.585421 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49861 | 194.85.248.167 | 192.168.2.3 |
11/25/21-18:24:04.158304 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49862 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:24:04.158304 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49862 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:24:04.158304 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49862 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:24:04.158304 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49862 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:24:04.667956 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49862 | 194.85.248.167 | 192.168.2.3 |
11/25/21-18:24:06.231426 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49863 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:24:06.231426 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49863 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:24:06.231426 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49863 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:24:06.231426 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49863 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:24:06.343087 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49863 | 194.85.248.167 | 192.168.2.3 |
11/25/21-18:24:07.945362 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49865 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:24:07.945362 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49865 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:24:07.945362 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49865 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:24:07.945362 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49865 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:24:08.055054 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49865 | 194.85.248.167 | 192.168.2.3 |
11/25/21-18:24:09.150416 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49866 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:24:09.150416 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49866 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:24:09.150416 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49866 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:24:09.150416 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49866 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:24:09.249568 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49866 | 194.85.248.167 | 192.168.2.3 |
11/25/21-18:24:11.256726 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49867 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:24:11.256726 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49867 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:24:11.256726 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49867 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:24:11.256726 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49867 | 80 | 192.168.2.3 | 194.85.248.167 |
11/25/21-18:24:11.963359 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49867 | 194.85.248.167 | 192.168.2.3 |
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Nov 25, 2021 18:22:15.623271942 CET | 49744 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:15.654028893 CET | 80 | 49744 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:15.654150009 CET | 49744 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:15.658540010 CET | 49744 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:15.688158989 CET | 80 | 49744 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:15.688220978 CET | 49744 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:15.717979908 CET | 80 | 49744 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:15.769964933 CET | 80 | 49744 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:15.770123959 CET | 49744 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:15.868200064 CET | 80 | 49744 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:15.868268013 CET | 49744 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:17.612982035 CET | 80 | 49744 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:17.613193035 CET | 49744 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:17.613467932 CET | 49744 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:17.640830040 CET | 80 | 49744 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:18.805661917 CET | 49745 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:18.833978891 CET | 80 | 49745 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:18.834136009 CET | 49745 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:18.837898016 CET | 49745 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:18.866069078 CET | 80 | 49745 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:18.866183996 CET | 49745 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:18.894547939 CET | 80 | 49745 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:20.563548088 CET | 80 | 49745 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:20.563735962 CET | 49745 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:20.564021111 CET | 80 | 49745 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:20.564080000 CET | 49745 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:20.603979111 CET | 80 | 49745 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:21.618688107 CET | 49746 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:21.646271944 CET | 80 | 49746 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:21.646491051 CET | 49746 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:21.772417068 CET | 49746 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:21.799990892 CET | 80 | 49746 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:21.800093889 CET | 49746 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:21.827558994 CET | 80 | 49746 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:21.949353933 CET | 80 | 49746 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:21.949449062 CET | 80 | 49746 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:21.949625015 CET | 49746 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:21.949754953 CET | 49746 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:21.977195024 CET | 80 | 49746 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:23.348896980 CET | 49747 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:23.376507998 CET | 80 | 49747 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:23.376617908 CET | 49747 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:23.379975080 CET | 49747 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:23.408114910 CET | 80 | 49747 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:23.408200026 CET | 49747 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:23.435724020 CET | 80 | 49747 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:23.474404097 CET | 80 | 49747 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:23.474419117 CET | 80 | 49747 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:23.474483013 CET | 49747 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:23.474617958 CET | 49747 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:23.778615952 CET | 49747 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:23.806654930 CET | 80 | 49747 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:25.256870031 CET | 49748 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:25.288836956 CET | 80 | 49748 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:25.289027929 CET | 49748 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:25.292669058 CET | 49748 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:25.557539940 CET | 49748 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:25.585602999 CET | 80 | 49748 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:25.843662024 CET | 80 | 49748 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:25.843704939 CET | 80 | 49748 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:25.844096899 CET | 49748 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:25.846860886 CET | 49748 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:25.874469995 CET | 80 | 49748 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:26.837857008 CET | 49749 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:26.865418911 CET | 80 | 49749 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:26.865601063 CET | 49749 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:26.868772030 CET | 49749 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:26.902103901 CET | 80 | 49749 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:26.902323961 CET | 49749 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:26.929934978 CET | 80 | 49749 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:26.965337992 CET | 80 | 49749 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:26.965383053 CET | 80 | 49749 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:26.965493917 CET | 49749 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:26.965606928 CET | 49749 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:26.993765116 CET | 80 | 49749 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:28.223747015 CET | 49750 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:28.251619101 CET | 80 | 49750 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:28.251868010 CET | 49750 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:28.257549047 CET | 49750 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:28.287244081 CET | 80 | 49750 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:28.287763119 CET | 49750 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:28.315622091 CET | 80 | 49750 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:28.383367062 CET | 80 | 49750 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:28.383407116 CET | 80 | 49750 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:28.383631945 CET | 49750 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:28.383725882 CET | 49750 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:28.411499977 CET | 80 | 49750 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:29.577682972 CET | 49751 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:29.605204105 CET | 80 | 49751 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:29.605415106 CET | 49751 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:29.608133078 CET | 49751 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:29.635970116 CET | 80 | 49751 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:29.636060953 CET | 49751 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:29.663456917 CET | 80 | 49751 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:30.439112902 CET | 80 | 49751 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:30.439265966 CET | 49751 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:30.439536095 CET | 80 | 49751 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:30.439580917 CET | 49751 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:30.745325089 CET | 49751 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:30.772891998 CET | 80 | 49751 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:31.585339069 CET | 49752 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:31.613257885 CET | 80 | 49752 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:31.615413904 CET | 49752 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:31.618849993 CET | 49752 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:31.647114038 CET | 80 | 49752 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:31.647280931 CET | 49752 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:31.674859047 CET | 80 | 49752 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:31.983566999 CET | 80 | 49752 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:31.983714104 CET | 49752 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:32.376492023 CET | 80 | 49752 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:32.376640081 CET | 49752 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:32.376667976 CET | 49752 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:32.404620886 CET | 80 | 49752 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:35.143934011 CET | 49755 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:35.172997952 CET | 80 | 49755 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:35.173166037 CET | 49755 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:35.179306030 CET | 49755 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:35.207206964 CET | 80 | 49755 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:35.207289934 CET | 49755 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:35.234946012 CET | 80 | 49755 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:35.268660069 CET | 80 | 49755 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:35.268711090 CET | 80 | 49755 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:35.276211023 CET | 49755 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:35.276262045 CET | 49755 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:35.303845882 CET | 80 | 49755 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:37.731705904 CET | 49756 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:37.759550095 CET | 80 | 49756 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:37.759659052 CET | 49756 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:37.775846004 CET | 49756 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:37.803668976 CET | 80 | 49756 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:37.803760052 CET | 49756 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:37.831264019 CET | 80 | 49756 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:38.534102917 CET | 80 | 49756 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:38.534192085 CET | 49756 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:38.650185108 CET | 80 | 49756 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:38.650264025 CET | 49756 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:39.011204958 CET | 80 | 49756 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:39.011282921 CET | 49756 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:39.011323929 CET | 49756 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:39.039205074 CET | 80 | 49756 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:40.703294039 CET | 49757 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:40.731386900 CET | 80 | 49757 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:40.731509924 CET | 49757 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:40.734394073 CET | 49757 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:40.762345076 CET | 80 | 49757 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:40.762463093 CET | 49757 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:40.790384054 CET | 80 | 49757 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:40.828654051 CET | 80 | 49757 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:40.828738928 CET | 49757 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:41.150240898 CET | 80 | 49757 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:41.150394917 CET | 49757 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:41.316406012 CET | 49757 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:41.621287107 CET | 49757 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:41.650650024 CET | 80 | 49757 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:42.935033083 CET | 49758 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:44.165271044 CET | 80 | 49758 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:44.167644978 CET | 49758 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:44.172504902 CET | 49758 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:44.200254917 CET | 80 | 49758 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:44.200690031 CET | 49758 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:44.228446007 CET | 80 | 49758 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:44.258064032 CET | 80 | 49758 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:44.258543968 CET | 49758 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:44.514231920 CET | 80 | 49758 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:44.515182018 CET | 49758 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:45.506345034 CET | 49759 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:45.534925938 CET | 80 | 49759 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:45.535032988 CET | 49759 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:45.537822008 CET | 49759 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:45.566212893 CET | 80 | 49759 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:45.566334963 CET | 49759 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:45.824769974 CET | 49759 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:45.857244968 CET | 80 | 49759 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:46.363115072 CET | 80 | 49759 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:46.363223076 CET | 49759 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:46.363640070 CET | 80 | 49759 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:46.363694906 CET | 49759 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:46.391457081 CET | 80 | 49759 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:47.442327023 CET | 49760 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:47.470119953 CET | 80 | 49760 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:47.472263098 CET | 49760 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:47.475042105 CET | 49760 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:47.502603054 CET | 80 | 49760 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:47.502764940 CET | 49760 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:47.530369043 CET | 80 | 49760 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:47.564037085 CET | 80 | 49760 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:47.564225912 CET | 49760 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:47.591764927 CET | 80 | 49760 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:47.824045897 CET | 80 | 49760 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:47.824826002 CET | 49760 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:48.449671030 CET | 49761 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:48.477632999 CET | 80 | 49761 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:48.477763891 CET | 49761 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:48.480655909 CET | 49761 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:48.508479118 CET | 80 | 49761 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:48.508594036 CET | 49761 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:48.536433935 CET | 80 | 49761 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:48.579071045 CET | 80 | 49761 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:48.579093933 CET | 80 | 49761 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:48.579252005 CET | 49761 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:48.579313040 CET | 49761 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:48.607229948 CET | 80 | 49761 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:49.641493082 CET | 49762 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:51.066946030 CET | 80 | 49762 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:51.067099094 CET | 49762 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:51.071537018 CET | 49762 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:51.099139929 CET | 80 | 49762 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:51.099267006 CET | 49762 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:51.127067089 CET | 80 | 49762 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:51.163779974 CET | 80 | 49762 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:51.163940907 CET | 49762 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:51.194591045 CET | 80 | 49762 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:51.424993992 CET | 80 | 49762 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:51.425101042 CET | 49762 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:52.191330910 CET | 49763 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:52.219491005 CET | 80 | 49763 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:52.219626904 CET | 49763 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:52.226443052 CET | 49763 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:52.465967894 CET | 49763 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:52.536443949 CET | 80 | 49763 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:52.536581993 CET | 49763 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:52.635746956 CET | 80 | 49763 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:52.635885000 CET | 49763 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:52.969003916 CET | 80 | 49763 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:52.969214916 CET | 49763 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:52.969260931 CET | 49763 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:52.998703003 CET | 80 | 49763 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:54.317585945 CET | 49765 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:54.345289946 CET | 80 | 49765 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:54.345382929 CET | 49765 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:54.348325014 CET | 49765 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:54.591702938 CET | 49765 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:54.619602919 CET | 80 | 49765 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:54.655709982 CET | 80 | 49765 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:54.655797005 CET | 80 | 49765 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:54.655952930 CET | 49765 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:54.658539057 CET | 49765 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:54.683609009 CET | 80 | 49765 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:55.765865088 CET | 49766 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:55.794709921 CET | 80 | 49766 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:55.794882059 CET | 49766 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:55.798213005 CET | 49766 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:56.044425964 CET | 49766 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:56.072174072 CET | 80 | 49766 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:56.114464998 CET | 80 | 49766 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:56.114645004 CET | 49766 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:56.142512083 CET | 80 | 49766 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:56.374061108 CET | 80 | 49766 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:56.376537085 CET | 49766 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:58.805938005 CET | 49769 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:58.833636045 CET | 80 | 49769 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:58.833857059 CET | 49769 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:58.836458921 CET | 49769 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:59.091531038 CET | 49769 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:59.119275093 CET | 80 | 49769 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:59.163003922 CET | 80 | 49769 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:59.163047075 CET | 80 | 49769 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:22:59.163207054 CET | 49769 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:59.163239002 CET | 49769 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:59.466583967 CET | 49769 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:22:59.494167089 CET | 80 | 49769 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:00.242590904 CET | 49770 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:01.421118021 CET | 80 | 49770 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:01.421222925 CET | 49770 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:01.423938036 CET | 49770 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:01.452276945 CET | 80 | 49770 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:01.452536106 CET | 49770 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:01.480349064 CET | 80 | 49770 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:02.684122086 CET | 80 | 49770 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:02.684269905 CET | 80 | 49770 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:02.684315920 CET | 49770 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:02.684341908 CET | 49770 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:02.712091923 CET | 80 | 49770 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:04.411037922 CET | 49785 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:07.420366049 CET | 49785 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:07.447896004 CET | 80 | 49785 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:07.448055983 CET | 49785 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:07.452291965 CET | 49785 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:07.480056047 CET | 80 | 49785 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:07.480137110 CET | 49785 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:07.544955015 CET | 80 | 49785 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:07.545047998 CET | 80 | 49785 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:07.545070887 CET | 49785 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:07.545090914 CET | 49785 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:07.572510958 CET | 80 | 49785 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:09.366054058 CET | 49809 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:09.393862009 CET | 80 | 49809 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:09.393980980 CET | 49809 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:09.396769047 CET | 49809 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:09.425241947 CET | 80 | 49809 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:09.425380945 CET | 49809 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:09.500782967 CET | 80 | 49809 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:09.502996922 CET | 49809 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:09.598742008 CET | 80 | 49809 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:09.598825932 CET | 49809 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:09.919205904 CET | 80 | 49809 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:09.919512033 CET | 49809 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:09.919581890 CET | 49809 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:09.947248936 CET | 80 | 49809 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:13.760518074 CET | 49813 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:13.789129019 CET | 80 | 49813 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:13.793045998 CET | 49813 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:13.834389925 CET | 49813 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:13.863543987 CET | 80 | 49813 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:13.863667965 CET | 49813 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:13.893044949 CET | 80 | 49813 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:13.931421995 CET | 80 | 49813 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:13.931447029 CET | 80 | 49813 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:13.931518078 CET | 49813 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:13.931585073 CET | 49813 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:13.959501982 CET | 80 | 49813 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:18.425196886 CET | 49814 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:19.455027103 CET | 80 | 49814 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:19.455593109 CET | 49814 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:19.463238955 CET | 49814 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:19.490854025 CET | 80 | 49814 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:19.491267920 CET | 49814 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:19.518702030 CET | 80 | 49814 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:20.086960077 CET | 80 | 49814 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:20.086988926 CET | 80 | 49814 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:20.087079048 CET | 49814 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:20.087112904 CET | 49814 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:23.621725082 CET | 49817 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:23.624907970 CET | 49814 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:23.649621010 CET | 80 | 49817 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:23.649776936 CET | 49817 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:23.652431011 CET | 80 | 49814 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:23.655364990 CET | 49817 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:23.683280945 CET | 80 | 49817 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:23.683413029 CET | 49817 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:23.711070061 CET | 80 | 49817 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:24.492059946 CET | 80 | 49817 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:24.492162943 CET | 80 | 49817 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:24.492188931 CET | 49817 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:24.492223978 CET | 49817 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:24.797019005 CET | 49817 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:24.826809883 CET | 80 | 49817 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:26.284883022 CET | 49818 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:26.312608004 CET | 80 | 49818 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:26.314218998 CET | 49818 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:26.318058014 CET | 49818 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:26.345666885 CET | 80 | 49818 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:26.345900059 CET | 49818 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:26.377235889 CET | 80 | 49818 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:26.435048103 CET | 80 | 49818 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:26.435183048 CET | 80 | 49818 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:26.435332060 CET | 49818 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:26.435370922 CET | 49818 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:26.750118971 CET | 49818 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:27.359548092 CET | 49818 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:27.387346983 CET | 80 | 49818 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:27.797719955 CET | 49819 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:27.825098038 CET | 80 | 49819 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:27.825192928 CET | 49819 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:27.828007936 CET | 49819 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:27.855814934 CET | 80 | 49819 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:27.856122971 CET | 49819 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:27.883739948 CET | 80 | 49819 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:27.923948050 CET | 80 | 49819 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:27.924148083 CET | 49819 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:28.181101084 CET | 80 | 49819 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:28.181216955 CET | 49819 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:29.206317902 CET | 49820 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:29.233820915 CET | 80 | 49820 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:29.233935118 CET | 49820 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:29.237001896 CET | 49820 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:29.264424086 CET | 80 | 49820 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:29.264524937 CET | 49820 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:29.291994095 CET | 80 | 49820 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:29.329432964 CET | 80 | 49820 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:29.329458952 CET | 80 | 49820 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:29.329571962 CET | 49820 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:29.329698086 CET | 49820 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:29.357028961 CET | 80 | 49820 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:30.556574106 CET | 49821 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:30.585022926 CET | 80 | 49821 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:30.585122108 CET | 49821 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:30.587831020 CET | 49821 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:30.828551054 CET | 49821 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:30.858226061 CET | 80 | 49821 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:30.896799088 CET | 80 | 49821 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:30.896923065 CET | 49821 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:31.155163050 CET | 80 | 49821 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:31.155486107 CET | 49821 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:32.833257914 CET | 49822 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:32.861645937 CET | 80 | 49822 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:32.861778975 CET | 49822 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:32.864603043 CET | 49822 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:32.894813061 CET | 80 | 49822 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:32.894982100 CET | 49822 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:32.924781084 CET | 80 | 49822 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:32.960192919 CET | 80 | 49822 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:32.960256100 CET | 80 | 49822 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:32.960690022 CET | 49822 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:32.960720062 CET | 49822 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:32.988256931 CET | 80 | 49822 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:35.109721899 CET | 49823 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:35.137703896 CET | 80 | 49823 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:35.137835026 CET | 49823 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:35.140691042 CET | 49823 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:35.168540955 CET | 80 | 49823 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:35.169219971 CET | 49823 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:35.196958065 CET | 80 | 49823 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:35.375535965 CET | 80 | 49823 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:35.375936031 CET | 49823 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:35.403831005 CET | 80 | 49823 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:35.634331942 CET | 80 | 49823 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:35.635236979 CET | 49823 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:36.461390018 CET | 49825 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:36.489403009 CET | 80 | 49825 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:36.489521980 CET | 49825 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:36.493113041 CET | 49825 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:36.520729065 CET | 80 | 49825 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:36.520931959 CET | 49825 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:36.548760891 CET | 80 | 49825 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:36.585817099 CET | 80 | 49825 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:36.585947037 CET | 49825 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:36.675201893 CET | 80 | 49825 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:36.675338984 CET | 49825 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:37.014189005 CET | 80 | 49825 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:37.014286041 CET | 49825 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:37.014343023 CET | 49825 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:37.042118073 CET | 80 | 49825 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:39.261559010 CET | 49827 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:40.292233944 CET | 80 | 49827 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:40.292362928 CET | 49827 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:40.295825958 CET | 49827 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:40.326860905 CET | 80 | 49827 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:40.326971054 CET | 49827 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:40.354667902 CET | 80 | 49827 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:40.387691975 CET | 80 | 49827 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:40.387835979 CET | 80 | 49827 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:40.387875080 CET | 49827 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:40.387902975 CET | 49827 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:40.419651031 CET | 80 | 49827 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:41.883481026 CET | 49829 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:41.911032915 CET | 80 | 49829 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:41.911195993 CET | 49829 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:41.914761066 CET | 49829 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:42.157748938 CET | 49829 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:42.185556889 CET | 80 | 49829 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:42.233618021 CET | 80 | 49829 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:42.233639956 CET | 80 | 49829 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:42.233769894 CET | 49829 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:42.233830929 CET | 49829 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:42.262592077 CET | 80 | 49829 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:43.379654884 CET | 49833 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:44.609067917 CET | 80 | 49833 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:44.609219074 CET | 49833 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:44.612993956 CET | 49833 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:44.640420914 CET | 80 | 49833 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:44.640516996 CET | 49833 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:44.667843103 CET | 80 | 49833 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:44.707284927 CET | 80 | 49833 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:44.707828045 CET | 49833 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:44.735332012 CET | 80 | 49833 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:44.963197947 CET | 80 | 49833 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:44.965779066 CET | 49833 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:45.713177919 CET | 49845 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:45.740890980 CET | 80 | 49845 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:45.741034031 CET | 49845 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:45.744734049 CET | 49845 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:45.772430897 CET | 80 | 49845 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:45.772535086 CET | 49845 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:45.839463949 CET | 80 | 49845 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:45.839569092 CET | 80 | 49845 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:45.839636087 CET | 49845 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:45.839659929 CET | 49845 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:45.873326063 CET | 80 | 49845 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:46.848742008 CET | 49851 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:46.876563072 CET | 80 | 49851 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:46.876707077 CET | 49851 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:46.879978895 CET | 49851 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:46.908214092 CET | 80 | 49851 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:46.908288956 CET | 49851 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:46.935949087 CET | 80 | 49851 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:47.403832912 CET | 80 | 49851 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:47.404062986 CET | 49851 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:47.404071093 CET | 80 | 49851 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:47.404140949 CET | 49851 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:47.431801081 CET | 80 | 49851 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:48.833488941 CET | 49855 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:48.861296892 CET | 80 | 49855 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:48.861429930 CET | 49855 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:48.864530087 CET | 49855 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:48.892155886 CET | 80 | 49855 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:48.892277002 CET | 49855 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:48.919792891 CET | 80 | 49855 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:48.959682941 CET | 80 | 49855 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:48.959701061 CET | 80 | 49855 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:48.959835052 CET | 49855 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:48.959933996 CET | 49855 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:48.987483978 CET | 80 | 49855 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:50.747944117 CET | 49856 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:50.775763988 CET | 80 | 49856 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:50.776324034 CET | 49856 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:51.197910070 CET | 49856 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:51.225764036 CET | 80 | 49856 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:51.225828886 CET | 49856 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:51.253464937 CET | 80 | 49856 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:51.289370060 CET | 80 | 49856 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:51.289468050 CET | 49856 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:53.573219061 CET | 80 | 49856 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:53.573304892 CET | 49856 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:53.573335886 CET | 49856 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:53.877403021 CET | 49856 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:53.905412912 CET | 80 | 49856 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:54.994313002 CET | 49857 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:55.021867990 CET | 80 | 49857 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:55.021997929 CET | 49857 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:55.025971889 CET | 49857 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:55.053472042 CET | 80 | 49857 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:55.053550005 CET | 49857 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:55.080974102 CET | 80 | 49857 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:55.525480032 CET | 80 | 49857 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:55.525546074 CET | 80 | 49857 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:55.525753975 CET | 49857 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:55.525796890 CET | 49857 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:55.553402901 CET | 80 | 49857 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:56.446271896 CET | 49858 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:56.474780083 CET | 80 | 49858 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:56.474952936 CET | 49858 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:56.479058027 CET | 49858 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:56.506938934 CET | 80 | 49858 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:56.507009983 CET | 49858 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:56.552824020 CET | 80 | 49858 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:56.605655909 CET | 80 | 49858 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:56.605748892 CET | 49858 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:56.697737932 CET | 80 | 49858 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:56.697838068 CET | 49858 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:57.486293077 CET | 80 | 49858 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:57.486536980 CET | 49858 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:57.486571074 CET | 49858 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:57.514456987 CET | 80 | 49858 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:59.024177074 CET | 49859 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:59.051770926 CET | 80 | 49859 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:59.051870108 CET | 49859 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:59.056904078 CET | 49859 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:59.085072041 CET | 80 | 49859 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:59.085151911 CET | 49859 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:59.113356113 CET | 80 | 49859 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:59.210263968 CET | 80 | 49859 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:59.210369110 CET | 49859 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:59.210371971 CET | 80 | 49859 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:23:59.210448027 CET | 49859 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:59.518481016 CET | 49859 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:23:59.546103001 CET | 80 | 49859 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:24:00.726829052 CET | 49860 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:24:00.755337954 CET | 80 | 49860 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:24:00.755508900 CET | 49860 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:24:00.760570049 CET | 49860 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:24:00.788341045 CET | 80 | 49860 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:24:00.788455963 CET | 49860 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:24:00.818100929 CET | 80 | 49860 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:24:00.858030081 CET | 80 | 49860 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:24:00.858052969 CET | 80 | 49860 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:24:00.858198881 CET | 49860 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:24:00.858236074 CET | 49860 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:24:00.886174917 CET | 80 | 49860 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:24:02.456315994 CET | 49861 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:24:02.484718084 CET | 80 | 49861 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:24:02.484883070 CET | 49861 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:24:02.488225937 CET | 49861 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:24:02.517069101 CET | 80 | 49861 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:24:02.517215967 CET | 49861 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:24:02.585421085 CET | 80 | 49861 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:24:02.585443020 CET | 80 | 49861 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:24:02.585525036 CET | 49861 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:24:02.585558891 CET | 49861 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:24:02.614757061 CET | 80 | 49861 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:24:04.127496958 CET | 49862 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:24:04.155462980 CET | 80 | 49862 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:24:04.155706882 CET | 49862 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:24:04.158303976 CET | 49862 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:24:04.185689926 CET | 80 | 49862 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:24:04.185791016 CET | 49862 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:24:04.213334084 CET | 80 | 49862 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:24:04.667956114 CET | 80 | 49862 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:24:04.667982101 CET | 80 | 49862 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:24:04.668107033 CET | 49862 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:24:04.668147087 CET | 49862 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:24:04.695425034 CET | 80 | 49862 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:24:06.200131893 CET | 49863 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:24:06.228157043 CET | 80 | 49863 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:24:06.228283882 CET | 49863 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:24:06.231426001 CET | 49863 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:24:06.259320021 CET | 80 | 49863 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:24:06.259443998 CET | 49863 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:24:06.294764042 CET | 80 | 49863 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:24:06.343086958 CET | 80 | 49863 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:24:06.343280077 CET | 80 | 49863 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:24:06.343302011 CET | 49863 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:24:06.343343973 CET | 49863 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:24:06.371068954 CET | 80 | 49863 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:24:07.913661957 CET | 49865 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:24:07.941509008 CET | 80 | 49865 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:24:07.941646099 CET | 49865 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:24:07.945362091 CET | 49865 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:24:07.980093002 CET | 80 | 49865 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:24:07.980170012 CET | 49865 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:24:08.008744001 CET | 80 | 49865 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:24:08.055053949 CET | 80 | 49865 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:24:08.055162907 CET | 49865 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:24:08.055186987 CET | 80 | 49865 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:24:08.055239916 CET | 49865 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:24:08.082942009 CET | 80 | 49865 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:24:09.114893913 CET | 49866 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:24:09.143146992 CET | 80 | 49866 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:24:09.147073030 CET | 49866 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:24:09.150415897 CET | 49866 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:24:09.178633928 CET | 80 | 49866 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:24:09.178721905 CET | 49866 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:24:09.209146023 CET | 80 | 49866 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:24:09.249567986 CET | 80 | 49866 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:24:09.249821901 CET | 49866 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:24:09.250066042 CET | 80 | 49866 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:24:09.250180960 CET | 49866 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:24:09.277338982 CET | 80 | 49866 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:24:10.224569082 CET | 49867 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:24:11.252933025 CET | 80 | 49867 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:24:11.253093004 CET | 49867 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:24:11.256726027 CET | 49867 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:24:11.284295082 CET | 80 | 49867 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:24:11.284368038 CET | 49867 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:24:11.311822891 CET | 80 | 49867 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:24:11.963359118 CET | 80 | 49867 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:24:11.963387012 CET | 80 | 49867 | 194.85.248.167 | 192.168.2.3 |
Nov 25, 2021 18:24:11.963500023 CET | 49867 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:24:11.963557005 CET | 49867 | 80 | 192.168.2.3 | 194.85.248.167 |
Nov 25, 2021 18:24:11.991802931 CET | 80 | 49867 | 194.85.248.167 | 192.168.2.3 |
HTTP Request Dependency Graph |
---|
|
HTTP Packets |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.3 | 49744 | 194.85.248.167 | 80 | C:\Users\user\Desktop\U001P56ybm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Nov 25, 2021 18:22:15.658540010 CET | 1080 | OUT | |
Nov 25, 2021 18:22:15.688220978 CET | 1081 | OUT | |
Nov 25, 2021 18:22:17.612982035 CET | 1081 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.2.3 | 49745 | 194.85.248.167 | 80 | C:\Users\user\Desktop\U001P56ybm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Nov 25, 2021 18:22:18.837898016 CET | 1082 | OUT | |
Nov 25, 2021 18:22:18.866183996 CET | 1082 | OUT | |
Nov 25, 2021 18:22:20.563548088 CET | 1082 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
10 | 192.168.2.3 | 49756 | 194.85.248.167 | 80 | C:\Users\user\Desktop\U001P56ybm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Nov 25, 2021 18:22:37.775846004 CET | 1116 | OUT | |
Nov 25, 2021 18:22:37.803760052 CET | 1116 | OUT | |
Nov 25, 2021 18:22:39.011204958 CET | 1117 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
11 | 192.168.2.3 | 49757 | 194.85.248.167 | 80 | C:\Users\user\Desktop\U001P56ybm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Nov 25, 2021 18:22:40.734394073 CET | 1118 | OUT | |
Nov 25, 2021 18:22:40.762463093 CET | 1118 | OUT | |
Nov 25, 2021 18:22:41.150240898 CET | 1118 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
12 | 192.168.2.3 | 49758 | 194.85.248.167 | 80 | C:\Users\user\Desktop\U001P56ybm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Nov 25, 2021 18:22:44.172504902 CET | 1119 | OUT | |
Nov 25, 2021 18:22:44.200690031 CET | 1119 | OUT | |
Nov 25, 2021 18:22:44.258064032 CET | 1120 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
13 | 192.168.2.3 | 49759 | 194.85.248.167 | 80 | C:\Users\user\Desktop\U001P56ybm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Nov 25, 2021 18:22:45.537822008 CET | 1120 | OUT | |
Nov 25, 2021 18:22:45.566334963 CET | 1121 | OUT | |
Nov 25, 2021 18:22:45.824769974 CET | 1121 | OUT | |
Nov 25, 2021 18:22:46.363115072 CET | 1121 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
14 | 192.168.2.3 | 49760 | 194.85.248.167 | 80 | C:\Users\user\Desktop\U001P56ybm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Nov 25, 2021 18:22:47.475042105 CET | 1122 | OUT | |
Nov 25, 2021 18:22:47.502764940 CET | 1122 | OUT | |
Nov 25, 2021 18:22:47.564037085 CET | 1123 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
15 | 192.168.2.3 | 49761 | 194.85.248.167 | 80 | C:\Users\user\Desktop\U001P56ybm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Nov 25, 2021 18:22:48.480655909 CET | 1123 | OUT | |
Nov 25, 2021 18:22:48.508594036 CET | 1124 | OUT | |
Nov 25, 2021 18:22:48.579071045 CET | 1124 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
16 | 192.168.2.3 | 49762 | 194.85.248.167 | 80 | C:\Users\user\Desktop\U001P56ybm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Nov 25, 2021 18:22:51.071537018 CET | 1125 | OUT | |
Nov 25, 2021 18:22:51.099267006 CET | 1125 | OUT | |
Nov 25, 2021 18:22:51.163779974 CET | 1125 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
17 | 192.168.2.3 | 49763 | 194.85.248.167 | 80 | C:\Users\user\Desktop\U001P56ybm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Nov 25, 2021 18:22:52.226443052 CET | 1126 | OUT | |
Nov 25, 2021 18:22:52.465967894 CET | 1126 | OUT | |
Nov 25, 2021 18:22:52.969003916 CET | 1127 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
18 | 192.168.2.3 | 49765 | 194.85.248.167 | 80 | C:\Users\user\Desktop\U001P56ybm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Nov 25, 2021 18:22:54.348325014 CET | 1138 | OUT | |
Nov 25, 2021 18:22:54.591702938 CET | 1138 | OUT | |
Nov 25, 2021 18:22:54.655709982 CET | 1139 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
19 | 192.168.2.3 | 49766 | 194.85.248.167 | 80 | C:\Users\user\Desktop\U001P56ybm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Nov 25, 2021 18:22:55.798213005 CET | 1140 | OUT | |
Nov 25, 2021 18:22:56.044425964 CET | 1140 | OUT | |
Nov 25, 2021 18:22:56.114464998 CET | 1141 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
2 | 192.168.2.3 | 49746 | 194.85.248.167 | 80 | C:\Users\user\Desktop\U001P56ybm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Nov 25, 2021 18:22:21.772417068 CET | 1083 | OUT | |
Nov 25, 2021 18:22:21.800093889 CET | 1083 | OUT | |
Nov 25, 2021 18:22:21.949353933 CET | 1084 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
20 | 192.168.2.3 | 49769 | 194.85.248.167 | 80 | C:\Users\user\Desktop\U001P56ybm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Nov 25, 2021 18:22:58.836458921 CET | 1156 | OUT | |
Nov 25, 2021 18:22:59.091531038 CET | 1156 | OUT | |
Nov 25, 2021 18:22:59.163003922 CET | 1156 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
21 | 192.168.2.3 | 49770 | 194.85.248.167 | 80 | C:\Users\user\Desktop\U001P56ybm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Nov 25, 2021 18:23:01.423938036 CET | 1268 | OUT | |
Nov 25, 2021 18:23:01.452536106 CET | 1268 | OUT | |
Nov 25, 2021 18:23:02.684122086 CET | 1404 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
22 | 192.168.2.3 | 49785 | 194.85.248.167 | 80 | C:\Users\user\Desktop\U001P56ybm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Nov 25, 2021 18:23:07.452291965 CET | 1965 | OUT | |
Nov 25, 2021 18:23:07.480137110 CET | 1965 | OUT | |
Nov 25, 2021 18:23:07.544955015 CET | 1967 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
23 | 192.168.2.3 | 49809 | 194.85.248.167 | 80 | C:\Users\user\Desktop\U001P56ybm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Nov 25, 2021 18:23:09.396769047 CET | 7360 | OUT | |
Nov 25, 2021 18:23:09.425380945 CET | 7360 | OUT | |
Nov 25, 2021 18:23:09.919205904 CET | 7365 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
24 | 192.168.2.3 | 49813 | 194.85.248.167 | 80 | C:\Users\user\Desktop\U001P56ybm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Nov 25, 2021 18:23:13.834389925 CET | 7369 | OUT | |
Nov 25, 2021 18:23:13.863667965 CET | 7369 | OUT | |
Nov 25, 2021 18:23:13.931421995 CET | 7370 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
25 | 192.168.2.3 | 49814 | 194.85.248.167 | 80 | C:\Users\user\Desktop\U001P56ybm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Nov 25, 2021 18:23:19.463238955 CET | 7370 | OUT | |
Nov 25, 2021 18:23:19.491267920 CET | 7371 | OUT | |
Nov 25, 2021 18:23:20.086960077 CET | 7371 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
26 | 192.168.2.3 | 49817 | 194.85.248.167 | 80 | C:\Users\user\Desktop\U001P56ybm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Nov 25, 2021 18:23:23.655364990 CET | 7987 | OUT | |
Nov 25, 2021 18:23:23.683413029 CET | 7987 | OUT | |
Nov 25, 2021 18:23:24.492059946 CET | 7988 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
27 | 192.168.2.3 | 49818 | 194.85.248.167 | 80 | C:\Users\user\Desktop\U001P56ybm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Nov 25, 2021 18:23:26.318058014 CET | 7988 | OUT | |
Nov 25, 2021 18:23:26.345900059 CET | 7989 | OUT | |
Nov 25, 2021 18:23:26.435048103 CET | 7989 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
28 | 192.168.2.3 | 49819 | 194.85.248.167 | 80 | C:\Users\user\Desktop\U001P56ybm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Nov 25, 2021 18:23:27.828007936 CET | 7990 | OUT | |
Nov 25, 2021 18:23:27.856122971 CET | 7990 | OUT | |
Nov 25, 2021 18:23:27.923948050 CET | 7991 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
29 | 192.168.2.3 | 49820 | 194.85.248.167 | 80 | C:\Users\user\Desktop\U001P56ybm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Nov 25, 2021 18:23:29.237001896 CET | 7991 | OUT | |
Nov 25, 2021 18:23:29.264524937 CET | 7991 | OUT | |
Nov 25, 2021 18:23:29.329432964 CET | 7992 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
3 | 192.168.2.3 | 49747 | 194.85.248.167 | 80 | C:\Users\user\Desktop\U001P56ybm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Nov 25, 2021 18:22:23.379975080 CET | 1084 | OUT | |
Nov 25, 2021 18:22:23.408200026 CET | 1085 | OUT | |
Nov 25, 2021 18:22:23.474404097 CET | 1085 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
30 | 192.168.2.3 | 49821 | 194.85.248.167 | 80 | C:\Users\user\Desktop\U001P56ybm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Nov 25, 2021 18:23:30.587831020 CET | 7992 | OUT | |
Nov 25, 2021 18:23:30.828551054 CET | 7993 | OUT | |
Nov 25, 2021 18:23:30.896799088 CET | 7993 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
31 | 192.168.2.3 | 49822 | 194.85.248.167 | 80 | C:\Users\user\Desktop\U001P56ybm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Nov 25, 2021 18:23:32.864603043 CET | 7994 | OUT | |
Nov 25, 2021 18:23:32.894982100 CET | 7994 | OUT | |
Nov 25, 2021 18:23:32.960192919 CET | 7994 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
32 | 192.168.2.3 | 49823 | 194.85.248.167 | 80 | C:\Users\user\Desktop\U001P56ybm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Nov 25, 2021 18:23:35.140691042 CET | 7995 | OUT | |
Nov 25, 2021 18:23:35.169219971 CET | 7995 | OUT | |
Nov 25, 2021 18:23:35.375535965 CET | 7996 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
33 | 192.168.2.3 | 49825 | 194.85.248.167 | 80 | C:\Users\user\Desktop\U001P56ybm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Nov 25, 2021 18:23:36.493113041 CET | 8002 | OUT | |
Nov 25, 2021 18:23:36.520931959 CET | 8002 | OUT | |
Nov 25, 2021 18:23:37.014189005 CET | 8003 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
34 | 192.168.2.3 | 49827 | 194.85.248.167 | 80 | C:\Users\user\Desktop\U001P56ybm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Nov 25, 2021 18:23:40.295825958 CET | 8012 | OUT | |
Nov 25, 2021 18:23:40.326971054 CET | 8012 | OUT | |
Nov 25, 2021 18:23:40.387691975 CET | 8012 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
35 | 192.168.2.3 | 49829 | 194.85.248.167 | 80 | C:\Users\user\Desktop\U001P56ybm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Nov 25, 2021 18:23:41.914761066 CET | 8020 | OUT | |
Nov 25, 2021 18:23:42.157748938 CET | 8020 | OUT | |
Nov 25, 2021 18:23:42.233618021 CET | 8020 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
36 | 192.168.2.3 | 49833 | 194.85.248.167 | 80 | C:\Users\user\Desktop\U001P56ybm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Nov 25, 2021 18:23:44.612993956 CET | 8044 | OUT | |
Nov 25, 2021 18:23:44.640516996 CET | 8045 | OUT | |
Nov 25, 2021 18:23:44.707284927 CET | 8045 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
37 | 192.168.2.3 | 49845 | 194.85.248.167 | 80 | C:\Users\user\Desktop\U001P56ybm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Nov 25, 2021 18:23:45.744734049 CET | 8057 | OUT | |
Nov 25, 2021 18:23:45.772535086 CET | 8058 | OUT | |
Nov 25, 2021 18:23:45.839463949 CET | 8059 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
38 | 192.168.2.3 | 49851 | 194.85.248.167 | 80 | C:\Users\user\Desktop\U001P56ybm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Nov 25, 2021 18:23:46.879978895 CET | 8072 | OUT | |
Nov 25, 2021 18:23:46.908288956 CET | 8072 | OUT | |
Nov 25, 2021 18:23:47.403832912 CET | 8077 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
39 | 192.168.2.3 | 49855 | 194.85.248.167 | 80 | C:\Users\user\Desktop\U001P56ybm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Nov 25, 2021 18:23:48.864530087 CET | 8081 | OUT | |
Nov 25, 2021 18:23:48.892277002 CET | 8081 | OUT | |
Nov 25, 2021 18:23:48.959682941 CET | 8081 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
4 | 192.168.2.3 | 49748 | 194.85.248.167 | 80 | C:\Users\user\Desktop\U001P56ybm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Nov 25, 2021 18:22:25.292669058 CET | 1086 | OUT | |
Nov 25, 2021 18:22:25.557539940 CET | 1086 | OUT | |
Nov 25, 2021 18:22:25.843662024 CET | 1086 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
40 | 192.168.2.3 | 49856 | 194.85.248.167 | 80 | C:\Users\user\Desktop\U001P56ybm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Nov 25, 2021 18:23:51.197910070 CET | 8082 | OUT | |
Nov 25, 2021 18:23:51.225828886 CET | 8082 | OUT | |
Nov 25, 2021 18:23:53.573219061 CET | 8083 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
41 | 192.168.2.3 | 49857 | 194.85.248.167 | 80 | C:\Users\user\Desktop\U001P56ybm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Nov 25, 2021 18:23:55.025971889 CET | 8083 | OUT | |
Nov 25, 2021 18:23:55.053550005 CET | 8084 | OUT | |
Nov 25, 2021 18:23:55.525480032 CET | 8084 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
42 | 192.168.2.3 | 49858 | 194.85.248.167 | 80 | C:\Users\user\Desktop\U001P56ybm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Nov 25, 2021 18:23:56.479058027 CET | 8085 | OUT | |
Nov 25, 2021 18:23:56.507009983 CET | 8086 | OUT | |
Nov 25, 2021 18:23:57.486293077 CET | 8086 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
43 | 192.168.2.3 | 49859 | 194.85.248.167 | 80 | C:\Users\user\Desktop\U001P56ybm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Nov 25, 2021 18:23:59.056904078 CET | 8087 | OUT | |
Nov 25, 2021 18:23:59.085151911 CET | 8087 | OUT | |
Nov 25, 2021 18:23:59.210263968 CET | 8088 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
44 | 192.168.2.3 | 49860 | 194.85.248.167 | 80 | C:\Users\user\Desktop\U001P56ybm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Nov 25, 2021 18:24:00.760570049 CET | 8088 | OUT | |
Nov 25, 2021 18:24:00.788455963 CET | 8089 | OUT | |
Nov 25, 2021 18:24:00.858030081 CET | 8089 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
45 | 192.168.2.3 | 49861 | 194.85.248.167 | 80 | C:\Users\user\Desktop\U001P56ybm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Nov 25, 2021 18:24:02.488225937 CET | 8090 | OUT | |
Nov 25, 2021 18:24:02.517215967 CET | 8090 | OUT | |
Nov 25, 2021 18:24:02.585421085 CET | 8090 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
46 | 192.168.2.3 | 49862 | 194.85.248.167 | 80 | C:\Users\user\Desktop\U001P56ybm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Nov 25, 2021 18:24:04.158303976 CET | 8091 | OUT | |
Nov 25, 2021 18:24:04.185791016 CET | 8091 | OUT | |
Nov 25, 2021 18:24:04.667956114 CET | 8091 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
47 | 192.168.2.3 | 49863 | 194.85.248.167 | 80 | C:\Users\user\Desktop\U001P56ybm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Nov 25, 2021 18:24:06.231426001 CET | 8092 | OUT | |
Nov 25, 2021 18:24:06.259443998 CET | 8093 | OUT | |
Nov 25, 2021 18:24:06.343086958 CET | 8094 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
48 | 192.168.2.3 | 49865 | 194.85.248.167 | 80 | C:\Users\user\Desktop\U001P56ybm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Nov 25, 2021 18:24:07.945362091 CET | 8100 | OUT | |
Nov 25, 2021 18:24:07.980170012 CET | 8100 | OUT | |
Nov 25, 2021 18:24:08.055053949 CET | 8101 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
49 | 192.168.2.3 | 49866 | 194.85.248.167 | 80 | C:\Users\user\Desktop\U001P56ybm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Nov 25, 2021 18:24:09.150415897 CET | 8102 | OUT | |
Nov 25, 2021 18:24:09.178721905 CET | 8102 | OUT | |
Nov 25, 2021 18:24:09.249567986 CET | 8102 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
5 | 192.168.2.3 | 49749 | 194.85.248.167 | 80 | C:\Users\user\Desktop\U001P56ybm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Nov 25, 2021 18:22:26.868772030 CET | 1087 | OUT | |
Nov 25, 2021 18:22:26.902323961 CET | 1087 | OUT | |
Nov 25, 2021 18:22:26.965337992 CET | 1088 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
50 | 192.168.2.3 | 49867 | 194.85.248.167 | 80 | C:\Users\user\Desktop\U001P56ybm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Nov 25, 2021 18:24:11.256726027 CET | 8103 | OUT | |
Nov 25, 2021 18:24:11.284368038 CET | 8104 | OUT | |
Nov 25, 2021 18:24:11.963359118 CET | 8104 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
6 | 192.168.2.3 | 49750 | 194.85.248.167 | 80 | C:\Users\user\Desktop\U001P56ybm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Nov 25, 2021 18:22:28.257549047 CET | 1088 | OUT | |
Nov 25, 2021 18:22:28.287763119 CET | 1089 | OUT | |
Nov 25, 2021 18:22:28.383367062 CET | 1089 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
7 | 192.168.2.3 | 49751 | 194.85.248.167 | 80 | C:\Users\user\Desktop\U001P56ybm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Nov 25, 2021 18:22:29.608133078 CET | 1090 | OUT | |
Nov 25, 2021 18:22:29.636060953 CET | 1090 | OUT | |
Nov 25, 2021 18:22:30.439112902 CET | 1090 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
8 | 192.168.2.3 | 49752 | 194.85.248.167 | 80 | C:\Users\user\Desktop\U001P56ybm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Nov 25, 2021 18:22:31.618849993 CET | 1091 | OUT | |
Nov 25, 2021 18:22:31.647280931 CET | 1091 | OUT | |
Nov 25, 2021 18:22:32.376492023 CET | 1092 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
9 | 192.168.2.3 | 49755 | 194.85.248.167 | 80 | C:\Users\user\Desktop\U001P56ybm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Nov 25, 2021 18:22:35.179306030 CET | 1115 | OUT | |
Nov 25, 2021 18:22:35.207289934 CET | 1115 | OUT | |
Nov 25, 2021 18:22:35.268660069 CET | 1116 | IN |
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
High Level Behavior Distribution |
---|
back
Click to dive into process behavior distribution
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 18:22:06 |
Start date: | 25/11/2021 |
Path: | C:\Users\user\Desktop\U001P56ybm.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 301040 bytes |
MD5 hash: | 969E2CCFCACF3573DE922D9BCE81E3FD |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
General |
---|
Start time: | 18:22:08 |
Start date: | 25/11/2021 |
Path: | C:\Users\user\Desktop\U001P56ybm.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 301040 bytes |
MD5 hash: | 969E2CCFCACF3573DE922D9BCE81E3FD |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Disassembly |
---|
Code Analysis |
---|
Executed Functions |
---|
Function 004030E3, Relevance: 70.3, APIs: 23, Strings: 17, Instructions: 270filestringcomCOMMON
C-Code - Quality: 83% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405250, Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 156filestringCOMMON
C-Code - Quality: 94% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405C22, Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 100034C0, Relevance: 2877.8, APIs: 1, Strings: 1914, Instructions: 5297memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040380A, Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 345windowstringCOMMON
C-Code - Quality: 84% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403489, Relevance: 49.2, APIs: 15, Strings: 13, Instructions: 213stringregistrylibraryCOMMON
C-Code - Quality: 96% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 80% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401734, Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 147stringtimeCOMMON
C-Code - Quality: 60% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402E44, Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 174fileCOMMON
C-Code - Quality: 95% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401F51, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 69libraryloaderCOMMON
C-Code - Quality: 57% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 85% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 84% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401389, Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
C-Code - Quality: 69% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405602, Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
C-Code - Quality: 68% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004055E3, Relevance: 3.0, APIs: 2, Instructions: 9COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403066, Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403098, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 00404E07, Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 278windowclipboardmemoryCOMMON
C-Code - Quality: 96% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404618, Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 478windowmemoryCOMMONCrypto
C-Code - Quality: 98% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040411B, Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 266stringCOMMON
C-Code - Quality: 78% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040594D, Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 195stringCOMMON
C-Code - Quality: 74% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10001000, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 52memoryregistryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402012, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 134comCOMMON
C-Code - Quality: 74% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000EE31, Relevance: 3.0, APIs: 2, Instructions: 8COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402630, Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
C-Code - Quality: 39% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000D1BC, Relevance: .3, Instructions: 345COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000D5F1, Relevance: .3, Instructions: 341COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406043, Relevance: .3, Instructions: 334COMMONCrypto
C-Code - Quality: 79% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000CD87, Relevance: .3, Instructions: 331COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000C96F, Relevance: .3, Instructions: 323COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040681A, Relevance: .3, Instructions: 300COMMONCrypto
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403E25, Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 204windowstringCOMMON
C-Code - Quality: 93% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10001850, Relevance: 31.7, APIs: 10, Strings: 8, Instructions: 176registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 90% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10001AD0, Relevance: 24.6, APIs: 8, Strings: 6, Instructions: 115registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405679, Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 144filememoryCOMMON
C-Code - Quality: 93% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10001C30, Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 153registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10002270, Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 123registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10002400, Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 87registryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10002160, Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 87registryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10001490, Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 73registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 100010A0, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72memoryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10002FF0, Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 155registryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403D44, Relevance: 12.1, APIs: 8, Instructions: 61COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 86% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404598, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402B2D, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 100033C0, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 82registrystringCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004022F5, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71registrystringCOMMON
C-Code - Quality: 85% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 100016E0, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 60registryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 100017A0, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 49registryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10002E80, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 34registrymemoryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 84% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401CC1, Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 100031D0, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 112registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10002C90, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 82registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004044B6, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78stringCOMMON
C-Code - Quality: 51% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401BAD, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
C-Code - Quality: 51% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10002AA0, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 44memoryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040518B, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 24processCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10002B40, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 19memoryregistryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040541E, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 100109E0, Relevance: 6.1, APIs: 4, Instructions: 97COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401EC5, Relevance: 6.1, APIs: 4, Instructions: 54memoryCOMMON
C-Code - Quality: 85% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1001500D, Relevance: 6.0, APIs: 4, Instructions: 48COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401D1B, Relevance: 6.0, APIs: 4, Instructions: 34COMMON
C-Code - Quality: 67% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404C19, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004024B0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34filestringCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405465, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405577, Relevance: 5.0, APIs: 4, Instructions: 30stringCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Executed Functions |
---|
Function 00403D74, Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 200fileCOMMON
C-Code - Quality: 85% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 78% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406069, Relevance: 1.5, APIs: 1, Instructions: 12COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404ED4, Relevance: 1.5, APIs: 1, Instructions: 9networkCOMMON
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 75% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 37% |
|
APIs |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004040BB, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 129filememoryCOMMON
C-Code - Quality: 74% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00413866, Relevance: 4.6, APIs: 3, Instructions: 147synchronizationCOMMON
C-Code - Quality: 79% |
|
APIs |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004042CF, Relevance: 4.6, APIs: 3, Instructions: 60fileCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00412D31, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 178threadCOMMON
C-Code - Quality: 34% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402C03, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 13libraryloaderCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 92% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402B7C, Relevance: 3.0, APIs: 2, Instructions: 20memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004060BD, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
C-Code - Quality: 40% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403C62, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040642C, Relevance: 1.5, APIs: 1, Instructions: 18COMMON
C-Code - Quality: 37% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 37% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403BD0, Relevance: 1.5, APIs: 1, Instructions: 14COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040427D, Relevance: 1.5, APIs: 1, Instructions: 13COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403C40, Relevance: 1.5, APIs: 1, Instructions: 12COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403C08, Relevance: 1.5, APIs: 1, Instructions: 12fileCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403BEF, Relevance: 1.5, APIs: 1, Instructions: 12COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403BB7, Relevance: 1.5, APIs: 1, Instructions: 12COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403B64, Relevance: 1.5, APIs: 1, Instructions: 11COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404DE5, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403F9E, Relevance: 1.3, APIs: 1, Instructions: 16COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406472, Relevance: 1.3, APIs: 1, Instructions: 12sleepCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004058EA, Relevance: 1.3, APIs: 1, Instructions: 12COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405924, Relevance: 1.3, APIs: 1, Instructions: 12COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 0040D069, Relevance: 12.6, Strings: 10, Instructions: 138COMMON
C-Code - Quality: 88% |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040317B, Relevance: .0, Instructions: 46COMMON
C-Code - Quality: 90% |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040434D, Relevance: 15.1, APIs: 10, Instructions: 135comCOMMON
APIs |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |