Play interactive tourEdit tour
Windows Analysis Report gozi.exe
Overview
General Information
Detection
Ursnif
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected AntiVM3
Yara detected Ursnif
System process connects to network (likely due to code injection or exploit)
Antivirus detection for URL or domain
Multi AV Scanner detection for submitted file
Antivirus / Scanner detection for submitted sample
Tries to steal Mail credentials (via file / registry access)
Hooks registry keys query functions (used to hide registry keys)
Maps a DLL or memory area into another process
Sigma detected: Bad Opsec Defaults Sacrificial Processes With Improper Arguments
Uses nslookup.exe to query domains
Writes or reads registry keys via WMI
Machine Learning detection for sample
Allocates memory in foreign processes
May check the online IP address of the machine
.NET source code contains potential unpacker
Sigma detected: MSHTA Spawning Windows Shell
Creates a thread in another existing process (thread injection)
Disables SPDY (HTTP compression, likely to perform web injects)
Modifies the export address table of user mode modules (user mode EAT hooks)
Writes registry values via WMI
Writes to foreign memory regions
Changes memory attributes in foreign processes to executable or writable
Uses ping.exe to check the status of other devices and networks
Modifies the prolog of user mode functions (user mode inline hooks)
Uses ping.exe to sleep
Injects code into the Windows Explorer (explorer.exe)
Modifies the context of a thread in another process (thread injection)
Sigma detected: Mshta Spawning Windows Shell
Modifies the import address table of user mode modules (user mode IAT hooks)
Antivirus or Machine Learning detection for unpacked file
Contains functionality to query locales information (e.g. system language)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Found evasive API chain (date check)
Queries the installation date of Windows
Detected potential crypto function
Contains functionality to launch a process as a different user
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to dynamically determine API calls
HTTP GET or POST without a user agent
Contains long sleeps (>= 3 min)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Searches for the Microsoft Outlook file path
Drops PE files
Tries to load missing DLLs
Uses a known web browser user agent for HTTP communication
Binary contains a suspicious time stamp
Compiles C# or VB.Net code
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)
Queries the volume information (name, serial number etc) of a device
Sigma detected: Suspicious Rundll32 Activity
Contains functionality to query CPU information (cpuid)
Contains functionality to call native functions
Found dropped PE file which has not been started or loaded
Enables debug privileges
Sample file is different than original file name gathered from version info
Sigma detected: Suspicious Csc.exe Source File Folder
Uses Microsoft's Enhanced Cryptographic Provider
Classification
Process Tree |
---|
|
Malware Configuration |
---|
No configs have been found |
---|
Yara Overview |
---|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Ursnif_2 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif_2 | Yara detected Ursnif | Joe Security | ||
Click to see the 49 entries |
Unpacked PEs |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Ursnif_2 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif_2 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif_2 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif_2 | Yara detected Ursnif | Joe Security |
Sigma Overview |
---|
System Summary: |
---|
Sigma detected: Bad Opsec Defaults Sacrificial Processes With Improper Arguments | Show sources |
Source: | Author: Oleg Kolesnikov @securonix invrep_de, oscd.community, Florian Roth, Christian Burkard: |
Sigma detected: MSHTA Spawning Windows Shell | Show sources |
Source: | Author: Michael Haag: |
Sigma detected: Mshta Spawning Windows Shell | Show sources |
Source: | Author: Florian Roth: |
Sigma detected: Suspicious Rundll32 Activity | Show sources |
Source: | Author: juju4, Jonhnathan Ribeiro, oscd.community: |
Sigma detected: Suspicious Csc.exe Source File Folder | Show sources |
Source: | Author: Florian Roth: |
Sigma detected: Possible Applocker Bypass | Show sources |
Source: | Author: juju4: |
Sigma detected: Non Interactive PowerShell | Show sources |
Source: | Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): |
Sigma detected: T1086 PowerShell Execution | Show sources |
Source: | Author: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): |
Jbx Signature Overview |
---|
Click to jump to signature section
Show All Signature Results
AV Detection: |
---|
Antivirus detection for URL or domain | Show sources |
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: |
Multi AV Scanner detection for submitted file | Show sources |
Source: | Virustotal: | Perma Link | ||
Source: | Metadefender: | Perma Link | ||
Source: | ReversingLabs: |
Antivirus / Scanner detection for submitted sample | Show sources |
Source: | Avira: |
Machine Learning detection for sample | Show sources |
Source: | Joe Sandbox ML: |
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: |
Source: | Code function: | 8_2_010A7479 |
Source: | HTTPS traffic detected: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 8_2_03F18409 |
Source: | Code function: | 8_2_03F1B9D4 | |
Source: | Code function: | 8_2_03F0E91D | |
Source: | Code function: | 8_2_03F22ECF | |
Source: | Code function: | 47_2_0303E91D | |
Source: | Code function: | 47_2_0304B9D4 | |
Source: | Code function: | 47_2_03052ECF |
Networking: |
---|
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) | Show sources |
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: |
System process connects to network (likely due to code injection or exploit) | Show sources |
Source: | Domain query: |
Uses nslookup.exe to query domains | Show sources |
Source: | Process created: | ||
Source: | Process created: |
May check the online IP address of the machine | Show sources |
Source: | DNS query: | ||
Source: | DNS query: |
Uses ping.exe to check the status of other devices and networks | Show sources |
Source: | Process created: |
Source: | HTTP traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTP traffic detected: |
Source: | HTTPS traffic detected: |
Key, Mouse, Clipboard, Microphone and Screen Capturing: |
---|
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
E-Banking Fraud: |
---|
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Disables SPDY (HTTP compression, likely to perform web injects) | Show sources |
Source: | Registry key value created / modified: |
Source: | Code function: | 8_2_010A7479 |
System Summary: |
---|
Writes or reads registry keys via WMI | Show sources |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Writes registry values via WMI | Show sources |
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: |
Source: | Code function: | 2_2_0304C124 | |
Source: | Code function: | 2_2_0304E56A | |
Source: | Code function: | 2_2_0304E570 | |
Source: | Code function: | 2_2_07C27060 | |
Source: | Code function: | 2_2_07C26030 | |
Source: | Code function: | 8_2_010A7F60 | |
Source: | Code function: | 8_2_010A6B67 | |
Source: | Code function: | 8_2_010A6DD3 | |
Source: | Code function: | 8_2_03F163BC | |
Source: | Code function: | 8_2_03F1A241 | |
Source: | Code function: | 8_2_03F1F1EE | |
Source: | Code function: | 8_2_03F178F1 | |
Source: | Code function: | 8_2_03F0C086 | |
Source: | Code function: | 8_2_03F0504A | |
Source: | Code function: | 8_2_03F1CF97 | |
Source: | Code function: | 8_2_03F095FE | |
Source: | Code function: | 8_2_03F09D64 | |
Source: | Code function: | 8_2_03F034DC | |
Source: | Code function: | 28_2_00E7AB44 | |
Source: | Code function: | 28_2_00E7B58C | |
Source: | Code function: | 28_2_00E686D0 | |
Source: | Code function: | 28_2_00E640E8 | |
Source: | Code function: | 28_2_00E568FC | |
Source: | Code function: | 28_2_00E54080 | |
Source: | Code function: | 28_2_00E53890 | |
Source: | Code function: | 28_2_00E79858 | |
Source: | Code function: | 28_2_00E68024 | |
Source: | Code function: | 28_2_00E78820 | |
Source: | Code function: | 28_2_00E65828 | |
Source: | Code function: | 28_2_00E62804 | |
Source: | Code function: | 28_2_00E6B008 | |
Source: | Code function: | 28_2_00E6A808 | |
Source: | Code function: | 28_2_00E531D4 | |
Source: | Code function: | 28_2_00E66190 | |
Source: | Code function: | 28_2_00E6194B | |
Source: | Code function: | 28_2_00E5B154 | |
Source: | Code function: | 28_2_00E75954 | |
Source: | Code function: | 28_2_00E652CC | |
Source: | Code function: | 28_2_00E512BC | |
Source: | Code function: | 28_2_00E67BFC | |
Source: | Code function: | 28_2_00E53BA4 | |
Source: | Code function: | 28_2_00E72BA0 | |
Source: | Code function: | 28_2_00E72330 | |
Source: | Code function: | 28_2_00E5DCA8 | |
Source: | Code function: | 28_2_00E6CCA8 | |
Source: | Code function: | 28_2_00E644B4 | |
Source: | Code function: | 28_2_00E5C49C | |
Source: | Code function: | 28_2_00E6BC10 | |
Source: | Code function: | 28_2_00E59DF0 | |
Source: | Code function: | 28_2_00E78DA0 | |
Source: | Code function: | 28_2_00E7C588 | |
Source: | Code function: | 28_2_00E77D6C | |
Source: | Code function: | 28_2_00E60544 | |
Source: | Code function: | 28_2_00E74530 | |
Source: | Code function: | 28_2_00E6751C | |
Source: | Code function: | 28_2_00E5A6D0 | |
Source: | Code function: | 28_2_00E77EA0 | |
Source: | Code function: | 28_2_00E73E2C | |
Source: | Code function: | 28_2_00E61618 | |
Source: | Code function: | 28_2_00E737D0 | |
Source: | Code function: | 28_2_00E78FA8 | |
Source: | Code function: | 28_2_00E57F64 | |
Source: | Code function: | 28_2_00E5CF44 | |
Source: | Code function: | 28_2_00E69740 | |
Source: | Code function: | 28_2_00E6FF4C | |
Source: | Code function: | 36_2_0000020FDEA986D0 | |
Source: | Code function: | 36_2_0000020FDEAAAB44 | |
Source: | Code function: | 36_2_0000020FDEA8A6D0 | |
Source: | Code function: | 36_2_0000020FDEA812BC | |
Source: | Code function: | 36_2_0000020FDEA952CC | |
Source: | Code function: | 36_2_0000020FDEAA7EA0 | |
Source: | Code function: | 36_2_0000020FDEAA37D0 | |
Source: | Code function: | 36_2_0000020FDEA9BC10 | |
Source: | Code function: | 36_2_0000020FDEA95828 | |
Source: | Code function: | 36_2_0000020FDEAA8820 | |
Source: | Code function: | 36_2_0000020FDEA98024 | |
Source: | Code function: | 36_2_0000020FDEA97BFC | |
Source: | Code function: | 36_2_0000020FDEA9B008 | |
Source: | Code function: | 36_2_0000020FDEA9A808 | |
Source: | Code function: | 36_2_0000020FDEA92804 | |
Source: | Code function: | 36_2_0000020FDEA87F64 | |
Source: | Code function: | 36_2_0000020FDEAA2330 | |
Source: | Code function: | 36_2_0000020FDEA9FF4C | |
Source: | Code function: | 36_2_0000020FDEA99740 | |
Source: | Code function: | 36_2_0000020FDEA8CF44 | |
Source: | Code function: | 36_2_0000020FDEAA8FA8 | |
Source: | Code function: | 36_2_0000020FDEAA2BA0 | |
Source: | Code function: | 36_2_0000020FDEA83BA4 | |
Source: | Code function: | 36_2_0000020FDEA940E8 | |
Source: | Code function: | 36_2_0000020FDEA944B4 | |
Source: | Code function: | 36_2_0000020FDEA9751C | |
Source: | Code function: | 36_2_0000020FDEA868FC | |
Source: | Code function: | 36_2_0000020FDEAA9858 | |
Source: | Code function: | 36_2_0000020FDEA8C49C | |
Source: | Code function: | 36_2_0000020FDEA83890 | |
Source: | Code function: | 36_2_0000020FDEA8DCA8 | |
Source: | Code function: | 36_2_0000020FDEA9CCA8 | |
Source: | Code function: | 36_2_0000020FDEA84080 | |
Source: | Code function: | 36_2_0000020FDEA831D4 | |
Source: | Code function: | 36_2_0000020FDEA91618 | |
Source: | Code function: | 36_2_0000020FDEAA3E2C | |
Source: | Code function: | 36_2_0000020FDEA89DF0 | |
Source: | Code function: | 36_2_0000020FDEA8B154 | |
Source: | Code function: | 36_2_0000020FDEAA5954 | |
Source: | Code function: | 36_2_0000020FDEAA7D6C | |
Source: | Code function: | 36_2_0000020FDEAA4530 | |
Source: | Code function: | 36_2_0000020FDEA9194B | |
Source: | Code function: | 36_2_0000020FDEA90544 | |
Source: | Code function: | 36_2_0000020FDEA96190 | |
Source: | Code function: | 36_2_0000020FDEAA8DA0 | |
Source: | Code function: | 36_2_0000020FDEAAC588 | |
Source: | Code function: | 36_2_0000020FDEAAB58C | |
Source: | Code function: | 47_2_030463BC | |
Source: | Code function: | 47_2_0304A241 | |
Source: | Code function: | 47_2_0304F1EE | |
Source: | Code function: | 47_2_0303504A | |
Source: | Code function: | 47_2_0303C086 | |
Source: | Code function: | 47_2_030478F1 | |
Source: | Code function: | 47_2_0304CF97 | |
Source: | Code function: | 47_2_03039D64 | |
Source: | Code function: | 47_2_030395FE | |
Source: | Code function: | 47_2_03055430 | |
Source: | Code function: | 47_2_030334DC |
Source: | Code function: | 8_2_03F0E6B9 |
Source: | Key opened: | Jump to behavior |
Source: | Section loaded: | Jump to behavior |
Source: | Code function: | 8_2_0040140F | |
Source: | Code function: | 8_2_0040182F | |
Source: | Code function: | 8_2_00401ABC | |
Source: | Code function: | 8_2_010A231E | |
Source: | Code function: | 8_2_010A5D85 | |
Source: | Code function: | 8_2_010A60A0 | |
Source: | Code function: | 8_2_010A8185 | |
Source: | Code function: | 8_2_03F1B38D | |
Source: | Code function: | 8_2_03F0D317 | |
Source: | Code function: | 8_2_03F21AE3 | |
Source: | Code function: | 8_2_03F0D274 | |
Source: | Code function: | 8_2_03F229E0 | |
Source: | Code function: | 8_2_03F0317C | |
Source: | Code function: | 8_2_03F0696A | |
Source: | Code function: | 8_2_03F12931 | |
Source: | Code function: | 8_2_03F076E3 | |
Source: | Code function: | 8_2_03F1CEED | |
Source: | Code function: | 8_2_03F17523 | |
Source: | Code function: | 8_2_03F08C10 | |
Source: | Code function: | 8_2_03F10B30 | |
Source: | Code function: | 8_2_03F10A74 | |
Source: | Code function: | 8_2_03F2389B | |
Source: | Code function: | 8_2_03F0483A | |
Source: | Code function: | 8_2_03F03F97 | |
Source: | Code function: | 8_2_03F17EEF | |
Source: | Code function: | 8_2_03F01641 | |
Source: | Code function: | 8_2_03F0155B | |
Source: | Code function: | 8_2_03F1E4D5 | |
Source: | Code function: | 28_2_00E69994 | |
Source: | Code function: | 28_2_00E56140 | |
Source: | Code function: | 28_2_00E51B84 | |
Source: | Code function: | 28_2_00E6AC44 | |
Source: | Code function: | 28_2_00E73C1C | |
Source: | Code function: | 28_2_00E7B58C | |
Source: | Code function: | 28_2_00E70E70 | |
Source: | Code function: | 28_2_00E5E614 | |
Source: | Code function: | 28_2_00E51FBC | |
Source: | Code function: | 28_2_00E5FF60 | |
Source: | Code function: | 28_2_00E8F01F | |
Source: | Code function: | 36_2_0000020FDEA81B84 | |
Source: | Code function: | 36_2_0000020FDEA9AC44 | |
Source: | Code function: | 36_2_0000020FDEABF00B | |
Source: | Code function: | 47_2_0303D274 | |
Source: | Code function: | 47_2_03051AE3 | |
Source: | Code function: | 47_2_030529E0 | |
Source: | Code function: | 47_2_03047523 | |
Source: | Code function: | 47_2_03031641 | |
Source: | Code function: | 47_2_03047EEF | |
Source: | Code function: | 47_2_0303155B | |
Source: | Code function: | 47_2_0304E4D5 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | File read: | Jump to behavior |
Source: | Virustotal: | ||
Source: | Metadefender: | ||
Source: | ReversingLabs: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: |
Source: | Key value queried: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: |
Source: | Code function: | 8_2_010A1141 |
Source: | Process created: |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | |||
Source: | File read: |
Source: | Key opened: | Jump to behavior |
Source: | File opened: |
Source: | Window detected: |
Source: | File opened: | Jump to behavior |
Source: | Key opened: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Data Obfuscation: |
---|
.NET source code contains potential unpacker | Show sources |
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: |
Source: | Code function: | 8_2_010AB734 | |
Source: | Code function: | 8_2_010A7F5F | |
Source: | Code function: | 8_2_010A7BE9 | |
Source: | Code function: | 8_2_010AB808 | |
Source: | Code function: | 8_2_010AB6BF | |
Source: | Code function: | 8_2_03F2542F | |
Source: | Code function: | 28_2_00E77302 | |
Source: | Code function: | 36_2_0000020FDEAA7302 | |
Source: | Code function: | 47_2_03055079 | |
Source: | Code function: | 47_2_03053D43 | |
Source: | Code function: | 47_2_0305542F |
Source: | Code function: | 8_2_004012E6 |
Source: | Static PE information: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Static PE information: |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Hooking and other Techniques for Hiding and Protection: |
---|
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Hooks registry keys query functions (used to hide registry keys) | Show sources |
Source: | IAT, EAT, inline or SSDT hook detected: |
Modifies the export address table of user mode modules (user mode EAT hooks) | Show sources |
Source: | IAT of a user mode module has changed: |
Modifies the prolog of user mode functions (user mode inline hooks) | Show sources |
Source: | User mode code has changed: |
Modifies the import address table of user mode modules (user mode IAT hooks) | Show sources |
Source: | EAT of a user mode module has changed: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: |
Malware Analysis System Evasion: |
---|
Yara detected AntiVM3 | Show sources |
Source: | File source: |
Uses ping.exe to sleep | Show sources |
Source: | Process created: | ||
Source: | Process created: |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Evasive API call chain: | ||
Source: | Evasive API call chain: |
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | API coverage: |
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Code function: | 8_2_03F18409 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Source: | Code function: | 8_2_03F1B9D4 | |
Source: | Code function: | 8_2_03F0E91D | |
Source: | Code function: | 8_2_03F22ECF | |
Source: | Code function: | 47_2_0303E91D | |
Source: | Code function: | 47_2_0304B9D4 | |
Source: | Code function: | 47_2_03052ECF |
Source: | Code function: | 8_2_004012E6 |
Source: | Process token adjusted: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior |
Source: | Code function: | 8_2_03F016AF | |
Source: | Code function: | 47_2_030316AF |
HIPS / PFW / Operating System Protection Evasion: |
---|
System process connects to network (likely due to code injection or exploit) | Show sources |
Source: | Domain query: |
Maps a DLL or memory area into another process | Show sources |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: |
Allocates memory in foreign processes | Show sources |
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | |||
Source: | Memory allocated: | |||
Source: | Memory allocated: | |||
Source: | Memory allocated: | |||
Source: | Memory allocated: | |||
Source: | Memory allocated: |
Creates a thread in another existing process (thread injection) | Show sources |
Source: | Thread created: | Jump to behavior | ||
Source: | Thread created: | |||
Source: | Thread created: | |||
Source: | Thread created: | |||
Source: | Thread created: |
Writes to foreign memory regions | Show sources |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | |||
Source: | Memory written: | |||
Source: | Memory written: | |||
Source: | Memory written: | |||
Source: | Memory written: | |||
Source: | Memory written: | |||
Source: | Memory written: | |||
Source: | Memory written: | |||
Source: | Memory written: | |||
Source: | Memory written: | |||
Source: | Memory written: | |||
Source: | Memory written: | |||
Source: | Memory written: | |||
Source: | Memory written: | |||
Source: | Memory written: | |||
Source: | Memory written: | |||
Source: | Memory written: | |||
Source: | Memory written: | |||
Source: | Memory written: | |||
Source: | Memory written: | |||
Source: | Memory written: | |||
Source: | Memory written: |
Changes memory attributes in foreign processes to executable or writable | Show sources |
Source: | Memory protected: | ||
Source: | Memory protected: | ||
Source: | Memory protected: | ||
Source: | Memory protected: | ||
Source: | Memory protected: | ||
Source: | Memory protected: | ||
Source: | Memory protected: | ||
Source: | Memory protected: | ||
Source: | Memory protected: | ||
Source: | Memory protected: | ||
Source: | Memory protected: | ||
Source: | Memory protected: |
Injects code into the Windows Explorer (explorer.exe) | Show sources |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | |||
Source: | Memory written: | |||
Source: | Memory written: | |||
Source: | Memory written: |
Modifies the context of a thread in another process (thread injection) | Show sources |
Source: | Thread register set: | Jump to behavior | ||
Source: | Thread register set: | Jump to behavior | ||
Source: | Thread register set: | |||
Source: | Thread register set: | |||
Source: | Thread register set: | |||
Source: | Thread register set: | |||
Source: | Thread register set: | |||
Source: | Thread register set: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 8_2_00401AFE |
Source: | Key value queried: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Code function: | 8_2_010A42A6 |
Source: | Key value queried: | Jump to behavior |
Source: | Code function: | 8_2_00401C44 |
Source: | Code function: | 8_2_010A42A6 |
Source: | Code function: | 8_2_03F1C557 |
Source: | Code function: | 8_2_004017A0 |
Stealing of Sensitive Information: |
---|
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Tries to steal Mail credentials (via file / registry access) | Show sources |
Source: | Key opened: | ||
Source: | Key opened: |
Remote Access Functionality: |
---|
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts1 | Windows Management Instrumentation2 | DLL Side-Loading1 | DLL Side-Loading1 | Disable or Modify Tools1 | Credential API Hooking3 | System Time Discovery1 | Remote Services | Archive Collected Data12 | Exfiltration Over Other Network Medium | Ingress Tool Transfer1 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Data Encrypted for Impact1 |
Default Accounts | Native API2 | Valid Accounts1 | Valid Accounts1 | Deobfuscate/Decode Files or Information1 | LSASS Memory | Account Discovery1 | Remote Desktop Protocol | Email Collection11 | Exfiltration Over Bluetooth | Encrypted Channel21 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | Command and Scripting Interpreter1 | Logon Script (Windows) | Access Token Manipulation1 | Obfuscated Files or Information2 | Security Account Manager | File and Directory Discovery3 | SMB/Windows Admin Shares | Credential API Hooking3 | Automated Exfiltration | Non-Application Layer Protocol3 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Process Injection813 | Software Packing13 | NTDS | System Information Discovery46 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Application Layer Protocol14 | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Timestomp1 | LSA Secrets | Security Software Discovery1 | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | DLL Side-Loading1 | Cached Domain Credentials | Virtualization/Sandbox Evasion21 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | Rootkit4 | DCSync | Process Discovery3 | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | Masquerading1 | Proc Filesystem | Application Window Discovery1 | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue | |
Exploit Public-Facing Application | PowerShell | At (Linux) | At (Linux) | Valid Accounts1 | /etc/passwd and /etc/shadow | System Owner/User Discovery1 | Software Deployment Tools | Data Staged | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Web Protocols | Rogue Cellular Base Station | Data Destruction | |
Supply Chain Compromise | AppleScript | At (Windows) | At (Windows) | Access Token Manipulation1 | Network Sniffing | Remote System Discovery11 | Taint Shared Content | Local Data Staging | Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol | File Transfer Protocols | Data Encrypted for Impact | ||
Compromise Software Dependencies and Development Tools | Windows Command Shell | Cron | Cron | Virtualization/Sandbox Evasion21 | Input Capture | System Network Configuration Discovery3 | Replication Through Removable Media | Remote Data Staging | Exfiltration Over Physical Medium | Mail Protocols | Service Stop | ||
Compromise Software Supply Chain | Unix Shell | Launchd | Launchd | Process Injection813 | Keylogging | Local Groups | Component Object Model and Distributed COM | Screen Capture | Exfiltration over USB | DNS | Inhibit System Recovery | ||
Compromise Hardware Supply Chain | Visual Basic | Scheduled Task | Scheduled Task | Rundll321 | GUI Input Capture | Domain Groups | Exploitation of Remote Services | Email Collection | Commonly Used Port | Proxy | Defacement |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
38% | Virustotal | Browse | ||
40% | Metadefender | Browse | ||
65% | ReversingLabs | ByteCode-MSIL.Trojan.AgentTesla | ||
100% | Avira | TR/Kryptik.jcfst | ||
100% | Joe Sandbox ML |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | TR/Crypt.ZPACK.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | HEUR/AGEN.1108168 | Download File | ||
100% | Avira | TR/Crypt.ZPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.ZPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.ZPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.ZPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.ZPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.ZPACK.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Crypt.ZPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.ZPACK.Gen | Download File |
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira URL Cloud | malware | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
myip.opendns.com | 102.129.143.64 | true | false | high | |
resolver1.opendns.com | 208.67.222.222 | true | false | high | |
transfer.sh | 144.76.136.153 | true | false | high | |
io.immontyr.com | 185.189.12.123 | true | false | high | |
apr.intooltak.com | 185.189.12.123 | true | false | high | |
222.222.67.208.in-addr.arpa | unknown | unknown | false | high |
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown | |
false | high | ||
true |
| unknown |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
true |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| low | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
144.76.136.153 | transfer.sh | Germany | 24940 | HETZNER-ASDE | false | |
185.189.12.123 | io.immontyr.com | Russian Federation | 50113 | SUPERSERVERSDATACENTERRU | false |
General Information |
---|
Joe Sandbox Version: | 34.0.0 Boulder Opal |
Analysis ID: | 551701 |
Start date: | 12.01.2022 |
Start time: | 13:00:19 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 15m 29s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | gozi.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 45 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 4 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.bank.troj.spyw.evad.winEXE@35/22@10/2 |
EGA Information: |
|
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
13:01:33 | API Interceptor | |
13:02:05 | API Interceptor | |
13:02:20 | API Interceptor |
Joe Sandbox View / Context |
---|
Created / dropped Files |
---|
Process: | C:\Users\user\Desktop\gozi.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1119 |
Entropy (8bit): | 5.356708753875314 |
Encrypted: | false |
SSDEEP: | 24:MLUE4K5E4Ks2E1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4j:MIHK5HKXE1qHiYHKhQnoPtHoxHhAHKzd |
MD5: | 3197B1D4714B56F2A6AC9E83761739AE |
SHA1: | 3B38010F0DF51C1D4D2C020138202DABB686741D |
SHA-256: | 40586572180B85042FEFED9F367B43831C5D269751D9F3940BBC29B41E18E9F6 |
SHA-512: | 58EC975A53AD9B19B425F6C6843A94CC280F794D436BBF3D29D8B76CA1E8C2D8883B3E754F9D4F2C9E9387FE88825CCD9919369A5446B1AFF73EDBE07FA94D88 |
Malicious: | true |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 11606 |
Entropy (8bit): | 4.883977562702998 |
Encrypted: | false |
SSDEEP: | 192:Axoe5FpOMxoe5Pib4GVsm5emdKVFn3eGOVpN6K3bkkjo5HgkjDt4iWN3yBGHh9sO:6fib4GGVoGIpN6KQkj2Akjh4iUxs14fr |
MD5: | 1F1446CE05A385817C3EF20CBD8B6E6A |
SHA1: | 1E4B1EE5EFCA361C9FB5DC286DD7A99DEA31F33D |
SHA-256: | 2BCEC12B7B67668569124FED0E0CEF2C1505B742F7AE2CF86C8544D07D59F2CE |
SHA-512: | 252AD962C0E8023419D756A11F0DDF2622F71CBC9DAE31DC14D9C400607DF43030E90BCFBF2EE9B89782CC952E8FB2DADD7BDBBA3D31E33DA5A589A76B87C514 |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 64 |
Entropy (8bit): | 0.9260988789684415 |
Encrypted: | false |
SSDEEP: | 3:Nlllulb/lj:NllUb/l |
MD5: | 13AF6BE1CB30E2FB779EA728EE0A6D67 |
SHA1: | F33581AC2C60B1F02C978D14DC220DCE57CC9562 |
SHA-256: | 168561FB18F8EBA8043FA9FC4B8A95B628F2CF5584E5A3B96C9EBAF6DD740E3F |
SHA-512: | 1159E1087BC7F7CBB233540B61F1BDECB161FF6C65AD1EFC9911E87B8E4B2E5F8C2AF56D67B33BC1F6836106D3FEA8C750CC24B9F451ACF85661E0715B829413 |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\cmd.exe |
File Type: | |
Category: | modified |
Size (bytes): | 120 |
Entropy (8bit): | 4.530397332961481 |
Encrypted: | false |
SSDEEP: | 3:cPaRhARtt7TSjjhThARtuV/gRLwvI11/v:oMWbtChWb0gRLwQL/v |
MD5: | 1658AC427436559C818CE024565FC43B |
SHA1: | 8ECC6A8B9512D66EC9816669273CD2934075ADA8 |
SHA-256: | 6AE6B137C04602F2D9D5191E3F6E8F54FB4E9D1FA63C3061CCF909A30966ADDD |
SHA-512: | 6D0C4CDA4C43B32226643D2C19871D1CEF506612B2C3B5DF3241A7A7E654D4149B9F3582F484DB12D577E5C27D7AC45784786726948A2C3401CBA59FC43216E1 |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 394 |
Entropy (8bit): | 4.993235973617522 |
Encrypted: | false |
SSDEEP: | 6:V/DsYLDS81zuJlMRSRa+eNMjSSRrJ90SRNmbPJjxVnQy:V/DTLDfu/9eg5rJ9kbx92y |
MD5: | 030386E2BD305EC55BEE50D72051A0C2 |
SHA1: | 618FE858F3B7B1296E760EE21969463861B875E3 |
SHA-256: | 2DABA5D5466729FE4AD5753FBB2F95BC486F9AF12A59516BA175F6FF2062CE44 |
SHA-512: | 0017F802613E78C762F43480581E4F92433F39DF07C402BDF462E6AD0310375D62AE782C605A2EAAF646783F070858B1F1AC358CC8394422C04C72C160E0067A |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 351 |
Entropy (8bit): | 5.23048440708271 |
Encrypted: | false |
SSDEEP: | 6:pAu+H2LvkuqJDdqxLTKbDdqB/6K2WXp+N23fyzxs7+AEszIWXp+N23fsA:p37Lvkmb6KH6WZE8f |
MD5: | 058C6409B55A3272B281DD66A1836169 |
SHA1: | 41EC7E456D84A1256A98B5C4A265A9FFB4E652B5 |
SHA-256: | BDCE0FEF36E9B3E61B8C0FFA6AE77766B5E6D3491C48B3ED8ACFF6A6F08944B1 |
SHA-512: | F751793C7204FB6C49201E778342F0E7208430EB8A0181B206A6CBDB72BCB8090E2D79AB0F791854BCD4030DA78E9B5658BE42BC3E1B90986F5BE0BB1200467C |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3584 |
Entropy (8bit): | 2.5958443880784277 |
Encrypted: | false |
SSDEEP: | 24:etGSq/W2dg85n+QRW4+hOdWDOyFWHEtkZfqBBr0+WI+ycuZhNNGakSsXPNnq:6/kb5+QReKWKyW7JqYl1uloa3kq |
MD5: | D946993F47784F9E8727577D58C6B065 |
SHA1: | 853445BA684F35E59B89D0FD5EBC04A266394175 |
SHA-256: | 0FC0E5ED70D2AD453D22DA38C742970F1E390C4D44A69B6CF46A9C6CA102B845 |
SHA-512: | 65E7555AA0DA658EF64FD6C67AF9168750F0157D9FAC6F5DAB05F96732E37F2F3411622316C90F46E33877273FA85919920DEDB17A03FB0137D8BBA8F3EC4070 |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | modified |
Size (bytes): | 848 |
Entropy (8bit): | 5.316959711953796 |
Encrypted: | false |
SSDEEP: | 12:xKIR37Lvkmb6KH6WZE8GKaMK4BFNn5KBZvK2wo8dRSgarZucvW3ZDPOU:AId3ka6KHbE8GKaM5DqBVKVrdFAMBJTH |
MD5: | FFBD7395F541E9292620BE41E7B60BC6 |
SHA1: | F88961F2BB9BB564D928AB202C079D199F8C2461 |
SHA-256: | 70BA1D1E6607E9F5C24E2B1B9644868ECC6F94D27F959582927FFCD83CF118EA |
SHA-512: | B73C098B39DD1B75EF2DDEA939CB7E7FA952CB319580C7C2ADC6AE7DF138FA2D1BD19B6B30B69205C5FAB1747290E41D82CF004FB15D228BF9EFFFDF9C0F7EE7 |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 652 |
Entropy (8bit): | 3.070551977275083 |
Encrypted: | false |
SSDEEP: | 12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryUmGak7YnqqlmXPN5Dlq5J:+RI+ycuZhNNGakSsXPNnqX |
MD5: | 4DD4A6AF96C02C85FC1B4A3BCAF6D199 |
SHA1: | AF08B5DB30EDD73F8124F37CA13C1AB739511C7B |
SHA-256: | 4CBD308EA2CEF31935CB7502488B37D1570A50CCF1C21E29A1755A28A9E3DF83 |
SHA-512: | 5C5B182C7840841B990CFB5627C60E7123C3AABB400EC72478275B2D22779E26182FC27EF252EBEFBB475983ACC2A4EE741484281ABB67295D088DF148CDAF61 |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 652 |
Entropy (8bit): | 3.085252687053476 |
Encrypted: | false |
SSDEEP: | 12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gry6dak7Ynqq/yPN5Dlq5J:+RI+ycuZhNMdakS/yPNnqX |
MD5: | F17798721D9D8097A6CAFFCFE55C2B52 |
SHA1: | 324AE9044C5E8CB1BDC3C4387D76E709CF2E2596 |
SHA-256: | 20111EB796E35ADE092F0EB11B0094ACD1ADF0E314FB3BCD00B18E6D6691CF4E |
SHA-512: | 15D67C5025F4FE0664383E4D11B0838CF1F65AE8B7C319914E765A4D3B3591EADB6E30AB0723BFA8DE4459D2AC1FD5F24DD59F8B231A7A7DC73937543E04BAED |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1320 |
Entropy (8bit): | 3.9747614955739956 |
Encrypted: | false |
SSDEEP: | 24:HvnW9rIhJJ1hH1hKdNWI+ycuZhNMdakS/yPNnq9hgd:/WIhvDKd41ulMda3/eq9y |
MD5: | E50591F2515FD6E3BEA0353DAB5D673A |
SHA1: | DCB1415CF1CF92D75A6F7E84B69A0E3128C00F40 |
SHA-256: | 8148523D8A0A2E8A445C227BF54B7644D1383DF82EA251B69972597E0EFE5846 |
SHA-512: | 252353EA877404BD8BD9ACA4DFC912B3BD1DA103158E87A5E6E89EB96B872F220572441ECD6353F9DD45B8C82B1EC01E2C365BCC17FB7945D3F057838638C029 |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1320 |
Entropy (8bit): | 3.986906757782769 |
Encrypted: | false |
SSDEEP: | 24:HQnW9r0ZJXXhHdxhKdNWI+ycuZhNNGakSsXPNnq9hgd:mW0J9/Kd41uloa3kq9y |
MD5: | 3A3F3DA7DC5DB0BFDABCB2560F30248D |
SHA1: | D3B2AE662A7577A2852CBCCC7DFDB1735197025B |
SHA-256: | 49563F9489033AE40978A64856F6A6A87616F394F4D494D819A9CA9E4E8859BF |
SHA-512: | B62BB815D315428A8EBCB4B9FED77776BA8F32AEA6E22463D46E6A4DF903AC683059868D608AB188E92F3EDB791D98B00ED6E9F7D19869A2463035C930216171 |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:U:U |
MD5: | C4CA4238A0B923820DCC509A6F75849B |
SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:U:U |
MD5: | C4CA4238A0B923820DCC509A6F75849B |
SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 404 |
Entropy (8bit): | 5.0070648605119645 |
Encrypted: | false |
SSDEEP: | 6:V/DsYLDS81zuJA2EBaHMRSR7a18LTvVSRa+rVSSRnA/f0REWowy:V/DTLDfu2cPjLT89rV5nA/w/owy |
MD5: | F0B963F8AA00CA94A4AD66F311B988E2 |
SHA1: | 37F7E8D69DDEA558DEFD0C10FF1157E26884E7EC |
SHA-256: | 96038DB143062F959B6F1CA6944FCB0D291DA99881953ADE5A6BA02161CFA82A |
SHA-512: | EE54EFC484487B7EB8EE8A1CCED621C16ADE5A4610084290D43CC0555BA498B693F1D5F43371266CFE4EBBE62762086FEF5C2363289D6B1621D07BF704C5E7D1 |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 351 |
Entropy (8bit): | 5.238076059987274 |
Encrypted: | false |
SSDEEP: | 6:pAu+H2LvkuqJDdqxLTKbDdqB/6K2WXp+N23frqzxs7+AEszIWXp+N23frP:p37Lvkmb6KHGWZE8b |
MD5: | 61F20EEB83A2DF00A0E1C0D4368354EA |
SHA1: | 98B857458DF3E06C218FCFBC853AD767C74D7B8A |
SHA-256: | 9615118FD447D54C43293290C468D10221942E7E810F17F49480F7734D98AAC0 |
SHA-512: | A3E322EF05A55385894223D01811CAE07BB011AF57DCB9AFB81ACC3F04E124EE7A9BE3B6C9B1D367788A312452174864136480B4B34D3BF35B33D3ECAC53E46D |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3584 |
Entropy (8bit): | 2.6126452766069947 |
Encrypted: | false |
SSDEEP: | 24:etGSE8OmU0t3lm85nt4tdxC6AC4Zz5tkZf36BBVUWI+ycuZhNMdakS/yPNnq:6+XQ3r5eXxPBJ36t31ulMda3/eq |
MD5: | 5CC9D50B6760682611B3001F799005E1 |
SHA1: | F520D61EF463854F7E3B91BEB55892F679D37891 |
SHA-256: | FA2213FE59474D70AD43F883D3B9A1F3BA16DE02ABE723CC01D55527EC05BD36 |
SHA-512: | 42D5DEEDACC985F0CAD40C6CB5EDC64696C9F75011E6FD9636ACCF539665E80FE06A6201B290D24706E9836519A77129C9F02F8E56E0B086ED1A6F004C5BB524 |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | modified |
Size (bytes): | 848 |
Entropy (8bit): | 5.31481093333281 |
Encrypted: | false |
SSDEEP: | 12:xKIR37Lvkmb6KHGWZE8aKaMK4BFNn5KBZvK2wo8dRSgarZucvW3ZDPOU:AId3ka6KHXE8aKaM5DqBVKVrdFAMBJTH |
MD5: | EAFAD10C6DD69F7BA9B9D2089259EC62 |
SHA1: | F0BC0816BD99DDA9C30AC968D4889F5D18F5D64D |
SHA-256: | 8BDEE52DE988618605086BBBC39BAE6D0D036D32C78046E6E4088EE50566D945 |
SHA-512: | DE3D2A986F37341410B6DE41DC495557D94F6EB2CD4A86B2A78273E853C0434099FE8573CF2654B4A55A0DC6294A6165AB065A663F41B686F2EB5981C3B9E376 |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\explorer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 226 |
Entropy (8bit): | 5.42745270932473 |
Encrypted: | false |
SSDEEP: | 6:QH51se4AEegKz1+LgyKBM34H6sw83F1tu1TjtIBtNgAptn:Q7se4AEeNzgLgyaI4HRlANtIBtvptn |
MD5: | 7DD27CE4C0B3B5F7177B2FB71F66BC9B |
SHA1: | C3D34E4179FE53C6EBFCBC80F81055A86B6DCD6B |
SHA-256: | AF793E7055850DFD1B498482A5D7281BB71CAC42493B6A1563A2D99650B6A4D0 |
SHA-512: | 79AD216282C466CE6626066C7773410DE5EBACDFC2FB27B382AF16E22CBE8704ECD71E14B8649B558EC9AE4BD800166957C50F669D0B8A342CFBAF791064B740 |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1351 |
Entropy (8bit): | 5.387953138240641 |
Encrypted: | false |
SSDEEP: | 24:BxSAUxvBnRRox2DOXUWt5KTLCHALIYBtBCWIHjeTKKjX4CIym1ZJXa5KTLCHALIS:BZovhXooON5KAAEeVIqDYB1Z85KAAEet |
MD5: | BFA122D2010C9F247C467465FEEB48A3 |
SHA1: | 45E447C7FE361ED90E3A65936B89164815A183CA |
SHA-256: | 5C163C94489717F2AA3DA74CB3986D6199865C779BCC72977507BEE575BE9F6E |
SHA-512: | 492B4E2A5B5F4CF91D126AAE6E2659DB879B4055307242084F2A725A349DD1709C71B2B248B948C4678F8B0153DE6AF1CBBFA3E6BFCAAC9257253E8637D94538 |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\explorer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 838 |
Entropy (8bit): | 3.073236880282747 |
Encrypted: | false |
SSDEEP: | 12:8glVm/3BVSXvk44X3ojsqzKtnWNaVgiNL4t2Y+xIBjK:8p/BHYVKVWiV57aB |
MD5: | CA1C201059C5BFD5900F5EB2466883CC |
SHA1: | BF3670A8C06A4FABC5C410F368E178B353F9166C |
SHA-256: | E5717E89B0D46C5E89F39410FA7A9DE94AA6A3301F8AC920F84F1A7179554085 |
SHA-512: | 2273AF46D41B9698B23AEADD8EFBEF80017CFD465B4347CFB99C2FEAE371F39A511288AA64AAFA2E35DD2AD883D8E43D70A65E62C18977C6C6D85E3153041D4C |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\nslookup.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 28 |
Entropy (8bit): | 4.039148671903071 |
Encrypted: | false |
SSDEEP: | 3:U+6QlBxAN:U+7BW |
MD5: | D796BA3AE0C072AA0E189083C7E8C308 |
SHA1: | ABB1B68758B9C2BF43018A4AEAE2F2E72B626482 |
SHA-256: | EF17537B7CAAB3B16493F11A099F3192D5DCD911C1E8DF0F68FE4AB6531FB43E |
SHA-512: | BF497C5ACF74DE2446834E93900E92EC021FC03A7F1D3BF7453024266349CCE39C5193E64ACBBD41E3A037473A9DB6B2499540304EAD51E002EF3B747748BF36 |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 7.2897830477166385 |
TrID: |
|
File name: | gozi.exe |
File size: | 167424 |
MD5: | 8ee79738c37a919fdf38dc5a621556ce |
SHA1: | ae35e761cd1633fa8b70bda3c2e3649c1694ffd1 |
SHA256: | 51037666d1982db93e3123e88594d409805d3f1d970e9f926dcadb99f77f50f6 |
SHA512: | 1f7081702e49222272fecc457153031457caa3376d5a11bcc4b333246626ebc7168e102ce2d229e7d4dc32d4ba5556541ff2cc5f26988e16331db33582e58688 |
SSDEEP: | 3072:L6wsatjMVqRmJyGrYnw0Zz9EbuJL2/5ipGlXnHyJBA8lPqBohiVVHyM/:OvatSqRayG9aL+0Jrqfy2 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...d.D..........."...0.................. ........@.. ....................................`................................ |
File Icon |
---|
Icon Hash: | 00828e8e8686b000 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x429fd2 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE |
DLL Characteristics: | NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT, HIGH_ENTROPY_VA |
Time Stamp: | 0xBF44DD64 [Tue Sep 8 18:09:40 2071 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | v4.0.30319 |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
Entrypoint Preview |
---|
Instruction |
---|
jmp dword ptr [00402000h] |
add dword ptr [edx], eax |
add eax, dword ptr [00080706h+eax] |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [edx], al |
add byte ptr [eax], dl |
add byte ptr [eax], al |
add byte ptr [eax], ah |
add byte ptr [eax], al |
sbb byte ptr [eax], 00000000h |
add byte ptr [eax], al |
cmp byte ptr [eax], al |
add byte ptr [eax+00000000h], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add dword ptr [eax], eax |
add dword ptr [eax], eax |
add byte ptr [eax], al |
push eax |
add byte ptr [eax], al |
add byte ptr [eax], 00000000h |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add dword ptr [eax], eax |
add dword ptr [eax], eax |
add byte ptr [eax], al |
push 00800000h |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [ecx], al |
add byte ptr [ecx], cl |
or al, 00h |
add byte ptr [eax+00000000h], cl |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [edx], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax+09000000h], bl |
add al, 00h |
add byte ptr [eax-48000000h], ch |
mov al, byte ptr [03340002h] |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
in al, dx |
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x29f7e | 0x4f | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x2a000 | 0x953 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x2c000 | 0xc | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x29ec4 | 0x38 | .text |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x2000 | 0x8 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x2008 | 0x48 | .text |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x2000 | 0x27fe0 | 0x28000 | False | 0.724468994141 | data | 7.33101766252 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rsrc | 0x2a000 | 0x953 | 0xa00 | False | 0.379296875 | data | 4.75466533347 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x2c000 | 0xc | 0x200 | False | 0.044921875 | data | 0.101910425663 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_VERSION | 0x2a0b8 | 0x334 | data | English | Australia |
RT_MANIFEST | 0x2a3ec | 0x1ea | XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators | ||
RT_MANIFEST | 0x2a5d8 | 0x37b | ASCII text, with very long lines, with no line terminators | English | United States |
Imports |
---|
DLL | Import |
---|---|
mscoree.dll | _CorExeMain |
Version Infos |
---|
Description | Data |
---|---|
LegalCopyright | Copyright Murray Hurps Software Pty Ltd |
InternalName | Ad Muncher |
FileVersion | 4.94.34121 (Free) |
CompanyName | Murray Hurps Software Pty Ltd |
ProductName | Ad Muncher |
ProductVersion | 4.94.34121 (Free) |
FileDescription | Ad Muncher |
OriginalFilename | AdMunch.exe |
Translation | 0x0409 0x04e4 |
Possible Origin |
---|
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | Australia | |
English | United States |
Network Behavior |
---|
Snort IDS Alerts |
---|
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
01/12/22-13:02:04.915315 | TCP | 2033204 | ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F) | 49751 | 80 | 192.168.2.3 | 185.189.12.123 |
01/12/22-13:02:04.915315 | TCP | 2033203 | ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) | 49751 | 80 | 192.168.2.3 | 185.189.12.123 |
01/12/22-13:02:06.347888 | TCP | 2033204 | ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F) | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
01/12/22-13:02:06.347888 | TCP | 2033203 | ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
01/12/22-13:02:08.088711 | TCP | 2033203 | ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) | 49754 | 80 | 192.168.2.3 | 185.189.12.123 |
01/12/22-13:04:09.103339 | TCP | 2033204 | ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F) | 49820 | 80 | 192.168.2.3 | 185.189.12.123 |
01/12/22-13:04:09.103339 | TCP | 2033203 | ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) | 49820 | 80 | 192.168.2.3 | 185.189.12.123 |
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jan 12, 2022 13:01:26.050586939 CET | 49743 | 443 | 192.168.2.3 | 144.76.136.153 |
Jan 12, 2022 13:01:26.050632000 CET | 443 | 49743 | 144.76.136.153 | 192.168.2.3 |
Jan 12, 2022 13:01:26.050792933 CET | 49743 | 443 | 192.168.2.3 | 144.76.136.153 |
Jan 12, 2022 13:01:26.093566895 CET | 49743 | 443 | 192.168.2.3 | 144.76.136.153 |
Jan 12, 2022 13:01:26.093605042 CET | 443 | 49743 | 144.76.136.153 | 192.168.2.3 |
Jan 12, 2022 13:01:26.174444914 CET | 443 | 49743 | 144.76.136.153 | 192.168.2.3 |
Jan 12, 2022 13:01:26.174567938 CET | 49743 | 443 | 192.168.2.3 | 144.76.136.153 |
Jan 12, 2022 13:01:26.180921078 CET | 49743 | 443 | 192.168.2.3 | 144.76.136.153 |
Jan 12, 2022 13:01:26.180939913 CET | 443 | 49743 | 144.76.136.153 | 192.168.2.3 |
Jan 12, 2022 13:01:26.181247950 CET | 443 | 49743 | 144.76.136.153 | 192.168.2.3 |
Jan 12, 2022 13:01:26.228276014 CET | 49743 | 443 | 192.168.2.3 | 144.76.136.153 |
Jan 12, 2022 13:01:26.496509075 CET | 49743 | 443 | 192.168.2.3 | 144.76.136.153 |
Jan 12, 2022 13:01:26.537868977 CET | 443 | 49743 | 144.76.136.153 | 192.168.2.3 |
Jan 12, 2022 13:01:27.129002094 CET | 443 | 49743 | 144.76.136.153 | 192.168.2.3 |
Jan 12, 2022 13:01:27.129029989 CET | 443 | 49743 | 144.76.136.153 | 192.168.2.3 |
Jan 12, 2022 13:01:27.129036903 CET | 443 | 49743 | 144.76.136.153 | 192.168.2.3 |
Jan 12, 2022 13:01:27.129185915 CET | 443 | 49743 | 144.76.136.153 | 192.168.2.3 |
Jan 12, 2022 13:01:27.129236937 CET | 443 | 49743 | 144.76.136.153 | 192.168.2.3 |
Jan 12, 2022 13:01:27.129252911 CET | 443 | 49743 | 144.76.136.153 | 192.168.2.3 |
Jan 12, 2022 13:01:27.129256010 CET | 49743 | 443 | 192.168.2.3 | 144.76.136.153 |
Jan 12, 2022 13:01:27.129295111 CET | 443 | 49743 | 144.76.136.153 | 192.168.2.3 |
Jan 12, 2022 13:01:27.129343033 CET | 49743 | 443 | 192.168.2.3 | 144.76.136.153 |
Jan 12, 2022 13:01:27.129404068 CET | 49743 | 443 | 192.168.2.3 | 144.76.136.153 |
Jan 12, 2022 13:01:27.129635096 CET | 443 | 49743 | 144.76.136.153 | 192.168.2.3 |
Jan 12, 2022 13:01:27.129648924 CET | 443 | 49743 | 144.76.136.153 | 192.168.2.3 |
Jan 12, 2022 13:01:27.129703045 CET | 443 | 49743 | 144.76.136.153 | 192.168.2.3 |
Jan 12, 2022 13:01:27.129754066 CET | 49743 | 443 | 192.168.2.3 | 144.76.136.153 |
Jan 12, 2022 13:01:27.129761934 CET | 443 | 49743 | 144.76.136.153 | 192.168.2.3 |
Jan 12, 2022 13:01:27.129811049 CET | 443 | 49743 | 144.76.136.153 | 192.168.2.3 |
Jan 12, 2022 13:01:27.129827976 CET | 49743 | 443 | 192.168.2.3 | 144.76.136.153 |
Jan 12, 2022 13:01:27.129832983 CET | 443 | 49743 | 144.76.136.153 | 192.168.2.3 |
Jan 12, 2022 13:01:27.129900932 CET | 49743 | 443 | 192.168.2.3 | 144.76.136.153 |
Jan 12, 2022 13:01:27.129914999 CET | 443 | 49743 | 144.76.136.153 | 192.168.2.3 |
Jan 12, 2022 13:01:27.129946947 CET | 443 | 49743 | 144.76.136.153 | 192.168.2.3 |
Jan 12, 2022 13:01:27.129983902 CET | 49743 | 443 | 192.168.2.3 | 144.76.136.153 |
Jan 12, 2022 13:01:27.130065918 CET | 49743 | 443 | 192.168.2.3 | 144.76.136.153 |
Jan 12, 2022 13:01:27.132972002 CET | 49743 | 443 | 192.168.2.3 | 144.76.136.153 |
Jan 12, 2022 13:02:04.862453938 CET | 49751 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:04.914665937 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:04.914747000 CET | 49751 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:04.915314913 CET | 49751 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:05.006850958 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.378786087 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.378896952 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.378916979 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.378962040 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.378971100 CET | 49751 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:05.379024982 CET | 49751 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:05.379106045 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.379267931 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.379309893 CET | 49751 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:05.379314899 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.379468918 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.379522085 CET | 49751 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:05.379532099 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.387175083 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.387275934 CET | 49751 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:05.431318998 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.431345940 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.431363106 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.431428909 CET | 49751 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:05.431476116 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.431526899 CET | 49751 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:05.431529999 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.431719065 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.431780100 CET | 49751 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:05.431843996 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.431921959 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.431977034 CET | 49751 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:05.431988001 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.432102919 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.432157993 CET | 49751 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:05.432225943 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.432317972 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.432368994 CET | 49751 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:05.439846039 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.439868927 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.439898968 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.439928055 CET | 49751 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:05.481638908 CET | 49751 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:05.483536959 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.483601093 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.483618975 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.483654976 CET | 49751 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:05.483938932 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.483984947 CET | 49751 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:05.484028101 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.484091043 CET | 49751 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:05.484133005 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.484179020 CET | 49751 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:05.484220982 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.484280109 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.484321117 CET | 49751 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:05.484384060 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.484508991 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.484559059 CET | 49751 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:05.484572887 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.484683990 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.484728098 CET | 49751 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:05.484821081 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.484889984 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.484935045 CET | 49751 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:05.485013962 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.485135078 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.485184908 CET | 49751 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:05.485379934 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.491977930 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.492033958 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.492048025 CET | 49751 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:05.492053032 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.492117882 CET | 49751 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:05.533806086 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.533830881 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.533886909 CET | 49751 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:05.535649061 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.535696983 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.535742998 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.535773039 CET | 49751 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:05.535984039 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.536005020 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.536040068 CET | 49751 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:05.536128044 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.536150932 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.536170006 CET | 49751 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:05.536264896 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.536309004 CET | 49751 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:05.536381960 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.536545038 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.536586046 CET | 49751 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:05.536653042 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.536789894 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.536843061 CET | 49751 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:05.536860943 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.536988020 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.537033081 CET | 49751 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:05.537153006 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.537476063 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.537534952 CET | 49751 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:05.537575006 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.537676096 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.537719965 CET | 49751 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:05.537729979 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.537806988 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.537869930 CET | 49751 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:05.537928104 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.538937092 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.538979053 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.539006948 CET | 49751 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:05.539091110 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.539134979 CET | 49751 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:05.544105053 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.544163942 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.544182062 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.544215918 CET | 49751 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:05.544264078 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.544308901 CET | 49751 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:05.544465065 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.544482946 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.544528961 CET | 49751 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:05.586024046 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.586062908 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.586088896 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.586148024 CET | 49751 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:05.587776899 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.587811947 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.587836981 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.587867975 CET | 49751 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:05.587896109 CET | 49751 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:05.588088036 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.588114977 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.588176012 CET | 49751 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:05.588223934 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.588613987 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.588675976 CET | 49751 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:05.588814020 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.588958025 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.588989019 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.589009047 CET | 49751 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:05.589024067 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.589076042 CET | 49751 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:05.589320898 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.589375019 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.589440107 CET | 49751 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:05.589493990 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.589570045 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.589586973 CET | 49751 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:05.589632034 CET | 49751 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:05.589653969 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.589728117 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.589792013 CET | 49751 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:05.589814901 CET | 49751 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:05.590030909 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.590089083 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.590121984 CET | 49751 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:05.590157032 CET | 49751 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:05.590167046 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.590329885 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.590363979 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.590400934 CET | 49751 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:05.590478897 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.590543985 CET | 49751 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:05.590619087 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.590676069 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.590739012 CET | 49751 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:05.590950966 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.590976000 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.591047049 CET | 49751 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:05.591253042 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.591286898 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.591320038 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.591358900 CET | 49751 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:05.591490984 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.591555119 CET | 49751 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:05.591631889 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.591666937 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.591737986 CET | 49751 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:05.591784000 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.591897011 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.591958046 CET | 49751 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:05.592004061 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.596309900 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.596391916 CET | 49751 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:05.596398115 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.596425056 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.596494913 CET | 49751 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:05.596657991 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.596688032 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.596749067 CET | 49751 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:05.597032070 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.597058058 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.597119093 CET | 49751 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:05.597134113 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.597230911 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.597279072 CET | 49751 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:05.638353109 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.638384104 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.638442993 CET | 49751 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:05.640109062 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.640146971 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.640211105 CET | 49751 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:05.640225887 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.640489101 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.640552044 CET | 49751 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:05.640680075 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.640706062 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.640763998 CET | 49751 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:05.640863895 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.640991926 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.641047001 CET | 49751 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:05.641251087 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.641376019 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.641437054 CET | 49751 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:05.641763926 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.641817093 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.641875029 CET | 49751 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:05.642082930 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.642139912 CET | 49751 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:05.642144918 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.642335892 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.642390966 CET | 49751 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:05.642405987 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.642463923 CET | 49751 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:05.642719984 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.642784119 CET | 49751 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:05.642786026 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.642854929 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.642904043 CET | 49751 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:05.642973900 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.643167973 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.643225908 CET | 49751 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:05.643229961 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.643359900 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:05.643413067 CET | 49751 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:05.643511057 CET | 49751 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:05.697165012 CET | 80 | 49751 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:06.295106888 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:06.347307920 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:06.347399950 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:06.347887993 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:06.440695047 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:06.844825029 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:06.845170975 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:06.845259905 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:06.845278025 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:06.845300913 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:06.845379114 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:06.845434904 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:06.845561028 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:06.845634937 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:06.846254110 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:06.846323013 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:06.846363068 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:06.846381903 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:06.846580982 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:06.846640110 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:06.898086071 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:06.898149967 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:06.898190975 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:06.898251057 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:06.898308039 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:06.898313046 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:06.898348093 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:06.898355007 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:06.898406982 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:06.898519993 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:06.898576975 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:06.898701906 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:06.898761988 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:06.898852110 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:06.898891926 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:06.898904085 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:06.898977995 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:06.899132013 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:06.899187088 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:06.899238110 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:06.899297953 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:06.899317980 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:06.951492071 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:06.951528072 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:06.951551914 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:06.951576948 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:06.951601982 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:06.951617956 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:06.951637983 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:06.951663017 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:06.951664925 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:06.951667070 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:06.951695919 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:06.951708078 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:06.951730013 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:06.951747894 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:06.951756954 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:06.951769114 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:06.951783895 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:06.951812029 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:06.951821089 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:06.951837063 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:06.951917887 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:06.951961040 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:06.951968908 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:06.952006102 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:06.952069044 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:06.952178955 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:06.952296019 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:06.952343941 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:06.952430964 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:06.952477932 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:06.952519894 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:06.952644110 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:06.952872038 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:07.003972054 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.004009962 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.004093885 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:07.004154921 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.004204988 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.004230022 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.004292011 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:07.004302979 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:07.004420996 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.004443884 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.004519939 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.004544020 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:07.004554987 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:07.004663944 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.004815102 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.004858017 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.004920959 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:07.004970074 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.005022049 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:07.005177975 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.005332947 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.005372047 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.005424023 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:07.005431890 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.005469084 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:07.005561113 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.005676985 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.005712032 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.005754948 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:07.005989075 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.006007910 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.006042004 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:07.006146908 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.006187916 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:07.006217957 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.006280899 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.006794930 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:07.057245970 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.057298899 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.057339907 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.057367086 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:07.058592081 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.058635950 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.058696985 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:07.058723927 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.058765888 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.058778048 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:07.059041977 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.059092999 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:07.059098005 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.059138060 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.059216976 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.059263945 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:07.059753895 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.059798002 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.059839010 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:07.059883118 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.059933901 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:07.059962988 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.060003996 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.060240984 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.060282946 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.060290098 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:07.060362101 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:07.060395956 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.060483932 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.060525894 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.060580015 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:07.060633898 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:07.060642958 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.060786963 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.060834885 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:07.060899973 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:07.060975075 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.061055899 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:07.061068058 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.061110020 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.061120987 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:07.061186075 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:07.061264992 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.061306000 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.061310053 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:07.061359882 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:07.061429977 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.061479092 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:07.061609030 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.061647892 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.062535048 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:07.109632015 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.109684944 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.109723091 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.109781981 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:07.110892057 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.110951900 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.110976934 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:07.110991001 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.111062050 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:07.111090899 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.111263990 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.111305952 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.111351967 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:07.111418009 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.111460924 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:07.111530066 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.111673117 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.111788988 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.111838102 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:07.111916065 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.111959934 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:07.112102985 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.112150908 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:07.112164974 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.112202883 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.112206936 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:07.112287998 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.112371922 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.112415075 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:07.112648964 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.112701893 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.112723112 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:07.112812996 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.113104105 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.113146067 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.113157034 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:07.113202095 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.113215923 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:07.113244057 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.113322020 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:07.113364935 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.113540888 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.113591909 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.113610029 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:07.113640070 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:07.113905907 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.113965988 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.114008904 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.114027023 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:07.114054918 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:07.114094019 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.114139080 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:07.114185095 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.114301920 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.114653111 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.114717960 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:07.163526058 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.163655996 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.163717031 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:07.163816929 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.163861036 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:07.163991928 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.164033890 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.164201975 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.164242983 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.164244890 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:07.164288998 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:07.164516926 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.164572001 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.164669991 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.164711952 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:07.164846897 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.164887905 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.164889097 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:07.164928913 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:07.165115118 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.165184975 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.165227890 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:07.165241003 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.165482998 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.165528059 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.165570974 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:07.165699959 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.165740967 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:07.166038990 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.166134119 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.166173935 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.166214943 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:07.166376114 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.166419029 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:07.166503906 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.166616917 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.166846037 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.166893959 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:07.167191029 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.167237043 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:07.167247057 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.167666912 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.167707920 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.167747021 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.167758942 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:07.167787075 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:07.216784954 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.216850996 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.216893911 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.216923952 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:07.216932058 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.217004061 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.217047930 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:07.217158079 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.217197895 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.217200041 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:07.217578888 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.217681885 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.217727900 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:07.217837095 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.217879057 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:07.218105078 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.218143940 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.218713999 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.218761921 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:07.218786001 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.218825102 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:07.218835115 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.218920946 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.219140053 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.219182968 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.219183922 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:07.219222069 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:07.219376087 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.219516993 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.219598055 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.219638109 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.219640970 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:07.219676971 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:07.219753027 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.219954014 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.220069885 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.220112085 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:07.220123053 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.220150948 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.220170975 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:07.220206022 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:07.222304106 CET | 49752 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:07.274578094 CET | 80 | 49752 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.595938921 CET | 49754 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:07.648668051 CET | 80 | 49754 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:07.651251078 CET | 49754 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:08.088711023 CET | 49754 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:08.181587934 CET | 80 | 49754 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:08.576595068 CET | 80 | 49754 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:08.576649904 CET | 80 | 49754 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:02:08.576838017 CET | 49754 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:08.588793039 CET | 49754 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:02:08.640880108 CET | 80 | 49754 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:04:09.050379992 CET | 49820 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:04:09.103095055 CET | 80 | 49820 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:04:09.103277922 CET | 49820 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:04:09.103338957 CET | 49820 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:04:09.196538925 CET | 80 | 49820 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:04:09.595227957 CET | 80 | 49820 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:04:09.595376015 CET | 49820 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:04:09.595524073 CET | 49820 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:04:09.648278952 CET | 80 | 49820 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:04:10.457051039 CET | 49822 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:04:10.510629892 CET | 80 | 49822 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:04:10.510771036 CET | 49822 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:04:10.510874987 CET | 49822 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:04:10.510899067 CET | 49822 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:04:10.564543962 CET | 80 | 49822 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:04:10.981787920 CET | 80 | 49822 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:04:10.981890917 CET | 80 | 49822 | 185.189.12.123 | 192.168.2.3 |
Jan 12, 2022 13:04:10.982028008 CET | 49822 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:04:10.982134104 CET | 49822 | 80 | 192.168.2.3 | 185.189.12.123 |
Jan 12, 2022 13:04:11.036290884 CET | 80 | 49822 | 185.189.12.123 | 192.168.2.3 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jan 12, 2022 13:01:26.007392883 CET | 58045 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 12, 2022 13:01:26.027983904 CET | 53 | 58045 | 8.8.8.8 | 192.168.2.3 |
Jan 12, 2022 13:02:04.562076092 CET | 53910 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 12, 2022 13:02:04.851654053 CET | 53 | 53910 | 8.8.8.8 | 192.168.2.3 |
Jan 12, 2022 13:02:05.952825069 CET | 64021 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 12, 2022 13:02:06.290199995 CET | 53 | 64021 | 8.8.8.8 | 192.168.2.3 |
Jan 12, 2022 13:02:07.574466944 CET | 51143 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 12, 2022 13:02:07.593240023 CET | 53 | 51143 | 8.8.8.8 | 192.168.2.3 |
Jan 12, 2022 13:03:34.439510107 CET | 57106 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 12, 2022 13:03:34.455827951 CET | 53 | 57106 | 8.8.8.8 | 192.168.2.3 |
Jan 12, 2022 13:03:34.462347031 CET | 57107 | 53 | 192.168.2.3 | 208.67.222.222 |
Jan 12, 2022 13:03:34.478815079 CET | 53 | 57107 | 208.67.222.222 | 192.168.2.3 |
Jan 12, 2022 13:03:34.480639935 CET | 57108 | 53 | 192.168.2.3 | 208.67.222.222 |
Jan 12, 2022 13:03:34.497318983 CET | 53 | 57108 | 208.67.222.222 | 192.168.2.3 |
Jan 12, 2022 13:03:34.537194967 CET | 57109 | 53 | 192.168.2.3 | 208.67.222.222 |
Jan 12, 2022 13:03:34.553971052 CET | 53 | 57109 | 208.67.222.222 | 192.168.2.3 |
Jan 12, 2022 13:04:08.717624903 CET | 60352 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 12, 2022 13:04:09.045696974 CET | 53 | 60352 | 8.8.8.8 | 192.168.2.3 |
Jan 12, 2022 13:04:10.129266977 CET | 56773 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 12, 2022 13:04:10.455682039 CET | 53 | 56773 | 8.8.8.8 | 192.168.2.3 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Jan 12, 2022 13:01:26.007392883 CET | 192.168.2.3 | 8.8.8.8 | 0x2e83 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 12, 2022 13:02:04.562076092 CET | 192.168.2.3 | 8.8.8.8 | 0xbd4b | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 12, 2022 13:02:05.952825069 CET | 192.168.2.3 | 8.8.8.8 | 0xfefc | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 12, 2022 13:02:07.574466944 CET | 192.168.2.3 | 8.8.8.8 | 0xe072 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 12, 2022 13:03:34.439510107 CET | 192.168.2.3 | 8.8.8.8 | 0x398e | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 12, 2022 13:03:34.462347031 CET | 192.168.2.3 | 208.67.222.222 | 0x1 | Standard query (0) | PTR (Pointer record) | IN (0x0001) | |
Jan 12, 2022 13:03:34.480639935 CET | 192.168.2.3 | 208.67.222.222 | 0x2 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 12, 2022 13:03:34.537194967 CET | 192.168.2.3 | 208.67.222.222 | 0x3 | Standard query (0) | 28 | IN (0x0001) | |
Jan 12, 2022 13:04:08.717624903 CET | 192.168.2.3 | 8.8.8.8 | 0x16a8 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 12, 2022 13:04:10.129266977 CET | 192.168.2.3 | 8.8.8.8 | 0x802e | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Jan 12, 2022 13:01:26.027983904 CET | 8.8.8.8 | 192.168.2.3 | 0x2e83 | No error (0) | 144.76.136.153 | A (IP address) | IN (0x0001) | ||
Jan 12, 2022 13:02:04.851654053 CET | 8.8.8.8 | 192.168.2.3 | 0xbd4b | No error (0) | 185.189.12.123 | A (IP address) | IN (0x0001) | ||
Jan 12, 2022 13:02:06.290199995 CET | 8.8.8.8 | 192.168.2.3 | 0xfefc | No error (0) | 185.189.12.123 | A (IP address) | IN (0x0001) | ||
Jan 12, 2022 13:02:07.593240023 CET | 8.8.8.8 | 192.168.2.3 | 0xe072 | No error (0) | 185.189.12.123 | A (IP address) | IN (0x0001) | ||
Jan 12, 2022 13:03:34.455827951 CET | 8.8.8.8 | 192.168.2.3 | 0x398e | No error (0) | 208.67.222.222 | A (IP address) | IN (0x0001) | ||
Jan 12, 2022 13:03:34.478815079 CET | 208.67.222.222 | 192.168.2.3 | 0x1 | No error (0) | PTR (Pointer record) | IN (0x0001) | |||
Jan 12, 2022 13:03:34.478815079 CET | 208.67.222.222 | 192.168.2.3 | 0x1 | No error (0) | PTR (Pointer record) | IN (0x0001) | |||
Jan 12, 2022 13:03:34.478815079 CET | 208.67.222.222 | 192.168.2.3 | 0x1 | No error (0) | PTR (Pointer record) | IN (0x0001) | |||
Jan 12, 2022 13:03:34.497318983 CET | 208.67.222.222 | 192.168.2.3 | 0x2 | No error (0) | 102.129.143.64 | A (IP address) | IN (0x0001) | ||
Jan 12, 2022 13:04:09.045696974 CET | 8.8.8.8 | 192.168.2.3 | 0x16a8 | No error (0) | 185.189.12.123 | A (IP address) | IN (0x0001) | ||
Jan 12, 2022 13:04:10.455682039 CET | 8.8.8.8 | 192.168.2.3 | 0x802e | No error (0) | 185.189.12.123 | A (IP address) | IN (0x0001) |
HTTP Request Dependency Graph |
---|
|
HTTP Packets |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.3 | 49743 | 144.76.136.153 | 443 | C:\Users\user\Desktop\gozi.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.2.3 | 49751 | 185.189.12.123 | 80 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 12, 2022 13:02:04.915314913 CET | 1256 | OUT | |
Jan 12, 2022 13:02:05.378786087 CET | 1266 | IN |