Windows Analysis Report Purchase Order #5000012803.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Process Tree |
---|
|
Malware Configuration |
---|
Threatname: Lokibot |
---|
{"C2 list": ["http://kbfvzoboss.bid/alien/fre.php", "http://alphastand.trade/alien/fre.php", "http://alphastand.win/alien/fre.php", "http://alphastand.top/alien/fre.php"]}
Yara Overview |
---|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_aPLib_compressed_binary | Yara detected aPLib compressed binary | Joe Security | ||
JoeSecurity_Lokibot | Yara detected Lokibot | Joe Security | ||
Loki_1 | Loki Payload | kevoreilly |
| |
Lokibot | detect Lokibot in memory | JPCERT/CC Incident Response Group |
| |
Click to see the 34 entries |
Unpacked PEs |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
SUSP_XORed_URL_in_EXE | Detects an XORed URL in an executable | Florian Roth |
| |
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_aPLib_compressed_binary | Yara detected aPLib compressed binary | Joe Security | ||
JoeSecurity_Lokibot | Yara detected Lokibot | Joe Security | ||
Loki_1 | Loki Payload | kevoreilly |
| |
Click to see the 83 entries |
Sigma Overview |
---|
No Sigma rule has matched |
---|
Jbx Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Found malware configuration | Show sources |
Source: | Malware Configuration Extractor: |
Multi AV Scanner detection for submitted file | Show sources |
Source: | ReversingLabs: |
Antivirus detection for URL or domain | Show sources |
Source: | Avira URL Cloud: |
Machine Learning detection for sample | Show sources |
Source: | Joe Sandbox ML: |
Source: | Avira: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 0_2_00405D7C | |
Source: | Code function: | 0_2_004053AA | |
Source: | Code function: | 0_2_00402630 | |
Source: | Code function: | 1_2_00403D74 |
Networking: |
---|
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) | Show sources |
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: |
C2 URLs / IPs found in malware configuration | Show sources |
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: |
Source: | ASN Name: |
Source: | IP Address: | ||
Source: | IP Address: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | Code function: | 1_2_00404ED4 |
Source: | Binary or memory string: |
Source: | Code function: | 0_2_00404F61 |
System Summary: |
---|
Malicious sample detected (through community Yara rule) | Show sources |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Initial sample is a PE file and has a suspicious name | Show sources |
Source: | Static PE information: |
Executable has a suspicious name (potential lure to open the executable) | Show sources |
Source: | Static file information: |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Code function: | 0_2_00403225 |
Source: | Code function: | 0_2_0040604C | |
Source: | Code function: | 0_2_00404772 | |
Source: | Code function: | 1_2_0040549C | |
Source: | Code function: | 1_2_004029D4 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | ReversingLabs: |
Source: | File read: | Jump to behavior |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Code function: | 1_2_0040650A |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | Code function: | 0_2_00402012 |
Source: | File read: | Jump to behavior |
Source: | Code function: | 0_2_00404275 |
Source: | Mutant created: |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Binary string: | ||
Source: | Binary string: |
Data Obfuscation: |
---|
Yara detected aPLib compressed binary | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Code function: | 0_2_72B2102E | |
Source: | Code function: | 1_2_00402AD4 | |
Source: | Code function: | 1_2_00402AFC |
Source: | Code function: | 0_2_00405DA3 |
Source: | File created: | Jump to dropped file |
Hooking and other Techniques for Hiding and Protection: |
---|
Icon mismatch, binary includes an icon from a different legit application in order to fool users | Show sources |
Source: | Icon embedded in binary file: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior |
Source: | Code function: | 0_2_00405D7C | |
Source: | Code function: | 0_2_004053AA | |
Source: | Code function: | 0_2_00402630 | |
Source: | Code function: | 1_2_00403D74 |
Source: | Thread delayed: | Jump to behavior |
Source: | API call chain: | graph_0-3619 | ||
Source: | API call chain: | graph_0-3616 |
Source: | Binary or memory string: |
Source: | Code function: | 0_2_00405DA3 |
Source: | Code function: | 1_2_00402B7C |
Source: | Process token adjusted: | Jump to behavior |
Source: | Code function: | 0_2_0019EA56 | |
Source: | Code function: | 0_2_0019E842 | |
Source: | Code function: | 0_2_0019EB84 | |
Source: | Code function: | 0_2_0019EB07 | |
Source: | Code function: | 0_2_0019EB46 | |
Source: | Code function: | 1_2_0040317B |
HIPS / PFW / Operating System Protection Evasion: |
---|
Injects a PE file into a foreign processes | Show sources |
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Key value queried: | Jump to behavior |
Source: | Code function: | 0_2_00405AA7 |
Source: | Code function: | 1_2_00406069 |
Stealing of Sensitive Information: |
---|
Yara detected Lokibot | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Tries to steal Mail credentials (via file / registry access) | Show sources |
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) | Show sources |
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Tries to harvest and steal ftp login credentials | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Tries to steal Mail credentials (via file registry) | Show sources |
Source: | Code function: | 1_2_0040D069 | |
Source: | Code function: | 1_2_0040D069 |
Tries to harvest and steal browser information (history, passwords, etc) | Show sources |
Source: | File opened: | Jump to behavior |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality: |
---|
Yara detected Lokibot | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Native API1 | Path Interception | Access Token Manipulation1 | Deobfuscate/Decode Files or Information1 | OS Credential Dumping2 | Account Discovery1 | Remote Services | Archive Collected Data1 | Exfiltration Over Other Network Medium | Ingress Tool Transfer3 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | System Shutdown/Reboot1 |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Process Injection112 | Obfuscated Files or Information2 | Input Capture1 | File and Directory Discovery2 | Remote Desktop Protocol | Data from Local System2 | Exfiltration Over Bluetooth | Encrypted Channel1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Software Packing1 | Credentials in Registry2 | System Information Discovery5 | SMB/Windows Admin Shares | Email Collection1 | Automated Exfiltration | Non-Application Layer Protocol3 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Masquerading11 | NTDS | Security Software Discovery11 | Distributed Component Object Model | Input Capture1 | Scheduled Transfer | Application Layer Protocol113 | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Virtualization/Sandbox Evasion11 | LSA Secrets | Process Discovery1 | SSH | Clipboard Data1 | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Access Token Manipulation1 | Cached Domain Credentials | Virtualization/Sandbox Evasion11 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | Process Injection112 | DCSync | System Owner/User Discovery1 | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | Indicator Removal from Tools | Proc Filesystem | Remote System Discovery1 | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
26% | ReversingLabs | Win32.Backdoor.Androm | ||
100% | Joe Sandbox ML |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen2 | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File |
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
100% | Avira URL Cloud | malware | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
slimpackage.com | 104.223.93.105 | true | true | unknown |
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false |
| unknown |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
104.223.93.105 | slimpackage.com | United States | 8100 | ASN-QUADRANET-GLOBALUS | true |
General Information |
---|
Joe Sandbox Version: | 34.0.0 Boulder Opal |
Analysis ID: | 553040 |
Start date: | 14.01.2022 |
Start time: | 07:14:14 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 5m 28s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | Purchase Order #5000012803.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 17 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.troj.spyw.evad.winEXE@3/6@61/1 |
EGA Information: |
|
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
07:15:17 | API Interceptor |
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
104.223.93.105 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Domains |
---|
No context |
---|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
ASN-QUADRANET-GLOBALUS | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
No context |
---|
Dropped Files |
---|
No context |
---|
Created / dropped Files |
---|
Process: | C:\Users\user\Desktop\Purchase Order #5000012803.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 218882 |
Entropy (8bit): | 7.98965789846215 |
Encrypted: | false |
SSDEEP: | 6144:V9SOcYwR2fG8tEOnw6X/7CZJTrxSciuvI:DwEfLw6TCZpEyg |
MD5: | 50A68BA520B64A2483798C97E223435F |
SHA1: | CBEAB844A1C3EAC2EB8ABE5DEF847A05FF9F7D5B |
SHA-256: | CD06A2C3858AC3B1BC6D06816DD2966154EABAB479C4B305521A84A5B409D6D7 |
SHA-512: | 8C604F64FE76D320D6749B9E36B3139E870534A4E0D159D5DF74A19CB5D5736A6215EFE95B7C8AFCC111521E107170C6B86F129385CD7B313C09331E7B53B84A |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Users\user\Desktop\Purchase Order #5000012803.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 258678 |
Entropy (8bit): | 7.663931493685321 |
Encrypted: | false |
SSDEEP: | 6144:RS9SOcYwR2fG8tEOnw6X/7CZJTrxSciuvfN+:IwEfLw6TCZpEyXN |
MD5: | D993ADA5E7AEC7FDC7E5E62E31832EF9 |
SHA1: | A7F68AC213855C6C80D38241F16076213724983F |
SHA-256: | 918F6A726FBC8424E71E8B8CAF11E67B9B41D0DDC5C9C5DABA4B36889CB1D854 |
SHA-512: | B955E01EFE5AD701396D5987A6545A896B8BB9FC2F34B10F03879648EDC3588AACDD74F6FD6C43B20A5BF89C0F99CFB71F79EB789E61DE77975148F86249AA14 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Users\user\Desktop\Purchase Order #5000012803.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4608 |
Entropy (8bit): | 4.1417181736612125 |
Encrypted: | false |
SSDEEP: | 48:SpozIU0jblvgiPtv6UIkuW2yH+ZsQMR7/iItlRuqS:ZzWdvZNFuoH+Zdc5x |
MD5: | B70AAC2FFA041468D92918145535C5C7 |
SHA1: | 26F134E72D8E5C86209A54E0D05D801C1B193059 |
SHA-256: | 97ACCD2E535507EEAD8DA6CCDB641907134E527B19F9C64D6EF9071BFA508D66 |
SHA-512: | 561B10896C3539B87AA2C94CDAB5CEEC0379E56C4E949651ACDD114CEEFF18A1E3DD1A5E68E792D37B54BC47036395BF1ED883D852B5C03E3D8CB01CEFBD179A |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Users\user\Desktop\Purchase Order #5000012803.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4972 |
Entropy (8bit): | 6.15619113991577 |
Encrypted: | false |
SSDEEP: | 96:Qm5+Ry+S1+aC5s+wjskAi0eXcKm5Z3p/yEaMr1L7h0MQOYRzJNUxwKjj:QmEI+S1dUs+hkAixMKA3padOYBJNUuKn |
MD5: | C7420C4BF0D9B154AF363B48CC160AD0 |
SHA1: | D3C95A22A44E515830B925A2FC30B5FA6A0C628E |
SHA-256: | CAF8F4FFCA95FE9A5336A64B83554AEA6D37586A159F467D868E25F3737B4FB4 |
SHA-512: | 530FDA9B005576B408497D7B9E096B0CD526EA62B5D32039E4DE3CC3CEF1FCFABA2B7BB737C9662A4D0B990C7C0AAD673613BD83B56A66BCE1AC7D855E344F9C |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Users\user\Desktop\Purchase Order #5000012803.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:U:U |
MD5: | C4CA4238A0B923820DCC509A6F75849B |
SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
|
Process: | C:\Users\user\Desktop\Purchase Order #5000012803.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 46 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:: |
MD5: | D898504A722BFF1524134C6AB6A5EAA5 |
SHA1: | E0FDC90C2CA2A0219C99D2758E68C18875A3E11E |
SHA-256: | 878F32F76B159494F5A39F9321616C6068CDB82E88DF89BCC739BBC1EA78E1F9 |
SHA-512: | 26A4398BFFB0C0AEF9A6EC53CD3367A2D0ABF2F70097F711BBBF1E9E32FD9F1A72121691BB6A39EEB55D596EDD527934E541B4DEFB3B1426B1D1A6429804DC61 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 7.8958885048982035 |
TrID: |
|
File name: | Purchase Order #5000012803.exe |
File size: | 247015 |
MD5: | d62b8a5fdb90e9241ff0eef6ea035e32 |
SHA1: | 4e9e38dc4d01a649d927a933488477c5980fcb18 |
SHA256: | 95f5680fe4d7830a393aa84b2278051638f3c8105766c47a68c1f8981f38932b |
SHA512: | 5878e0ab7e76e508499f14c077192a235a73312edaa030d0999370df6c82be56212e4258da19a8cf8f3417d0da8ba20b3e166e0b58611fc44194df2964e863fe |
SSDEEP: | 6144:kw/b88QHR5lvQ2urEmJzKlf78z1++UPkq4Y1ROwy:HoRbQ2ugoz87oUPkqEwy |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........uJ...$...$...$./.{...$...%.:.$.".y...$..7....$.f."...$.Rich..$.................PE..L......H.................Z..........%2..... |
File Icon |
---|
Icon Hash: | ecccccd4d4e8e096 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x403225 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
DLL Characteristics: | |
Time Stamp: | 0x48EFCDC9 [Fri Oct 10 21:48:57 2008 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | 099c0646ea7282d232219f8807883be0 |
Entrypoint Preview |
---|
Instruction |
---|
sub esp, 00000180h |
push ebx |
push ebp |
push esi |
xor ebx, ebx |
push edi |
mov dword ptr [esp+18h], ebx |
mov dword ptr [esp+10h], 00409128h |
xor esi, esi |
mov byte ptr [esp+14h], 00000020h |
call dword ptr [00407030h] |
push 00008001h |
call dword ptr [004070B4h] |
push ebx |
call dword ptr [0040727Ch] |
push 00000008h |
mov dword ptr [00423F58h], eax |
call 00007F2930996230h |
mov dword ptr [00423EA4h], eax |
push ebx |
lea eax, dword ptr [esp+34h] |
push 00000160h |
push eax |
push ebx |
push 0041F450h |
call dword ptr [00407158h] |
push 004091B0h |
push 004236A0h |
call 00007F2930995EE7h |
call dword ptr [004070B0h] |
mov edi, 00429000h |
push eax |
push edi |
call 00007F2930995ED5h |
push ebx |
call dword ptr [0040710Ch] |
cmp byte ptr [00429000h], 00000022h |
mov dword ptr [00423EA0h], eax |
mov eax, edi |
jne 00007F29309936FCh |
mov byte ptr [esp+14h], 00000022h |
mov eax, 00429001h |
push dword ptr [esp+14h] |
push eax |
call 00007F29309959C8h |
push eax |
call dword ptr [0040721Ch] |
mov dword ptr [esp+1Ch], eax |
jmp 00007F2930993755h |
cmp cl, 00000020h |
jne 00007F29309936F8h |
inc eax |
cmp byte ptr [eax], 00000020h |
je 00007F29309936ECh |
cmp byte ptr [eax], 00000022h |
mov byte ptr [eax+eax+00h], 00000000h |
Rich Headers |
---|
Programming Language: |
|
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x73a4 | 0xb4 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x2c000 | 0x2528 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x7000 | 0x28c | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x5976 | 0x5a00 | False | 0.668619791667 | data | 6.46680044621 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rdata | 0x7000 | 0x1190 | 0x1200 | False | 0.444878472222 | data | 5.17796812871 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x9000 | 0x1af98 | 0x400 | False | 0.55078125 | data | 4.68983486809 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.ndata | 0x24000 | 0x8000 | 0x0 | False | 0 | empty | 0.0 | IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.rsrc | 0x2c000 | 0x2528 | 0x2600 | False | 0.407072368421 | data | 5.36381099372 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_ICON | 0x2c1f0 | 0x10a8 | data | English | United States |
RT_ICON | 0x2d298 | 0x988 | data | English | United States |
RT_ICON | 0x2dc20 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_DIALOG | 0x2e088 | 0x100 | data | English | United States |
RT_DIALOG | 0x2e188 | 0x11c | data | English | United States |
RT_DIALOG | 0x2e2a8 | 0x60 | data | English | United States |
RT_GROUP_ICON | 0x2e308 | 0x30 | data | English | United States |
RT_MANIFEST | 0x2e338 | 0x1eb | XML 1.0 document, ASCII text, with very long lines, with no line terminators | English | United States |
Imports |
---|
DLL | Import |
---|---|
KERNEL32.dll | CompareFileTime, SearchPathA, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CreateDirectoryA, SetFileAttributesA, Sleep, GetTickCount, CreateFileA, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, SetFileTime, GetTempPathA, GetCommandLineA, SetErrorMode, LoadLibraryA, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, GetTempFileNameA, lstrlenA, lstrcatA, GetSystemDirectoryA, GetVersion, CloseHandle, lstrcmpiA, lstrcmpA, ExpandEnvironmentStringsA, GlobalFree, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GetModuleHandleA, LoadLibraryExA, GetProcAddress, FreeLibrary, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, WriteFile, ReadFile, MulDiv, SetFilePointer, FindClose, FindNextFileA, FindFirstFileA, DeleteFileA, GetWindowsDirectoryA |
USER32.dll | EndDialog, ScreenToClient, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, DestroyWindow, CreateDialogParamA, SetTimer, SetWindowTextA, PostQuitMessage, SetForegroundWindow, wsprintfA, SendMessageTimeoutA, FindWindowExA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, OpenClipboard, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongA, LoadImageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, ShowWindow |
GDI32.dll | SetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectA, SetBkMode, SetTextColor, SelectObject |
SHELL32.dll | SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA, SHGetSpecialFolderLocation |
ADVAPI32.dll | RegQueryValueExA, RegSetValueExA, RegEnumKeyA, RegEnumValueA, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA |
COMCTL32.dll | ImageList_AddMasked, ImageList_Destroy, ImageList_Create |
ole32.dll | CoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance |
VERSION.dll | GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA |
Possible Origin |
---|
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Network Behavior |
---|
Snort IDS Alerts |
---|
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
01/14/22-07:15:14.068204 | TCP | 2024312 | ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 | 49765 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:15:14.068204 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49765 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:15:14.068204 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49765 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:15:14.068204 | TCP | 2024317 | ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2 | 49765 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:15:15.774786 | TCP | 2024312 | ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 | 49766 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:15:15.774786 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49766 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:15:15.774786 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49766 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:15:15.774786 | TCP | 2024317 | ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2 | 49766 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:15:17.010470 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49767 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:15:17.010470 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49767 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:15:17.010470 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49767 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:15:17.010470 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49767 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:15:18.393621 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49768 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:15:18.393621 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49768 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:15:18.393621 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49768 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:15:18.393621 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49768 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:15:19.695573 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49769 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:15:19.695573 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49769 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:15:19.695573 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49769 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:15:19.695573 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49769 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:15:21.323362 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49770 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:15:21.323362 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49770 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:15:21.323362 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49770 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:15:21.323362 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49770 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:15:24.359164 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49771 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:15:24.359164 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49771 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:15:24.359164 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49771 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:15:24.359164 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49771 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:15:25.808698 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49772 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:15:25.808698 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49772 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:15:25.808698 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49772 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:15:25.808698 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49772 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:15:27.597120 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49773 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:15:27.597120 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49773 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:15:27.597120 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49773 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:15:27.597120 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49773 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:15:28.997592 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49774 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:15:28.997592 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49774 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:15:28.997592 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49774 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:15:28.997592 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49774 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:15:30.454419 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49775 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:15:30.454419 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49775 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:15:30.454419 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49775 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:15:30.454419 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49775 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:15:31.824330 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49776 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:15:31.824330 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49776 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:15:31.824330 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49776 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:15:31.824330 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49776 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:15:33.100123 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49777 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:15:33.100123 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49777 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:15:33.100123 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49777 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:15:33.100123 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49777 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:15:35.394366 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49778 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:15:35.394366 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49778 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:15:35.394366 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49778 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:15:35.394366 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49778 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:15:37.781119 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49781 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:15:37.781119 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49781 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:15:37.781119 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49781 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:15:37.781119 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49781 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:15:40.339953 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49782 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:15:40.339953 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49782 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:15:40.339953 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49782 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:15:40.339953 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49782 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:15:43.210044 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49783 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:15:43.210044 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49783 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:15:43.210044 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49783 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:15:43.210044 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49783 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:15:44.685174 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49784 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:15:44.685174 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49784 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:15:44.685174 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49784 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:15:44.685174 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49784 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:15:46.279601 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49785 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:15:46.279601 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49785 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:15:46.279601 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49785 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:15:46.279601 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49785 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:15:48.680703 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49786 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:15:48.680703 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49786 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:15:48.680703 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49786 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:15:48.680703 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49786 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:15:51.278646 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49787 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:15:51.278646 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49787 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:15:51.278646 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49787 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:15:51.278646 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49787 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:15:52.910922 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49788 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:15:52.910922 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49788 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:15:52.910922 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49788 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:15:52.910922 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49788 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:15:54.384953 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49789 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:15:54.384953 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49789 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:15:54.384953 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49789 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:15:54.384953 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49789 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:15:56.404035 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49790 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:15:56.404035 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49790 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:15:56.404035 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49790 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:15:56.404035 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49790 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:15:58.873327 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49791 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:15:58.873327 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49791 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:15:58.873327 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49791 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:15:58.873327 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49791 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:01.632258 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49792 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:01.632258 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49792 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:01.632258 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49792 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:01.632258 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49792 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:03.275393 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49793 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:03.275393 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49793 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:03.275393 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49793 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:03.275393 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49793 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:04.521632 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49794 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:04.521632 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49794 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:04.521632 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49794 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:04.521632 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49794 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:05.921415 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49795 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:05.921415 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49795 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:05.921415 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49795 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:05.921415 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49795 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:07.332344 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49797 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:07.332344 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49797 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:07.332344 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49797 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:07.332344 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49797 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:08.825264 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49804 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:08.825264 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49804 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:08.825264 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49804 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:08.825264 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49804 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:12.085516 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49823 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:12.085516 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49823 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:12.085516 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49823 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:12.085516 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49823 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:14.147581 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49833 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:14.147581 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49833 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:14.147581 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49833 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:14.147581 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49833 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:17.416397 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49834 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:17.416397 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49834 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:17.416397 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49834 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:17.416397 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49834 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:20.386728 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49835 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:20.386728 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49835 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:20.386728 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49835 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:20.386728 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49835 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:24.539317 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49841 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:24.539317 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49841 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:24.539317 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49841 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:24.539317 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49841 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:28.261721 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49842 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:28.261721 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49842 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:28.261721 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49842 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:28.261721 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49842 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:30.749545 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49843 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:30.749545 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49843 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:30.749545 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49843 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:30.749545 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49843 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:33.019782 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49845 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:33.019782 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49845 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:33.019782 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49845 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:33.019782 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49845 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:34.831558 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49846 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:34.831558 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49846 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:34.831558 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49846 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:34.831558 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49846 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:36.784150 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49852 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:36.784150 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49852 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:36.784150 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49852 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:36.784150 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49852 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:38.818540 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49857 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:38.818540 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49857 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:38.818540 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49857 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:38.818540 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49857 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:40.128747 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49864 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:40.128747 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49864 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:40.128747 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49864 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:40.128747 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49864 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:41.470924 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49871 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:41.470924 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49871 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:41.470924 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49871 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:41.470924 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49871 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:43.379060 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49873 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:43.379060 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49873 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:43.379060 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49873 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:43.379060 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49873 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:46.514857 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49875 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:46.514857 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49875 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:46.514857 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49875 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:46.514857 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49875 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:49.069116 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49876 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:49.069116 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49876 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:49.069116 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49876 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:49.069116 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49876 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:51.061157 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49877 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:51.061157 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49877 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:51.061157 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49877 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:51.061157 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49877 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:53.094091 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49879 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:53.094091 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49879 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:53.094091 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49879 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:53.094091 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49879 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:55.310736 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49882 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:55.310736 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49882 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:55.310736 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49882 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:55.310736 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49882 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:57.010126 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49883 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:57.010126 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49883 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:57.010126 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49883 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:57.010126 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49883 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:58.361672 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49884 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:58.361672 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49884 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:58.361672 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49884 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:58.361672 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49884 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:59.960262 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49885 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:59.960262 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49885 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:59.960262 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49885 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:16:59.960262 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49885 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:17:01.212523 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49886 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:17:01.212523 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49886 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:17:01.212523 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49886 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:17:01.212523 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49886 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:17:02.582056 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49887 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:17:02.582056 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49887 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:17:02.582056 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49887 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:17:02.582056 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49887 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:17:03.930333 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49888 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:17:03.930333 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49888 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:17:03.930333 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49888 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:17:03.930333 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49888 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:17:05.232616 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49889 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:17:05.232616 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49889 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:17:05.232616 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49889 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:17:05.232616 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49889 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:17:06.577783 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49890 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:17:06.577783 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49890 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:17:06.577783 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49890 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:17:06.577783 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49890 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:17:07.881860 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49891 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:17:07.881860 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49891 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:17:07.881860 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49891 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:17:07.881860 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49891 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:17:09.745173 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49892 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:17:09.745173 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49892 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:17:09.745173 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49892 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:17:09.745173 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49892 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:17:11.929100 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49893 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:17:11.929100 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49893 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:17:11.929100 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49893 | 80 | 192.168.2.4 | 104.223.93.105 |
01/14/22-07:17:11.929100 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49893 | 80 | 192.168.2.4 | 104.223.93.105 |
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jan 14, 2022 07:15:13.939903975 CET | 49765 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:14.064361095 CET | 80 | 49765 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:14.064524889 CET | 49765 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:14.068203926 CET | 49765 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:14.192395926 CET | 80 | 49765 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:14.192487955 CET | 49765 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:14.320434093 CET | 80 | 49765 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:14.326773882 CET | 80 | 49765 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:14.327156067 CET | 80 | 49765 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:14.327296972 CET | 49765 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:14.339560032 CET | 49765 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:14.464122057 CET | 80 | 49765 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:15.648782969 CET | 49766 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:15.771281004 CET | 80 | 49766 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:15.771379948 CET | 49766 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:15.774785995 CET | 49766 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:15.897432089 CET | 80 | 49766 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:15.897516012 CET | 49766 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:16.019885063 CET | 80 | 49766 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:16.029309988 CET | 80 | 49766 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:16.029351950 CET | 80 | 49766 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:16.029422998 CET | 49766 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:16.029493093 CET | 49766 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:16.152523994 CET | 80 | 49766 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:16.883490086 CET | 49767 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:17.007704020 CET | 80 | 49767 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:17.007812977 CET | 49767 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:17.010469913 CET | 49767 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:17.134510994 CET | 80 | 49767 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:17.134681940 CET | 49767 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:17.259054899 CET | 80 | 49767 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:17.266379118 CET | 80 | 49767 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:17.266415119 CET | 80 | 49767 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:17.266628981 CET | 49767 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:17.266683102 CET | 49767 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:17.390873909 CET | 80 | 49767 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:18.262489080 CET | 49768 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:18.386570930 CET | 80 | 49768 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:18.386708975 CET | 49768 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:18.393620968 CET | 49768 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:18.518122911 CET | 80 | 49768 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:18.518191099 CET | 49768 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:18.642317057 CET | 80 | 49768 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:18.650015116 CET | 80 | 49768 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:18.650059938 CET | 80 | 49768 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:18.650125027 CET | 49768 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:18.650209904 CET | 49768 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:18.774828911 CET | 80 | 49768 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:19.537019014 CET | 49769 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:19.691287994 CET | 80 | 49769 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:19.692826033 CET | 49769 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:19.695573092 CET | 49769 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:19.846610069 CET | 80 | 49769 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:19.846723080 CET | 49769 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:20.007998943 CET | 80 | 49769 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:20.016736984 CET | 80 | 49769 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:20.016784906 CET | 80 | 49769 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:20.016962051 CET | 49769 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:20.017034054 CET | 49769 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:20.141881943 CET | 80 | 49769 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:21.196603060 CET | 49770 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:21.319559097 CET | 80 | 49770 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:21.319654942 CET | 49770 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:21.323362112 CET | 49770 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:21.445976973 CET | 80 | 49770 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:21.446059942 CET | 49770 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:21.569977999 CET | 80 | 49770 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:21.577928066 CET | 80 | 49770 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:21.578051090 CET | 49770 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:21.578094006 CET | 80 | 49770 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:21.578141928 CET | 49770 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:21.728550911 CET | 80 | 49770 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:24.232184887 CET | 49771 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:24.356343985 CET | 80 | 49771 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:24.356417894 CET | 49771 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:24.359164000 CET | 49771 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:24.483490944 CET | 80 | 49771 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:24.483581066 CET | 49771 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:24.607997894 CET | 80 | 49771 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:24.616121054 CET | 80 | 49771 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:24.616225004 CET | 80 | 49771 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:24.616311073 CET | 49771 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:24.616329908 CET | 49771 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:24.740901947 CET | 80 | 49771 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:25.662341118 CET | 49772 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:25.805389881 CET | 80 | 49772 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:25.805676937 CET | 49772 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:25.808697939 CET | 49772 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:25.954987049 CET | 80 | 49772 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:25.955164909 CET | 49772 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:26.107965946 CET | 80 | 49772 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:26.114744902 CET | 80 | 49772 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:26.114762068 CET | 80 | 49772 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:26.114911079 CET | 49772 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:26.114974022 CET | 49772 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:26.441430092 CET | 80 | 49772 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:27.466988087 CET | 49773 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:27.593509912 CET | 80 | 49773 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:27.593699932 CET | 49773 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:27.597120047 CET | 49773 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:27.721062899 CET | 80 | 49773 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:27.721211910 CET | 49773 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:27.845391989 CET | 80 | 49773 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:27.853188038 CET | 80 | 49773 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:27.853257895 CET | 80 | 49773 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:27.853420973 CET | 49773 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:27.853492975 CET | 49773 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:27.978502989 CET | 80 | 49773 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:28.870106936 CET | 49774 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:28.994477987 CET | 80 | 49774 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:28.994577885 CET | 49774 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:28.997591972 CET | 49774 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:29.121929884 CET | 80 | 49774 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:29.122049093 CET | 49774 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:29.246237040 CET | 80 | 49774 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:29.253197908 CET | 80 | 49774 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:29.253262043 CET | 80 | 49774 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:29.253360987 CET | 49774 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:29.253465891 CET | 49774 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:29.378015995 CET | 80 | 49774 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:30.323822021 CET | 49775 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:30.446624994 CET | 80 | 49775 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:30.446856976 CET | 49775 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:30.454418898 CET | 49775 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:30.577044010 CET | 80 | 49775 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:30.577229977 CET | 49775 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:30.699785948 CET | 80 | 49775 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:30.710796118 CET | 80 | 49775 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:30.710833073 CET | 80 | 49775 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:30.710966110 CET | 49775 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:30.711047888 CET | 49775 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:30.834295988 CET | 80 | 49775 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:31.692822933 CET | 49776 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:31.815315008 CET | 80 | 49776 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:31.815468073 CET | 49776 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:31.824330091 CET | 49776 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:31.946660042 CET | 80 | 49776 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:31.946741104 CET | 49776 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:32.069384098 CET | 80 | 49776 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:32.075763941 CET | 80 | 49776 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:32.075810909 CET | 80 | 49776 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:32.076026917 CET | 49776 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:32.076072931 CET | 49776 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:32.198952913 CET | 80 | 49776 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:32.974442005 CET | 49777 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:33.097385883 CET | 80 | 49777 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:33.097531080 CET | 49777 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:33.100122929 CET | 49777 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:33.222511053 CET | 80 | 49777 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:33.222616911 CET | 49777 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:33.345293999 CET | 80 | 49777 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:33.355024099 CET | 80 | 49777 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:33.355097055 CET | 80 | 49777 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:33.355202913 CET | 49777 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:33.355246067 CET | 49777 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:33.478617907 CET | 80 | 49777 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:35.267332077 CET | 49778 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:35.391622066 CET | 80 | 49778 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:35.391765118 CET | 49778 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:35.394366026 CET | 49778 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:35.519946098 CET | 80 | 49778 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:35.520056009 CET | 49778 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:35.644304037 CET | 80 | 49778 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:35.667382956 CET | 80 | 49778 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:35.667426109 CET | 80 | 49778 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:35.667565107 CET | 49778 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:35.791630030 CET | 80 | 49778 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:37.655143976 CET | 49781 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:37.777503967 CET | 80 | 49781 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:37.777637959 CET | 49781 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:37.781119108 CET | 49781 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:37.903722048 CET | 80 | 49781 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:37.903804064 CET | 49781 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:38.026352882 CET | 80 | 49781 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:38.033628941 CET | 80 | 49781 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:38.033668041 CET | 80 | 49781 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:38.033746958 CET | 49781 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:38.034060955 CET | 49781 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:38.156929016 CET | 80 | 49781 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:40.185220003 CET | 49782 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:40.337157965 CET | 80 | 49782 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:40.337266922 CET | 49782 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:40.339952946 CET | 49782 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:40.463884115 CET | 80 | 49782 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:40.463958979 CET | 49782 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:40.597522974 CET | 80 | 49782 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:40.607796907 CET | 80 | 49782 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:40.607841015 CET | 80 | 49782 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:40.607896090 CET | 49782 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:40.607927084 CET | 49782 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:40.734819889 CET | 80 | 49782 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:43.084664106 CET | 49783 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:43.207230091 CET | 80 | 49783 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:43.207324028 CET | 49783 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:43.210043907 CET | 49783 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:43.332628012 CET | 80 | 49783 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:43.332705021 CET | 49783 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:43.455331087 CET | 80 | 49783 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:43.464898109 CET | 80 | 49783 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:43.464939117 CET | 80 | 49783 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:43.465063095 CET | 49783 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:43.465147972 CET | 49783 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:43.588347912 CET | 80 | 49783 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:44.559092999 CET | 49784 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:44.681673050 CET | 80 | 49784 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:44.681782961 CET | 49784 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:44.685173988 CET | 49784 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:44.809073925 CET | 80 | 49784 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:44.809154034 CET | 49784 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:44.932276964 CET | 80 | 49784 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:44.943876982 CET | 80 | 49784 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:44.943921089 CET | 80 | 49784 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:44.944129944 CET | 49784 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:44.944184065 CET | 49784 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:45.069294930 CET | 80 | 49784 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:46.152893066 CET | 49785 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:46.276901960 CET | 80 | 49785 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:46.277021885 CET | 49785 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:46.279601097 CET | 49785 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:46.403703928 CET | 80 | 49785 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:46.403915882 CET | 49785 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:46.528119087 CET | 80 | 49785 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:46.535479069 CET | 80 | 49785 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:46.535547972 CET | 80 | 49785 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:46.535703897 CET | 49785 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:46.535804033 CET | 49785 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:46.660327911 CET | 80 | 49785 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:48.549921989 CET | 49786 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:48.674393892 CET | 80 | 49786 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:48.674551010 CET | 49786 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:48.680702925 CET | 49786 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:48.805067062 CET | 80 | 49786 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:48.805205107 CET | 49786 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:48.929606915 CET | 80 | 49786 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:48.940790892 CET | 80 | 49786 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:48.940834999 CET | 80 | 49786 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:48.940923929 CET | 49786 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:48.940970898 CET | 49786 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:49.066169024 CET | 80 | 49786 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:51.153254986 CET | 49787 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:51.275723934 CET | 80 | 49787 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:51.275877953 CET | 49787 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:51.278645992 CET | 49787 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:51.496124983 CET | 80 | 49787 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:51.496203899 CET | 49787 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:51.711863995 CET | 80 | 49787 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:51.711889029 CET | 80 | 49787 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:51.711901903 CET | 80 | 49787 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:51.711961031 CET | 49787 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:51.712032080 CET | 49787 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:51.903575897 CET | 80 | 49787 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:52.782591105 CET | 49788 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:52.907073021 CET | 80 | 49788 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:52.907212019 CET | 49788 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:52.910922050 CET | 49788 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:53.033756971 CET | 80 | 49788 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:53.033909082 CET | 49788 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:53.156723976 CET | 80 | 49788 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:53.164037943 CET | 80 | 49788 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:53.164153099 CET | 80 | 49788 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:53.164268017 CET | 49788 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:53.164318085 CET | 49788 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:53.300776958 CET | 80 | 49788 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:54.256967068 CET | 49789 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:54.381253958 CET | 80 | 49789 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:54.381366968 CET | 49789 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:54.384953022 CET | 49789 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:54.510581970 CET | 80 | 49789 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:54.510684967 CET | 49789 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:54.634829044 CET | 80 | 49789 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:54.642054081 CET | 80 | 49789 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:54.642081022 CET | 80 | 49789 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:54.642183065 CET | 49789 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:54.642204046 CET | 49789 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:54.773616076 CET | 80 | 49789 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:56.277034998 CET | 49790 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:56.401386023 CET | 80 | 49790 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:56.401492119 CET | 49790 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:56.404035091 CET | 49790 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:56.530777931 CET | 80 | 49790 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:56.530853033 CET | 49790 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:56.680429935 CET | 80 | 49790 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:56.687561035 CET | 80 | 49790 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:56.687607050 CET | 80 | 49790 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:56.687753916 CET | 49790 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:56.687803030 CET | 49790 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:56.812426090 CET | 80 | 49790 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:58.745915890 CET | 49791 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:58.870275021 CET | 80 | 49791 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:58.870400906 CET | 49791 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:58.873327017 CET | 49791 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:58.997723103 CET | 80 | 49791 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:58.997903109 CET | 49791 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:59.122108936 CET | 80 | 49791 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:59.129765034 CET | 80 | 49791 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:59.129796028 CET | 80 | 49791 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:15:59.129918098 CET | 49791 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:59.129978895 CET | 49791 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:15:59.254667044 CET | 80 | 49791 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:01.502743006 CET | 49792 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:01.625967979 CET | 80 | 49792 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:01.628447056 CET | 49792 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:01.632257938 CET | 49792 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:01.756519079 CET | 80 | 49792 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:01.756613016 CET | 49792 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:02.004942894 CET | 80 | 49792 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:02.004981041 CET | 80 | 49792 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:02.005002022 CET | 80 | 49792 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:02.005055904 CET | 49792 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:02.005124092 CET | 49792 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:02.147258043 CET | 80 | 49792 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:03.149904013 CET | 49793 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:03.272480965 CET | 80 | 49793 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:03.272602081 CET | 49793 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:03.275393009 CET | 49793 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:03.397806883 CET | 80 | 49793 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:03.397876978 CET | 49793 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:03.520497084 CET | 80 | 49793 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:03.527699947 CET | 80 | 49793 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:03.527745962 CET | 80 | 49793 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:03.527869940 CET | 49793 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:03.527929068 CET | 49793 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:03.651561975 CET | 80 | 49793 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:04.394910097 CET | 49794 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:04.518780947 CET | 80 | 49794 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:04.518870115 CET | 49794 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:04.521631956 CET | 49794 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:04.644134045 CET | 80 | 49794 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:04.644192934 CET | 49794 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:04.766757011 CET | 80 | 49794 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:04.775456905 CET | 80 | 49794 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:04.775523901 CET | 80 | 49794 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:04.775590897 CET | 49794 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:04.775629997 CET | 49794 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:04.898650885 CET | 80 | 49794 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:05.796005011 CET | 49795 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:05.918694973 CET | 80 | 49795 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:05.918823957 CET | 49795 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:05.921415091 CET | 49795 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:06.043883085 CET | 80 | 49795 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:06.043971062 CET | 49795 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:06.167455912 CET | 80 | 49795 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:06.174947023 CET | 80 | 49795 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:06.174989939 CET | 80 | 49795 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:06.175048113 CET | 49795 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:06.175106049 CET | 49795 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:06.297940969 CET | 80 | 49795 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:07.176011086 CET | 49797 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:07.325608015 CET | 80 | 49797 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:07.325831890 CET | 49797 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:07.332344055 CET | 49797 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:07.455229998 CET | 80 | 49797 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:07.455298901 CET | 49797 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:07.582072020 CET | 80 | 49797 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:07.593718052 CET | 80 | 49797 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:07.593730927 CET | 80 | 49797 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:07.593813896 CET | 49797 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:07.593858957 CET | 49797 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:07.717161894 CET | 80 | 49797 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:08.699098110 CET | 49804 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:08.821787119 CET | 80 | 49804 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:08.822550058 CET | 49804 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:08.825263977 CET | 49804 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:08.947782993 CET | 80 | 49804 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:08.949115038 CET | 49804 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:09.073869944 CET | 80 | 49804 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:09.082606077 CET | 80 | 49804 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:09.082638979 CET | 80 | 49804 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:09.084621906 CET | 49804 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:09.084691048 CET | 49804 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:09.207598925 CET | 80 | 49804 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:11.949965954 CET | 49823 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:12.082779884 CET | 80 | 49823 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:12.082976103 CET | 49823 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:12.085515976 CET | 49823 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:12.208225012 CET | 80 | 49823 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:12.209481001 CET | 49823 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:12.331789970 CET | 80 | 49823 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:12.347671986 CET | 80 | 49823 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:12.347716093 CET | 80 | 49823 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:12.347783089 CET | 49823 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:12.347815990 CET | 49823 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:12.517690897 CET | 80 | 49823 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:14.022157907 CET | 49833 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:14.144762039 CET | 80 | 49833 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:14.144870996 CET | 49833 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:14.147581100 CET | 49833 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:14.301414013 CET | 80 | 49833 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:14.301525116 CET | 49833 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:14.432692051 CET | 80 | 49833 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:14.442856073 CET | 80 | 49833 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:14.442996979 CET | 49833 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:14.443042040 CET | 80 | 49833 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:14.443094969 CET | 49833 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:14.585604906 CET | 80 | 49833 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:17.288975954 CET | 49834 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:17.413116932 CET | 80 | 49834 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:17.413880110 CET | 49834 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:17.416397095 CET | 49834 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:17.540615082 CET | 80 | 49834 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:17.540833950 CET | 49834 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:17.665317059 CET | 80 | 49834 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:17.672099113 CET | 80 | 49834 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:17.672137022 CET | 80 | 49834 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:17.672282934 CET | 49834 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:17.672333002 CET | 49834 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:17.798283100 CET | 80 | 49834 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:20.261210918 CET | 49835 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:20.383900881 CET | 80 | 49835 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:20.384011984 CET | 49835 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:20.386728048 CET | 49835 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:20.510351896 CET | 80 | 49835 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:20.510426044 CET | 49835 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:20.633009911 CET | 80 | 49835 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:20.641201019 CET | 80 | 49835 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:20.641238928 CET | 80 | 49835 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:20.641298056 CET | 49835 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:20.641335011 CET | 49835 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:20.764887094 CET | 80 | 49835 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:24.413976908 CET | 49841 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:24.536729097 CET | 80 | 49841 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:24.536822081 CET | 49841 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:24.539316893 CET | 49841 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:24.661768913 CET | 80 | 49841 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:24.661875010 CET | 49841 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:24.784557104 CET | 80 | 49841 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:24.792671919 CET | 80 | 49841 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:24.792875051 CET | 49841 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:24.797208071 CET | 80 | 49841 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:24.797300100 CET | 49841 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:24.915410042 CET | 80 | 49841 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:28.134713888 CET | 49842 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:28.259022951 CET | 80 | 49842 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:28.259141922 CET | 49842 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:28.261720896 CET | 49842 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:28.386390924 CET | 80 | 49842 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:28.386477947 CET | 49842 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:28.510540962 CET | 80 | 49842 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:28.518954039 CET | 80 | 49842 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:28.518994093 CET | 80 | 49842 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:28.519093037 CET | 49842 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:28.519159079 CET | 49842 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:28.643759012 CET | 80 | 49842 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:30.599598885 CET | 49843 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:30.745405912 CET | 80 | 49843 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:30.747015953 CET | 49843 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:30.749545097 CET | 49843 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:30.872044086 CET | 80 | 49843 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:30.872180939 CET | 49843 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:30.994618893 CET | 80 | 49843 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:31.008444071 CET | 80 | 49843 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:31.008486986 CET | 80 | 49843 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:31.008562088 CET | 49843 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:31.008641958 CET | 49843 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:31.154020071 CET | 80 | 49843 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:32.887778044 CET | 49845 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:33.013290882 CET | 80 | 49845 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:33.013461113 CET | 49845 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:33.019782066 CET | 49845 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:33.144170046 CET | 80 | 49845 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:33.144319057 CET | 49845 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:33.269444942 CET | 80 | 49845 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:33.277029037 CET | 80 | 49845 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:33.277142048 CET | 80 | 49845 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:33.277384043 CET | 49845 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:33.277435064 CET | 49845 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:33.402080059 CET | 80 | 49845 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:34.608227968 CET | 49846 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:34.806478024 CET | 80 | 49846 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:34.806644917 CET | 49846 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:34.831557989 CET | 49846 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:34.955379963 CET | 80 | 49846 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:34.956110001 CET | 49846 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:35.079885960 CET | 80 | 49846 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:35.088538885 CET | 80 | 49846 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:35.088562012 CET | 80 | 49846 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:35.088660955 CET | 49846 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:35.088701010 CET | 49846 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:35.258850098 CET | 80 | 49846 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:36.656810999 CET | 49852 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:36.781191111 CET | 80 | 49852 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:36.781373978 CET | 49852 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:36.784149885 CET | 49852 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:36.908565998 CET | 80 | 49852 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:36.908672094 CET | 49852 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:37.032932997 CET | 80 | 49852 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:37.041826010 CET | 80 | 49852 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:37.041913033 CET | 80 | 49852 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:37.041964054 CET | 49852 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:37.042016983 CET | 49852 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:37.166363001 CET | 80 | 49852 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:38.678059101 CET | 49857 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:38.802007914 CET | 80 | 49857 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:38.802145004 CET | 49857 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:38.818540096 CET | 49857 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:38.943733931 CET | 80 | 49857 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:38.943881989 CET | 49857 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:39.067913055 CET | 80 | 49857 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:39.078356028 CET | 80 | 49857 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:39.078453064 CET | 80 | 49857 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:39.078495026 CET | 49857 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:39.078546047 CET | 49857 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:39.203959942 CET | 80 | 49857 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:39.992822886 CET | 49864 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:40.118062973 CET | 80 | 49864 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:40.118174076 CET | 49864 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:40.128746986 CET | 49864 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:40.274754047 CET | 80 | 49864 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:40.274898052 CET | 49864 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:40.406003952 CET | 80 | 49864 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:40.411902905 CET | 80 | 49864 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:40.412065029 CET | 49864 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:40.412219048 CET | 80 | 49864 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:40.412305117 CET | 49864 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:40.557964087 CET | 80 | 49864 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:41.332923889 CET | 49871 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:41.457168102 CET | 80 | 49871 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:41.457339048 CET | 49871 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:41.470923901 CET | 49871 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:41.612701893 CET | 80 | 49871 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:41.612869024 CET | 49871 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:41.736939907 CET | 80 | 49871 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:41.745306969 CET | 80 | 49871 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:41.745362997 CET | 80 | 49871 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:41.745496988 CET | 49871 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:41.745553017 CET | 49871 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:41.870076895 CET | 80 | 49871 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:43.251224041 CET | 49873 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:43.376113892 CET | 80 | 49873 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:43.376235962 CET | 49873 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:43.379060030 CET | 49873 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:43.544555902 CET | 80 | 49873 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:43.544672012 CET | 49873 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:43.667284012 CET | 80 | 49873 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:43.675276995 CET | 80 | 49873 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:43.675307989 CET | 80 | 49873 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:43.675380945 CET | 49873 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:43.675441980 CET | 49873 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:43.800158024 CET | 80 | 49873 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:46.385001898 CET | 49875 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:46.510519981 CET | 80 | 49875 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:46.510684967 CET | 49875 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:46.514857054 CET | 49875 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:46.638919115 CET | 80 | 49875 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:46.639029980 CET | 49875 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:46.764856100 CET | 80 | 49875 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:46.773838043 CET | 80 | 49875 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:46.773962021 CET | 49875 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:46.774027109 CET | 80 | 49875 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:46.774091005 CET | 49875 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:46.899167061 CET | 80 | 49875 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:48.940471888 CET | 49876 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:49.064888954 CET | 80 | 49876 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:49.066222906 CET | 49876 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:49.069116116 CET | 49876 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:49.193304062 CET | 80 | 49876 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:49.194155931 CET | 49876 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:49.318176031 CET | 80 | 49876 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:49.337191105 CET | 80 | 49876 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:49.337333918 CET | 80 | 49876 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:49.337481976 CET | 49876 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:49.337534904 CET | 49876 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:49.462435961 CET | 80 | 49876 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:50.934634924 CET | 49877 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:51.058355093 CET | 80 | 49877 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:51.058504105 CET | 49877 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:51.061156988 CET | 49877 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:51.185163021 CET | 80 | 49877 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:51.185406923 CET | 49877 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:51.340670109 CET | 80 | 49877 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:51.340956926 CET | 80 | 49877 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:51.340986013 CET | 80 | 49877 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:51.341109037 CET | 49877 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:51.341161013 CET | 49877 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:51.586000919 CET | 80 | 49877 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:52.921905994 CET | 49879 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:53.084893942 CET | 80 | 49879 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:53.085026026 CET | 49879 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:53.094090939 CET | 49879 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:53.252294064 CET | 80 | 49879 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:53.252428055 CET | 49879 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:53.410366058 CET | 80 | 49879 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:53.418189049 CET | 80 | 49879 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:53.418283939 CET | 80 | 49879 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:53.418473005 CET | 49879 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:53.419049025 CET | 49879 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:53.591042995 CET | 80 | 49879 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:55.059124947 CET | 49882 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:55.293260098 CET | 80 | 49882 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:55.293497086 CET | 49882 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:55.310735941 CET | 49882 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:55.471932888 CET | 80 | 49882 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:55.472043991 CET | 49882 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:55.638137102 CET | 80 | 49882 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:55.646163940 CET | 80 | 49882 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:55.646404028 CET | 49882 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:55.646706104 CET | 80 | 49882 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:55.646779060 CET | 49882 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:55.881314993 CET | 80 | 49882 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:56.882985115 CET | 49883 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:57.007147074 CET | 80 | 49883 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:57.007241964 CET | 49883 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:57.010126114 CET | 49883 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:57.134111881 CET | 80 | 49883 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:57.134207010 CET | 49883 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:57.258354902 CET | 80 | 49883 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:57.265400887 CET | 80 | 49883 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:57.265450001 CET | 80 | 49883 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:57.265527964 CET | 49883 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:57.265573025 CET | 49883 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:57.409358025 CET | 80 | 49883 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:58.202579975 CET | 49884 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:58.358258009 CET | 80 | 49884 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:58.358434916 CET | 49884 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:58.361671925 CET | 49884 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:58.658623934 CET | 80 | 49884 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:58.661470890 CET | 49884 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:58.867099047 CET | 80 | 49884 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:58.867147923 CET | 80 | 49884 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:58.867182016 CET | 80 | 49884 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:58.867394924 CET | 49884 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:58.867454052 CET | 49884 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:59.196131945 CET | 80 | 49884 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:59.811501980 CET | 49885 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:59.934307098 CET | 80 | 49885 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:16:59.935795069 CET | 49885 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:16:59.960262060 CET | 49885 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:17:00.083035946 CET | 80 | 49885 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:17:00.083255053 CET | 49885 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:17:00.205748081 CET | 80 | 49885 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:17:00.213871956 CET | 80 | 49885 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:17:00.213901043 CET | 80 | 49885 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:17:00.214188099 CET | 49885 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:17:00.214246035 CET | 49885 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:17:00.337778091 CET | 80 | 49885 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:17:01.078548908 CET | 49886 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:17:01.202706099 CET | 80 | 49886 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:17:01.202857971 CET | 49886 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:17:01.212522984 CET | 49886 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:17:01.336873055 CET | 80 | 49886 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:17:01.337017059 CET | 49886 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:17:01.461545944 CET | 80 | 49886 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:17:01.469331980 CET | 80 | 49886 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:17:01.469374895 CET | 80 | 49886 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:17:01.469602108 CET | 49886 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:17:01.469656944 CET | 49886 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:17:01.594127893 CET | 80 | 49886 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:17:02.407013893 CET | 49887 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:17:02.571803093 CET | 80 | 49887 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:17:02.571901083 CET | 49887 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:17:02.582056046 CET | 49887 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:17:02.704731941 CET | 80 | 49887 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:17:02.704819918 CET | 49887 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:17:02.827420950 CET | 80 | 49887 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:17:02.835235119 CET | 80 | 49887 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:17:02.835282087 CET | 80 | 49887 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:17:02.835413933 CET | 49887 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:17:02.835458040 CET | 49887 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:17:02.964699030 CET | 80 | 49887 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:17:03.795865059 CET | 49888 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:17:03.919883013 CET | 80 | 49888 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:17:03.919981956 CET | 49888 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:17:03.930332899 CET | 49888 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:17:04.054816008 CET | 80 | 49888 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:17:04.054950953 CET | 49888 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:17:04.179131031 CET | 80 | 49888 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:17:04.186918974 CET | 80 | 49888 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:17:04.186963081 CET | 80 | 49888 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:17:04.188071012 CET | 49888 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:17:04.188131094 CET | 49888 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:17:04.312259912 CET | 80 | 49888 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:17:05.076289892 CET | 49889 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:17:05.225188017 CET | 80 | 49889 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:17:05.225300074 CET | 49889 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:17:05.232615948 CET | 49889 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:17:05.355463028 CET | 80 | 49889 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:17:05.355555058 CET | 49889 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:17:05.495887995 CET | 80 | 49889 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:17:05.503925085 CET | 80 | 49889 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:17:05.503973007 CET | 80 | 49889 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:17:05.504144907 CET | 49889 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:17:05.504271984 CET | 49889 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:17:05.627093077 CET | 80 | 49889 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:17:06.433841944 CET | 49890 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:17:06.556536913 CET | 80 | 49890 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:17:06.556675911 CET | 49890 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:17:06.577783108 CET | 49890 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:17:06.700798988 CET | 80 | 49890 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:17:06.700897932 CET | 49890 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:17:06.829631090 CET | 80 | 49890 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:17:06.833031893 CET | 80 | 49890 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:17:06.833077908 CET | 80 | 49890 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:17:06.833267927 CET | 49890 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:17:06.833337069 CET | 49890 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:17:06.956387997 CET | 80 | 49890 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:17:07.743130922 CET | 49891 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:17:07.866312027 CET | 80 | 49891 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:17:07.866413116 CET | 49891 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:17:07.881860018 CET | 49891 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:17:08.069308043 CET | 80 | 49891 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:17:08.070202112 CET | 49891 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:17:08.206748009 CET | 80 | 49891 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:17:08.206795931 CET | 80 | 49891 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:17:08.206825018 CET | 80 | 49891 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:17:08.206974983 CET | 49891 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:17:08.207102060 CET | 49891 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:17:08.330010891 CET | 80 | 49891 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:17:09.617907047 CET | 49892 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:17:09.742228031 CET | 80 | 49892 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:17:09.742366076 CET | 49892 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:17:09.745172977 CET | 49892 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:17:09.869291067 CET | 80 | 49892 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:17:09.870347977 CET | 49892 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:17:10.043747902 CET | 80 | 49892 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:17:10.052268028 CET | 80 | 49892 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:17:10.052297115 CET | 80 | 49892 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:17:10.052454948 CET | 49892 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:17:10.082194090 CET | 49892 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:17:10.250915051 CET | 80 | 49892 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:17:11.797194004 CET | 49893 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:17:11.923357964 CET | 80 | 49893 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:17:11.926717997 CET | 49893 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:17:11.929100037 CET | 49893 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:17:12.055430889 CET | 80 | 49893 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:17:12.055680037 CET | 49893 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:17:12.180217028 CET | 80 | 49893 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:17:12.198611021 CET | 80 | 49893 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:17:12.198817015 CET | 80 | 49893 | 104.223.93.105 | 192.168.2.4 |
Jan 14, 2022 07:17:12.198853970 CET | 49893 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:17:12.202121019 CET | 49893 | 80 | 192.168.2.4 | 104.223.93.105 |
Jan 14, 2022 07:17:12.326718092 CET | 80 | 49893 | 104.223.93.105 | 192.168.2.4 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jan 14, 2022 07:15:13.903927088 CET | 59123 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 14, 2022 07:15:13.923434973 CET | 53 | 59123 | 8.8.8.8 | 192.168.2.4 |
Jan 14, 2022 07:15:15.528506994 CET | 54531 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 14, 2022 07:15:15.647453070 CET | 53 | 54531 | 8.8.8.8 | 192.168.2.4 |
Jan 14, 2022 07:15:16.862633944 CET | 49714 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 14, 2022 07:15:16.881752014 CET | 53 | 49714 | 8.8.8.8 | 192.168.2.4 |
Jan 14, 2022 07:15:18.142127991 CET | 58028 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 14, 2022 07:15:18.261272907 CET | 53 | 58028 | 8.8.8.8 | 192.168.2.4 |
Jan 14, 2022 07:15:19.516477108 CET | 53097 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 14, 2022 07:15:19.535804987 CET | 53 | 53097 | 8.8.8.8 | 192.168.2.4 |
Jan 14, 2022 07:15:21.174777031 CET | 49257 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 14, 2022 07:15:21.194984913 CET | 53 | 49257 | 8.8.8.8 | 192.168.2.4 |
Jan 14, 2022 07:15:24.109755039 CET | 62389 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 14, 2022 07:15:24.226423979 CET | 53 | 62389 | 8.8.8.8 | 192.168.2.4 |
Jan 14, 2022 07:15:25.640181065 CET | 49910 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 14, 2022 07:15:25.659820080 CET | 53 | 49910 | 8.8.8.8 | 192.168.2.4 |
Jan 14, 2022 07:15:27.444946051 CET | 55854 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 14, 2022 07:15:27.465480089 CET | 53 | 55854 | 8.8.8.8 | 192.168.2.4 |
Jan 14, 2022 07:15:28.851008892 CET | 64549 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 14, 2022 07:15:28.868638039 CET | 53 | 64549 | 8.8.8.8 | 192.168.2.4 |
Jan 14, 2022 07:15:30.184693098 CET | 63153 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 14, 2022 07:15:30.321918011 CET | 53 | 63153 | 8.8.8.8 | 192.168.2.4 |
Jan 14, 2022 07:15:31.672205925 CET | 52991 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 14, 2022 07:15:31.691579103 CET | 53 | 52991 | 8.8.8.8 | 192.168.2.4 |
Jan 14, 2022 07:15:32.955732107 CET | 53700 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 14, 2022 07:15:32.973172903 CET | 53 | 53700 | 8.8.8.8 | 192.168.2.4 |
Jan 14, 2022 07:15:35.246782064 CET | 51726 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 14, 2022 07:15:35.266144037 CET | 53 | 51726 | 8.8.8.8 | 192.168.2.4 |
Jan 14, 2022 07:15:37.634501934 CET | 56534 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 14, 2022 07:15:37.653927088 CET | 53 | 56534 | 8.8.8.8 | 192.168.2.4 |
Jan 14, 2022 07:15:40.166773081 CET | 56627 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 14, 2022 07:15:40.183775902 CET | 53 | 56627 | 8.8.8.8 | 192.168.2.4 |
Jan 14, 2022 07:15:43.041888952 CET | 56621 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 14, 2022 07:15:43.060411930 CET | 53 | 56621 | 8.8.8.8 | 192.168.2.4 |
Jan 14, 2022 07:15:44.537666082 CET | 63116 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 14, 2022 07:15:44.557122946 CET | 53 | 63116 | 8.8.8.8 | 192.168.2.4 |
Jan 14, 2022 07:15:46.131236076 CET | 64078 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 14, 2022 07:15:46.151381969 CET | 53 | 64078 | 8.8.8.8 | 192.168.2.4 |
Jan 14, 2022 07:15:48.529268980 CET | 64801 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 14, 2022 07:15:48.548661947 CET | 53 | 64801 | 8.8.8.8 | 192.168.2.4 |
Jan 14, 2022 07:15:51.134810925 CET | 61721 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 14, 2022 07:15:51.152173042 CET | 53 | 61721 | 8.8.8.8 | 192.168.2.4 |
Jan 14, 2022 07:15:52.762025118 CET | 51255 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 14, 2022 07:15:52.781132936 CET | 53 | 51255 | 8.8.8.8 | 192.168.2.4 |
Jan 14, 2022 07:15:54.234880924 CET | 61522 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 14, 2022 07:15:54.254149914 CET | 53 | 61522 | 8.8.8.8 | 192.168.2.4 |
Jan 14, 2022 07:15:56.255400896 CET | 52337 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 14, 2022 07:15:56.274619102 CET | 53 | 52337 | 8.8.8.8 | 192.168.2.4 |
Jan 14, 2022 07:15:58.575176954 CET | 55046 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 14, 2022 07:15:58.596236944 CET | 53 | 55046 | 8.8.8.8 | 192.168.2.4 |
Jan 14, 2022 07:16:01.477211952 CET | 49612 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 14, 2022 07:16:01.496733904 CET | 53 | 49612 | 8.8.8.8 | 192.168.2.4 |
Jan 14, 2022 07:16:03.121555090 CET | 49285 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 14, 2022 07:16:03.140244961 CET | 53 | 49285 | 8.8.8.8 | 192.168.2.4 |
Jan 14, 2022 07:16:04.371279001 CET | 50601 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 14, 2022 07:16:04.390710115 CET | 53 | 50601 | 8.8.8.8 | 192.168.2.4 |
Jan 14, 2022 07:16:05.685066938 CET | 60875 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 14, 2022 07:16:05.704754114 CET | 53 | 60875 | 8.8.8.8 | 192.168.2.4 |
Jan 14, 2022 07:16:07.156482935 CET | 59172 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 14, 2022 07:16:07.174711943 CET | 53 | 59172 | 8.8.8.8 | 192.168.2.4 |
Jan 14, 2022 07:16:08.679229021 CET | 49228 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 14, 2022 07:16:08.697597027 CET | 53 | 49228 | 8.8.8.8 | 192.168.2.4 |
Jan 14, 2022 07:16:11.928960085 CET | 60542 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 14, 2022 07:16:11.948059082 CET | 53 | 60542 | 8.8.8.8 | 192.168.2.4 |
Jan 14, 2022 07:16:14.001940966 CET | 60689 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 14, 2022 07:16:14.020950079 CET | 53 | 60689 | 8.8.8.8 | 192.168.2.4 |
Jan 14, 2022 07:16:17.261699915 CET | 64206 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 14, 2022 07:16:17.279268026 CET | 53 | 64206 | 8.8.8.8 | 192.168.2.4 |
Jan 14, 2022 07:16:20.238981962 CET | 50904 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 14, 2022 07:16:20.259481907 CET | 53 | 50904 | 8.8.8.8 | 192.168.2.4 |
Jan 14, 2022 07:16:24.393260956 CET | 53814 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 14, 2022 07:16:24.411359072 CET | 53 | 53814 | 8.8.8.8 | 192.168.2.4 |
Jan 14, 2022 07:16:28.115921021 CET | 53418 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 14, 2022 07:16:28.133634090 CET | 53 | 53418 | 8.8.8.8 | 192.168.2.4 |
Jan 14, 2022 07:16:30.577742100 CET | 62833 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 14, 2022 07:16:30.594938993 CET | 53 | 62833 | 8.8.8.8 | 192.168.2.4 |
Jan 14, 2022 07:16:32.866368055 CET | 59260 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 14, 2022 07:16:32.886065960 CET | 53 | 59260 | 8.8.8.8 | 192.168.2.4 |
Jan 14, 2022 07:16:34.589356899 CET | 49944 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 14, 2022 07:16:34.606406927 CET | 53 | 49944 | 8.8.8.8 | 192.168.2.4 |
Jan 14, 2022 07:16:36.625505924 CET | 63300 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 14, 2022 07:16:36.645319939 CET | 53 | 63300 | 8.8.8.8 | 192.168.2.4 |
Jan 14, 2022 07:16:38.657772064 CET | 61449 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 14, 2022 07:16:38.675271034 CET | 53 | 61449 | 8.8.8.8 | 192.168.2.4 |
Jan 14, 2022 07:16:39.971518993 CET | 51275 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 14, 2022 07:16:39.991748095 CET | 53 | 51275 | 8.8.8.8 | 192.168.2.4 |
Jan 14, 2022 07:16:41.312222004 CET | 63492 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 14, 2022 07:16:41.331799030 CET | 53 | 63492 | 8.8.8.8 | 192.168.2.4 |
Jan 14, 2022 07:16:43.229424953 CET | 58945 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 14, 2022 07:16:43.249593019 CET | 53 | 58945 | 8.8.8.8 | 192.168.2.4 |
Jan 14, 2022 07:16:46.364284992 CET | 60779 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 14, 2022 07:16:46.383768082 CET | 53 | 60779 | 8.8.8.8 | 192.168.2.4 |
Jan 14, 2022 07:16:48.917032003 CET | 64014 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 14, 2022 07:16:48.936470032 CET | 53 | 64014 | 8.8.8.8 | 192.168.2.4 |
Jan 14, 2022 07:16:50.913182020 CET | 57091 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 14, 2022 07:16:50.931972980 CET | 53 | 57091 | 8.8.8.8 | 192.168.2.4 |
Jan 14, 2022 07:16:52.900542974 CET | 55904 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 14, 2022 07:16:52.919825077 CET | 53 | 55904 | 8.8.8.8 | 192.168.2.4 |
Jan 14, 2022 07:16:55.037755013 CET | 52109 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 14, 2022 07:16:55.058094978 CET | 53 | 52109 | 8.8.8.8 | 192.168.2.4 |
Jan 14, 2022 07:16:56.862276077 CET | 54450 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 14, 2022 07:16:56.881892920 CET | 53 | 54450 | 8.8.8.8 | 192.168.2.4 |
Jan 14, 2022 07:16:58.180952072 CET | 49374 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 14, 2022 07:16:58.200124025 CET | 53 | 49374 | 8.8.8.8 | 192.168.2.4 |
Jan 14, 2022 07:16:59.790585995 CET | 50436 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 14, 2022 07:16:59.809870958 CET | 53 | 50436 | 8.8.8.8 | 192.168.2.4 |
Jan 14, 2022 07:17:01.058151960 CET | 62605 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 14, 2022 07:17:01.075694084 CET | 53 | 62605 | 8.8.8.8 | 192.168.2.4 |
Jan 14, 2022 07:17:02.385804892 CET | 54256 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 14, 2022 07:17:02.405262947 CET | 53 | 54256 | 8.8.8.8 | 192.168.2.4 |
Jan 14, 2022 07:17:03.775289059 CET | 52189 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 14, 2022 07:17:03.794727087 CET | 53 | 52189 | 8.8.8.8 | 192.168.2.4 |
Jan 14, 2022 07:17:05.055073023 CET | 56131 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 14, 2022 07:17:05.074599981 CET | 53 | 56131 | 8.8.8.8 | 192.168.2.4 |
Jan 14, 2022 07:17:06.411191940 CET | 62992 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 14, 2022 07:17:06.430692911 CET | 53 | 62992 | 8.8.8.8 | 192.168.2.4 |
Jan 14, 2022 07:17:07.722347021 CET | 54432 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 14, 2022 07:17:07.742001057 CET | 53 | 54432 | 8.8.8.8 | 192.168.2.4 |
Jan 14, 2022 07:17:09.254395008 CET | 57227 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 14, 2022 07:17:09.274477959 CET | 53 | 57227 | 8.8.8.8 | 192.168.2.4 |
Jan 14, 2022 07:17:11.775614977 CET | 58383 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 14, 2022 07:17:11.796473026 CET | 53 | 58383 | 8.8.8.8 | 192.168.2.4 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Jan 14, 2022 07:15:13.903927088 CET | 192.168.2.4 | 8.8.8.8 | 0x6a62 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 07:15:15.528506994 CET | 192.168.2.4 | 8.8.8.8 | 0x6b83 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 07:15:16.862633944 CET | 192.168.2.4 | 8.8.8.8 | 0x621e | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 07:15:18.142127991 CET | 192.168.2.4 | 8.8.8.8 | 0x4eed | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 07:15:19.516477108 CET | 192.168.2.4 | 8.8.8.8 | 0x7991 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 07:15:21.174777031 CET | 192.168.2.4 | 8.8.8.8 | 0x947a | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 07:15:24.109755039 CET | 192.168.2.4 | 8.8.8.8 | 0xfde1 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 07:15:25.640181065 CET | 192.168.2.4 | 8.8.8.8 | 0xa848 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 07:15:27.444946051 CET | 192.168.2.4 | 8.8.8.8 | 0xb509 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 07:15:28.851008892 CET | 192.168.2.4 | 8.8.8.8 | 0x370b | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 07:15:30.184693098 CET | 192.168.2.4 | 8.8.8.8 | 0x15ff | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 07:15:31.672205925 CET | 192.168.2.4 | 8.8.8.8 | 0xf55f | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 07:15:32.955732107 CET | 192.168.2.4 | 8.8.8.8 | 0x97c1 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 07:15:35.246782064 CET | 192.168.2.4 | 8.8.8.8 | 0xe66 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 07:15:37.634501934 CET | 192.168.2.4 | 8.8.8.8 | 0xc3e3 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 07:15:40.166773081 CET | 192.168.2.4 | 8.8.8.8 | 0xee78 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 07:15:43.041888952 CET | 192.168.2.4 | 8.8.8.8 | 0x394e | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 07:15:44.537666082 CET | 192.168.2.4 | 8.8.8.8 | 0x1de5 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 07:15:46.131236076 CET | 192.168.2.4 | 8.8.8.8 | 0xf757 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 07:15:48.529268980 CET | 192.168.2.4 | 8.8.8.8 | 0x448c | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 07:15:51.134810925 CET | 192.168.2.4 | 8.8.8.8 | 0x332 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 07:15:52.762025118 CET | 192.168.2.4 | 8.8.8.8 | 0xb8a0 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 07:15:54.234880924 CET | 192.168.2.4 | 8.8.8.8 | 0xaa34 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 07:15:56.255400896 CET | 192.168.2.4 | 8.8.8.8 | 0x5472 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 07:15:58.575176954 CET | 192.168.2.4 | 8.8.8.8 | 0xc43f | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 07:16:01.477211952 CET | 192.168.2.4 | 8.8.8.8 | 0xeff0 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 07:16:03.121555090 CET | 192.168.2.4 | 8.8.8.8 | 0xa14a | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 07:16:04.371279001 CET | 192.168.2.4 | 8.8.8.8 | 0xf5be | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 07:16:05.685066938 CET | 192.168.2.4 | 8.8.8.8 | 0x2b37 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 07:16:07.156482935 CET | 192.168.2.4 | 8.8.8.8 | 0x6624 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 07:16:08.679229021 CET | 192.168.2.4 | 8.8.8.8 | 0xa227 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 07:16:11.928960085 CET | 192.168.2.4 | 8.8.8.8 | 0x18e5 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 07:16:14.001940966 CET | 192.168.2.4 | 8.8.8.8 | 0x17e7 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 07:16:17.261699915 CET | 192.168.2.4 | 8.8.8.8 | 0xede4 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 07:16:20.238981962 CET | 192.168.2.4 | 8.8.8.8 | 0x7b1b | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 07:16:24.393260956 CET | 192.168.2.4 | 8.8.8.8 | 0x93a3 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 07:16:28.115921021 CET | 192.168.2.4 | 8.8.8.8 | 0x204e | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 07:16:30.577742100 CET | 192.168.2.4 | 8.8.8.8 | 0x6cf1 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 07:16:32.866368055 CET | 192.168.2.4 | 8.8.8.8 | 0x2008 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 07:16:34.589356899 CET | 192.168.2.4 | 8.8.8.8 | 0x29f7 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 07:16:36.625505924 CET | 192.168.2.4 | 8.8.8.8 | 0x50f4 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 07:16:38.657772064 CET | 192.168.2.4 | 8.8.8.8 | 0xb6d1 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 07:16:39.971518993 CET | 192.168.2.4 | 8.8.8.8 | 0x2d24 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 07:16:41.312222004 CET | 192.168.2.4 | 8.8.8.8 | 0xa7d6 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 07:16:43.229424953 CET | 192.168.2.4 | 8.8.8.8 | 0x36c1 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 07:16:46.364284992 CET | 192.168.2.4 | 8.8.8.8 | 0x986b | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 07:16:48.917032003 CET | 192.168.2.4 | 8.8.8.8 | 0x9e13 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 07:16:50.913182020 CET | 192.168.2.4 | 8.8.8.8 | 0x51d7 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 07:16:52.900542974 CET | 192.168.2.4 | 8.8.8.8 | 0xad8d | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 07:16:55.037755013 CET | 192.168.2.4 | 8.8.8.8 | 0x91ed | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 07:16:56.862276077 CET | 192.168.2.4 | 8.8.8.8 | 0x6eb | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 07:16:58.180952072 CET | 192.168.2.4 | 8.8.8.8 | 0x31c9 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 07:16:59.790585995 CET | 192.168.2.4 | 8.8.8.8 | 0x80a5 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 07:17:01.058151960 CET | 192.168.2.4 | 8.8.8.8 | 0x82b6 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 07:17:02.385804892 CET | 192.168.2.4 | 8.8.8.8 | 0x21b4 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 07:17:03.775289059 CET | 192.168.2.4 | 8.8.8.8 | 0x6489 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 07:17:05.055073023 CET | 192.168.2.4 | 8.8.8.8 | 0x6af | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 07:17:06.411191940 CET | 192.168.2.4 | 8.8.8.8 | 0xfd66 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 07:17:07.722347021 CET | 192.168.2.4 | 8.8.8.8 | 0x85ee | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 07:17:09.254395008 CET | 192.168.2.4 | 8.8.8.8 | 0x5702 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 07:17:11.775614977 CET | 192.168.2.4 | 8.8.8.8 | 0x562f | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Jan 14, 2022 07:15:13.923434973 CET | 8.8.8.8 | 192.168.2.4 | 0x6a62 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 07:15:15.647453070 CET | 8.8.8.8 | 192.168.2.4 | 0x6b83 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 07:15:16.881752014 CET | 8.8.8.8 | 192.168.2.4 | 0x621e | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 07:15:18.261272907 CET | 8.8.8.8 | 192.168.2.4 | 0x4eed | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 07:15:19.535804987 CET | 8.8.8.8 | 192.168.2.4 | 0x7991 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 07:15:21.194984913 CET | 8.8.8.8 | 192.168.2.4 | 0x947a | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 07:15:24.226423979 CET | 8.8.8.8 | 192.168.2.4 | 0xfde1 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 07:15:25.659820080 CET | 8.8.8.8 | 192.168.2.4 | 0xa848 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 07:15:27.465480089 CET | 8.8.8.8 | 192.168.2.4 | 0xb509 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 07:15:28.868638039 CET | 8.8.8.8 | 192.168.2.4 | 0x370b | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 07:15:30.321918011 CET | 8.8.8.8 | 192.168.2.4 | 0x15ff | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 07:15:31.691579103 CET | 8.8.8.8 | 192.168.2.4 | 0xf55f | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 07:15:32.973172903 CET | 8.8.8.8 | 192.168.2.4 | 0x97c1 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 07:15:35.266144037 CET | 8.8.8.8 | 192.168.2.4 | 0xe66 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 07:15:37.653927088 CET | 8.8.8.8 | 192.168.2.4 | 0xc3e3 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 07:15:40.183775902 CET | 8.8.8.8 | 192.168.2.4 | 0xee78 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 07:15:43.060411930 CET | 8.8.8.8 | 192.168.2.4 | 0x394e | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 07:15:44.557122946 CET | 8.8.8.8 | 192.168.2.4 | 0x1de5 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 07:15:46.151381969 CET | 8.8.8.8 | 192.168.2.4 | 0xf757 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 07:15:48.548661947 CET | 8.8.8.8 | 192.168.2.4 | 0x448c | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 07:15:51.152173042 CET | 8.8.8.8 | 192.168.2.4 | 0x332 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 07:15:52.781132936 CET | 8.8.8.8 | 192.168.2.4 | 0xb8a0 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 07:15:54.254149914 CET | 8.8.8.8 | 192.168.2.4 | 0xaa34 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 07:15:56.274619102 CET | 8.8.8.8 | 192.168.2.4 | 0x5472 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 07:15:58.596236944 CET | 8.8.8.8 | 192.168.2.4 | 0xc43f | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 07:16:01.496733904 CET | 8.8.8.8 | 192.168.2.4 | 0xeff0 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 07:16:03.140244961 CET | 8.8.8.8 | 192.168.2.4 | 0xa14a | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 07:16:04.390710115 CET | 8.8.8.8 | 192.168.2.4 | 0xf5be | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 07:16:05.704754114 CET | 8.8.8.8 | 192.168.2.4 | 0x2b37 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 07:16:07.174711943 CET | 8.8.8.8 | 192.168.2.4 | 0x6624 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 07:16:08.697597027 CET | 8.8.8.8 | 192.168.2.4 | 0xa227 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 07:16:11.948059082 CET | 8.8.8.8 | 192.168.2.4 | 0x18e5 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 07:16:14.020950079 CET | 8.8.8.8 | 192.168.2.4 | 0x17e7 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 07:16:17.279268026 CET | 8.8.8.8 | 192.168.2.4 | 0xede4 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 07:16:20.259481907 CET | 8.8.8.8 | 192.168.2.4 | 0x7b1b | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 07:16:24.411359072 CET | 8.8.8.8 | 192.168.2.4 | 0x93a3 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 07:16:28.133634090 CET | 8.8.8.8 | 192.168.2.4 | 0x204e | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 07:16:30.594938993 CET | 8.8.8.8 | 192.168.2.4 | 0x6cf1 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 07:16:32.886065960 CET | 8.8.8.8 | 192.168.2.4 | 0x2008 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 07:16:34.606406927 CET | 8.8.8.8 | 192.168.2.4 | 0x29f7 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 07:16:36.645319939 CET | 8.8.8.8 | 192.168.2.4 | 0x50f4 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 07:16:38.675271034 CET | 8.8.8.8 | 192.168.2.4 | 0xb6d1 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 07:16:39.991748095 CET | 8.8.8.8 | 192.168.2.4 | 0x2d24 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 07:16:41.331799030 CET | 8.8.8.8 | 192.168.2.4 | 0xa7d6 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 07:16:43.249593019 CET | 8.8.8.8 | 192.168.2.4 | 0x36c1 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 07:16:46.383768082 CET | 8.8.8.8 | 192.168.2.4 | 0x986b | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 07:16:48.936470032 CET | 8.8.8.8 | 192.168.2.4 | 0x9e13 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 07:16:50.931972980 CET | 8.8.8.8 | 192.168.2.4 | 0x51d7 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 07:16:52.919825077 CET | 8.8.8.8 | 192.168.2.4 | 0xad8d | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 07:16:55.058094978 CET | 8.8.8.8 | 192.168.2.4 | 0x91ed | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 07:16:56.881892920 CET | 8.8.8.8 | 192.168.2.4 | 0x6eb | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 07:16:58.200124025 CET | 8.8.8.8 | 192.168.2.4 | 0x31c9 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 07:16:59.809870958 CET | 8.8.8.8 | 192.168.2.4 | 0x80a5 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 07:17:01.075694084 CET | 8.8.8.8 | 192.168.2.4 | 0x82b6 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 07:17:02.405262947 CET | 8.8.8.8 | 192.168.2.4 | 0x21b4 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 07:17:03.794727087 CET | 8.8.8.8 | 192.168.2.4 | 0x6489 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 07:17:05.074599981 CET | 8.8.8.8 | 192.168.2.4 | 0x6af | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 07:17:06.430692911 CET | 8.8.8.8 | 192.168.2.4 | 0xfd66 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 07:17:07.742001057 CET | 8.8.8.8 | 192.168.2.4 | 0x85ee | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 07:17:09.274477959 CET | 8.8.8.8 | 192.168.2.4 | 0x5702 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 07:17:11.796473026 CET | 8.8.8.8 | 192.168.2.4 | 0x562f | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) |
HTTP Request Dependency Graph |
---|
|
HTTP Packets |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.4 | 49765 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Purchase Order #5000012803.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 07:15:14.068203926 CET | 1148 | OUT | |
Jan 14, 2022 07:15:14.192487955 CET | 1148 | OUT | |
Jan 14, 2022 07:15:14.326773882 CET | 1149 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.2.4 | 49766 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Purchase Order #5000012803.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 07:15:15.774785995 CET | 1150 | OUT | |
Jan 14, 2022 07:15:15.897516012 CET | 1246 | OUT | |
Jan 14, 2022 07:15:16.029309988 CET | 1246 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
10 | 192.168.2.4 | 49775 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Purchase Order #5000012803.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 07:15:30.454418898 CET | 1345 | OUT | |
Jan 14, 2022 07:15:30.577229977 CET | 1345 | OUT | |
Jan 14, 2022 07:15:30.710796118 CET | 1345 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
11 | 192.168.2.4 | 49776 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Purchase Order #5000012803.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 07:15:31.824330091 CET | 1346 | OUT | |
Jan 14, 2022 07:15:31.946741104 CET | 1347 | OUT | |
Jan 14, 2022 07:15:32.075763941 CET | 1347 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
12 | 192.168.2.4 | 49777 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Purchase Order #5000012803.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 07:15:33.100122929 CET | 1348 | OUT | |
Jan 14, 2022 07:15:33.222616911 CET | 1348 | OUT | |
Jan 14, 2022 07:15:33.355024099 CET | 1348 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
13 | 192.168.2.4 | 49778 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Purchase Order #5000012803.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 07:15:35.394366026 CET | 1350 | OUT | |
Jan 14, 2022 07:15:35.520056009 CET | 1363 | OUT | |
Jan 14, 2022 07:15:35.667382956 CET | 1372 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
14 | 192.168.2.4 | 49781 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Purchase Order #5000012803.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 07:15:37.781119108 CET | 1373 | OUT | |
Jan 14, 2022 07:15:37.903804064 CET | 1373 | OUT | |
Jan 14, 2022 07:15:38.033628941 CET | 1374 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
15 | 192.168.2.4 | 49782 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Purchase Order #5000012803.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 07:15:40.339952946 CET | 1375 | OUT | |
Jan 14, 2022 07:15:40.463958979 CET | 1375 | OUT | |
Jan 14, 2022 07:15:40.607796907 CET | 1375 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
16 | 192.168.2.4 | 49783 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Purchase Order #5000012803.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 07:15:43.210043907 CET | 1376 | OUT | |
Jan 14, 2022 07:15:43.332705021 CET | 1376 | OUT | |
Jan 14, 2022 07:15:43.464898109 CET | 1376 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
17 | 192.168.2.4 | 49784 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Purchase Order #5000012803.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 07:15:44.685173988 CET | 1377 | OUT | |
Jan 14, 2022 07:15:44.809154034 CET | 1378 | OUT | |
Jan 14, 2022 07:15:44.943876982 CET | 1378 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
18 | 192.168.2.4 | 49785 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Purchase Order #5000012803.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 07:15:46.279601097 CET | 1379 | OUT | |
Jan 14, 2022 07:15:46.403915882 CET | 1379 | OUT | |
Jan 14, 2022 07:15:46.535479069 CET | 1379 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
19 | 192.168.2.4 | 49786 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Purchase Order #5000012803.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 07:15:48.680702925 CET | 1380 | OUT | |
Jan 14, 2022 07:15:48.805205107 CET | 1380 | OUT | |
Jan 14, 2022 07:15:48.940790892 CET | 1381 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
2 | 192.168.2.4 | 49767 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Purchase Order #5000012803.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 07:15:17.010469913 CET | 1247 | OUT | |
Jan 14, 2022 07:15:17.134681940 CET | 1247 | OUT | |
Jan 14, 2022 07:15:17.266379118 CET | 1247 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
20 | 192.168.2.4 | 49787 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Purchase Order #5000012803.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 07:15:51.278645992 CET | 1381 | OUT | |
Jan 14, 2022 07:15:51.496203899 CET | 1382 | OUT | |
Jan 14, 2022 07:15:51.711889029 CET | 1382 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
21 | 192.168.2.4 | 49788 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Purchase Order #5000012803.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 07:15:52.910922050 CET | 1383 | OUT | |
Jan 14, 2022 07:15:53.033909082 CET | 1383 | OUT | |
Jan 14, 2022 07:15:53.164037943 CET | 1383 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
22 | 192.168.2.4 | 49789 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Purchase Order #5000012803.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 07:15:54.384953022 CET | 1384 | OUT | |
Jan 14, 2022 07:15:54.510684967 CET | 1385 | OUT | |
Jan 14, 2022 07:15:54.642054081 CET | 1385 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
23 | 192.168.2.4 | 49790 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Purchase Order #5000012803.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 07:15:56.404035091 CET | 1386 | OUT | |
Jan 14, 2022 07:15:56.530853033 CET | 1386 | OUT | |
Jan 14, 2022 07:15:56.687561035 CET | 1387 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
24 | 192.168.2.4 | 49791 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Purchase Order #5000012803.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 07:15:58.873327017 CET | 1388 | OUT | |
Jan 14, 2022 07:15:58.997903109 CET | 1388 | OUT | |
Jan 14, 2022 07:15:59.129765034 CET | 1388 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
25 | 192.168.2.4 | 49792 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Purchase Order #5000012803.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 07:16:01.632257938 CET | 1389 | OUT | |
Jan 14, 2022 07:16:01.756613016 CET | 1389 | OUT | |
Jan 14, 2022 07:16:02.004981041 CET | 1389 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
26 | 192.168.2.4 | 49793 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Purchase Order #5000012803.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 07:16:03.275393009 CET | 1390 | OUT | |
Jan 14, 2022 07:16:03.397876978 CET | 1391 | OUT | |
Jan 14, 2022 07:16:03.527699947 CET | 1391 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
27 | 192.168.2.4 | 49794 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Purchase Order #5000012803.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 07:16:04.521631956 CET | 1392 | OUT | |
Jan 14, 2022 07:16:04.644192934 CET | 1392 | OUT | |
Jan 14, 2022 07:16:04.775456905 CET | 1392 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
28 | 192.168.2.4 | 49795 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Purchase Order #5000012803.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 07:16:05.921415091 CET | 1393 | OUT | |
Jan 14, 2022 07:16:06.043971062 CET | 1393 | OUT | |
Jan 14, 2022 07:16:06.174947023 CET | 1394 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
29 | 192.168.2.4 | 49797 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Purchase Order #5000012803.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 07:16:07.332344055 CET | 1473 | OUT | |
Jan 14, 2022 07:16:07.455298901 CET | 1486 | OUT | |
Jan 14, 2022 07:16:07.593718052 CET | 1521 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
3 | 192.168.2.4 | 49768 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Purchase Order #5000012803.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 07:15:18.393620968 CET | 1248 | OUT | |
Jan 14, 2022 07:15:18.518191099 CET | 1248 | OUT | |
Jan 14, 2022 07:15:18.650015116 CET | 1249 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
30 | 192.168.2.4 | 49804 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Purchase Order #5000012803.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 07:16:08.825263977 CET | 1624 | OUT | |
Jan 14, 2022 07:16:08.949115038 CET | 1625 | OUT | |
Jan 14, 2022 07:16:09.082606077 CET | 1639 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
31 | 192.168.2.4 | 49823 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Purchase Order #5000012803.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 07:16:12.085515976 CET | 2197 | OUT | |
Jan 14, 2022 07:16:12.209481001 CET | 2199 | OUT | |
Jan 14, 2022 07:16:12.347671986 CET | 2200 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
32 | 192.168.2.4 | 49833 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Purchase Order #5000012803.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 07:16:14.147581100 CET | 2219 | OUT | |
Jan 14, 2022 07:16:14.301525116 CET | 2219 | OUT | |
Jan 14, 2022 07:16:14.442856073 CET | 2220 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
33 | 192.168.2.4 | 49834 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Purchase Order #5000012803.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 07:16:17.416397095 CET | 2221 | OUT | |
Jan 14, 2022 07:16:17.540833950 CET | 2221 | OUT | |
Jan 14, 2022 07:16:17.672099113 CET | 2221 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
34 | 192.168.2.4 | 49835 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Purchase Order #5000012803.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 07:16:20.386728048 CET | 2222 | OUT | |
Jan 14, 2022 07:16:20.510426044 CET | 2222 | OUT | |
Jan 14, 2022 07:16:20.641201019 CET | 2224 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
35 | 192.168.2.4 | 49841 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Purchase Order #5000012803.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 07:16:24.539316893 CET | 10035 | OUT | |
Jan 14, 2022 07:16:24.661875010 CET | 10036 | OUT | |
Jan 14, 2022 07:16:24.792671919 CET | 10036 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
36 | 192.168.2.4 | 49842 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Purchase Order #5000012803.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 07:16:28.261720896 CET | 10037 | OUT | |
Jan 14, 2022 07:16:28.386477947 CET | 10037 | OUT | |
Jan 14, 2022 07:16:28.518954039 CET | 10037 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
37 | 192.168.2.4 | 49843 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Purchase Order #5000012803.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 07:16:30.749545097 CET | 10038 | OUT | |
Jan 14, 2022 07:16:30.872180939 CET | 10038 | OUT | |
Jan 14, 2022 07:16:31.008444071 CET | 10039 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
38 | 192.168.2.4 | 49845 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Purchase Order #5000012803.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 07:16:33.019782066 CET | 10841 | OUT | |
Jan 14, 2022 07:16:33.144319057 CET | 10841 | OUT | |
Jan 14, 2022 07:16:33.277029037 CET | 10841 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
39 | 192.168.2.4 | 49846 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Purchase Order #5000012803.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 07:16:34.831557989 CET | 10842 | OUT | |
Jan 14, 2022 07:16:34.956110001 CET | 10842 | OUT | |
Jan 14, 2022 07:16:35.088538885 CET | 10843 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
4 | 192.168.2.4 | 49769 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Purchase Order #5000012803.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 07:15:19.695573092 CET | 1250 | OUT | |
Jan 14, 2022 07:15:19.846723080 CET | 1250 | OUT | |
Jan 14, 2022 07:15:20.016736984 CET | 1250 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
40 | 192.168.2.4 | 49852 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Purchase Order #5000012803.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 07:16:36.784149885 CET | 10855 | OUT | |
Jan 14, 2022 07:16:36.908672094 CET | 10856 | OUT | |
Jan 14, 2022 07:16:37.041826010 CET | 10856 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
41 | 192.168.2.4 | 49857 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Purchase Order #5000012803.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 07:16:38.818540096 CET | 10867 | OUT | |
Jan 14, 2022 07:16:38.943881989 CET | 10870 | OUT | |
Jan 14, 2022 07:16:39.078356028 CET | 10871 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
42 | 192.168.2.4 | 49864 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Purchase Order #5000012803.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 07:16:40.128746986 CET | 10882 | OUT | |
Jan 14, 2022 07:16:40.274898052 CET | 10884 | OUT | |
Jan 14, 2022 07:16:40.411902905 CET | 10885 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
43 | 192.168.2.4 | 49871 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Purchase Order #5000012803.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 07:16:41.470923901 CET | 10898 | OUT | |
Jan 14, 2022 07:16:41.612869024 CET | 10900 | OUT | |
Jan 14, 2022 07:16:41.745306969 CET | 10901 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
44 | 192.168.2.4 | 49873 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Purchase Order #5000012803.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 07:16:43.379060030 CET | 10901 | OUT | |
Jan 14, 2022 07:16:43.544672012 CET | 10902 | OUT | |
Jan 14, 2022 07:16:43.675276995 CET | 10902 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
45 | 192.168.2.4 | 49875 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Purchase Order #5000012803.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 07:16:46.514857054 CET | 10908 | OUT | |
Jan 14, 2022 07:16:46.639029980 CET | 10908 | OUT | |
Jan 14, 2022 07:16:46.773838043 CET | 10908 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
46 | 192.168.2.4 | 49876 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Purchase Order #5000012803.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 07:16:49.069116116 CET | 10909 | OUT | |
Jan 14, 2022 07:16:49.194155931 CET | 10909 | OUT | |
Jan 14, 2022 07:16:49.337191105 CET | 10910 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
47 | 192.168.2.4 | 49877 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Purchase Order #5000012803.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 07:16:51.061156988 CET | 10910 | OUT | |
Jan 14, 2022 07:16:51.185406923 CET | 10911 | OUT | |
Jan 14, 2022 07:16:51.340956926 CET | 10911 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
48 | 192.168.2.4 | 49879 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Purchase Order #5000012803.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 07:16:53.094090939 CET | 10916 | OUT | |
Jan 14, 2022 07:16:53.252428055 CET | 10918 | OUT | |
Jan 14, 2022 07:16:53.418189049 CET | 10919 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
49 | 192.168.2.4 | 49882 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Purchase Order #5000012803.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 07:16:55.310735941 CET | 10922 | OUT | |
Jan 14, 2022 07:16:55.472043991 CET | 10922 | OUT | |
Jan 14, 2022 07:16:55.646163940 CET | 10922 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
5 | 192.168.2.4 | 49770 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Purchase Order #5000012803.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 07:15:21.323362112 CET | 1338 | OUT | |
Jan 14, 2022 07:15:21.446059942 CET | 1338 | OUT | |
Jan 14, 2022 07:15:21.577928066 CET | 1338 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
50 | 192.168.2.4 | 49883 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Purchase Order #5000012803.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 07:16:57.010126114 CET | 10923 | OUT | |
Jan 14, 2022 07:16:57.134207010 CET | 10924 | OUT | |
Jan 14, 2022 07:16:57.265400887 CET | 10924 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
51 | 192.168.2.4 | 49884 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Purchase Order #5000012803.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 07:16:58.361671925 CET | 10925 | OUT | |
Jan 14, 2022 07:16:58.661470890 CET | 10925 | OUT | |
Jan 14, 2022 07:16:58.867147923 CET | 10926 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
52 | 192.168.2.4 | 49885 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Purchase Order #5000012803.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 07:16:59.960262060 CET | 10927 | OUT | |
Jan 14, 2022 07:17:00.083255053 CET | 10927 | OUT | |
Jan 14, 2022 07:17:00.213871956 CET | 10927 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
53 | 192.168.2.4 | 49886 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Purchase Order #5000012803.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 07:17:01.212522984 CET | 10928 | OUT | |
Jan 14, 2022 07:17:01.337017059 CET | 10928 | OUT | |
Jan 14, 2022 07:17:01.469331980 CET | 10929 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
54 | 192.168.2.4 | 49887 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Purchase Order #5000012803.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 07:17:02.582056046 CET | 10930 | OUT | |
Jan 14, 2022 07:17:02.704819918 CET | 10930 | OUT | |
Jan 14, 2022 07:17:02.835235119 CET | 10930 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
55 | 192.168.2.4 | 49888 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Purchase Order #5000012803.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 07:17:03.930332899 CET | 10931 | OUT | |
Jan 14, 2022 07:17:04.054950953 CET | 10931 | OUT | |
Jan 14, 2022 07:17:04.186918974 CET | 10931 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
56 | 192.168.2.4 | 49889 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Purchase Order #5000012803.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 07:17:05.232615948 CET | 10932 | OUT | |
Jan 14, 2022 07:17:05.355555058 CET | 10933 | OUT | |
Jan 14, 2022 07:17:05.503925085 CET | 10933 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
57 | 192.168.2.4 | 49890 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Purchase Order #5000012803.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 07:17:06.577783108 CET | 10934 | OUT | |
Jan 14, 2022 07:17:06.700897932 CET | 10934 | OUT | |
Jan 14, 2022 07:17:06.833031893 CET | 10934 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
58 | 192.168.2.4 | 49891 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Purchase Order #5000012803.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 07:17:07.881860018 CET | 10935 | OUT | |
Jan 14, 2022 07:17:08.070202112 CET | 10935 | OUT | |
Jan 14, 2022 07:17:08.206795931 CET | 10936 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
59 | 192.168.2.4 | 49892 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Purchase Order #5000012803.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 07:17:09.745172977 CET | 10937 | OUT | |
Jan 14, 2022 07:17:09.870347977 CET | 10937 | OUT | |
Jan 14, 2022 07:17:10.052268028 CET | 10937 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
6 | 192.168.2.4 | 49771 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Purchase Order #5000012803.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 07:15:24.359164000 CET | 1339 | OUT | |
Jan 14, 2022 07:15:24.483581066 CET | 1340 | OUT | |
Jan 14, 2022 07:15:24.616121054 CET | 1340 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
60 | 192.168.2.4 | 49893 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Purchase Order #5000012803.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 07:17:11.929100037 CET | 10938 | OUT | |
Jan 14, 2022 07:17:12.055680037 CET | 10938 | OUT | |
Jan 14, 2022 07:17:12.198611021 CET | 10939 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
7 | 192.168.2.4 | 49772 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Purchase Order #5000012803.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 07:15:25.808697939 CET | 1341 | OUT | |
Jan 14, 2022 07:15:25.955164909 CET | 1341 | OUT | |
Jan 14, 2022 07:15:26.114744902 CET | 1341 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
8 | 192.168.2.4 | 49773 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Purchase Order #5000012803.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 07:15:27.597120047 CET | 1342 | OUT | |
Jan 14, 2022 07:15:27.721211910 CET | 1342 | OUT | |
Jan 14, 2022 07:15:27.853188038 CET | 1343 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
9 | 192.168.2.4 | 49774 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Purchase Order #5000012803.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 07:15:28.997591972 CET | 1343 | OUT | |
Jan 14, 2022 07:15:29.122049093 CET | 1344 | OUT | |
Jan 14, 2022 07:15:29.253197908 CET | 1344 | IN |
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
High Level Behavior Distribution |
---|
back
Click to dive into process behavior distribution
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 07:15:06 |
Start date: | 14/01/2022 |
Path: | C:\Users\user\Desktop\Purchase Order #5000012803.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 247015 bytes |
MD5 hash: | D62B8A5FDB90E9241FF0EEF6EA035E32 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
General |
---|
Start time: | 07:15:07 |
Start date: | 14/01/2022 |
Path: | C:\Users\user\Desktop\Purchase Order #5000012803.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 247015 bytes |
MD5 hash: | D62B8A5FDB90E9241FF0EEF6EA035E32 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Disassembly |
---|
Code Analysis |
---|
Execution Graph |
---|
Execution Coverage: | 12% |
Dynamic/Decrypted Code Coverage: | 6.2% |
Signature Coverage: | 22.4% |
Total number of Nodes: | 1328 |
Total number of Limit Nodes: | 25 |
Graph
Executed Functions |
---|
Function 00403225, Relevance: 70.3, APIs: 23, Strings: 17, Instructions: 270filestringcomCOMMON
Control-flow Graph |
---|
C-Code - Quality: 82% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004053AA, Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 156filestringCOMMON
Control-flow Graph |
---|
C-Code - Quality: 94% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
C-Code - Quality: 98% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405D7C, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
Control-flow Graph |
---|
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004035E3, Relevance: 51.0, APIs: 15, Strings: 14, Instructions: 213stringregistrylibraryCOMMON
Control-flow Graph |
---|
C-Code - Quality: 96% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402C5B, Relevance: 26.5, APIs: 5, Strings: 10, Instructions: 203memoryCOMMON
Control-flow Graph |
---|
C-Code - Quality: 96% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401734, Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 147stringtimeCOMMON
Control-flow Graph |
---|
C-Code - Quality: 75% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402F01, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 109fileCOMMON
Control-flow Graph |
---|
C-Code - Quality: 93% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040302C, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 108fileCOMMON
Control-flow Graph |
---|
C-Code - Quality: 94% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401F51, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 69libraryloaderCOMMON
Control-flow Graph |
---|
C-Code - Quality: 57% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
C-Code - Quality: 85% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
C-Code - Quality: 76% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
C-Code - Quality: 84% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406481, Relevance: 5.2, APIs: 4, Instructions: 236COMMON
Control-flow Graph |
---|
C-Code - Quality: 99% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406682, Relevance: 5.2, APIs: 4, Instructions: 208COMMON
C-Code - Quality: 98% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406398, Relevance: 5.2, APIs: 4, Instructions: 205COMMON
C-Code - Quality: 98% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405E9D, Relevance: 5.2, APIs: 4, Instructions: 198COMMON
C-Code - Quality: 98% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004062EB, Relevance: 5.2, APIs: 4, Instructions: 180COMMON
C-Code - Quality: 98% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406409, Relevance: 5.2, APIs: 4, Instructions: 170COMMON
C-Code - Quality: 98% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406355, Relevance: 5.2, APIs: 4, Instructions: 168COMMON
C-Code - Quality: 98% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401389, Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
C-Code - Quality: 69% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040575C, Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
C-Code - Quality: 68% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040573D, Relevance: 3.0, APIs: 2, Instructions: 9COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004031A8, Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004031DA, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 00404F61, Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 278windowclipboardmemoryCOMMON
C-Code - Quality: 95% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404772, Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 478windowmemoryCOMMONCrypto
C-Code - Quality: 97% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404275, Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 266stringCOMMON
C-Code - Quality: 78% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405AA7, Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 195stringCOMMON
C-Code - Quality: 74% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402012, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 134comCOMMON
C-Code - Quality: 74% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402630, Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
C-Code - Quality: 39% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0019E842, Relevance: .2, Instructions: 196COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0019EA56, Relevance: .1, Instructions: 61COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0019EB46, Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0019EB84, Relevance: .0, Instructions: 23COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0019EB07, Relevance: .0, Instructions: 7COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 83% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403F7F, Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 204windowstringCOMMON
C-Code - Quality: 93% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 90% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004057D3, Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 144filememoryCOMMON
C-Code - Quality: 93% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403E9E, Relevance: 12.1, APIs: 8, Instructions: 61COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 93% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004046F2, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402B2D, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004022F5, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71registrystringCOMMON
C-Code - Quality: 90% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 84% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401CC1, Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404610, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78stringCOMMON
C-Code - Quality: 51% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401BAD, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
C-Code - Quality: 51% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004052E5, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 24processCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405578, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401EC5, Relevance: 6.1, APIs: 4, Instructions: 54memoryCOMMON
C-Code - Quality: 85% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401D1B, Relevance: 6.0, APIs: 4, Instructions: 34COMMON
C-Code - Quality: 67% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404D73, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004024B0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34filestringCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004055BF, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004056D1, Relevance: 5.0, APIs: 4, Instructions: 30stringCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph |
---|
Execution Coverage: | 31.2% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 2.3% |
Total number of Nodes: | 1846 |
Total number of Limit Nodes: | 92 |
Graph
Executed Functions |
---|
Function 00403D74, Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 200fileCOMMON
Control-flow Graph |
---|
C-Code - Quality: 85% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 78% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402B7C, Relevance: 3.0, APIs: 2, Instructions: 20memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406069, Relevance: 1.5, APIs: 1, Instructions: 12COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404ED4, Relevance: 1.5, APIs: 1, Instructions: 9networkCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
C-Code - Quality: 75% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
C-Code - Quality: 37% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004040BB, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 129filememoryCOMMON
Control-flow Graph |
---|
C-Code - Quality: 74% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00413866, Relevance: 4.6, APIs: 3, Instructions: 147synchronizationCOMMON
C-Code - Quality: 79% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004042CF, Relevance: 4.6, APIs: 3, Instructions: 60fileCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00412D31, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 178threadCOMMON
C-Code - Quality: 34% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402C03, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 13libraryloaderCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 92% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402BAB, Relevance: 3.0, APIs: 2, Instructions: 11memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004060BD, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
C-Code - Quality: 40% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403C62, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040642C, Relevance: 1.5, APIs: 1, Instructions: 18COMMON
C-Code - Quality: 37% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 37% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403BD0, Relevance: 1.5, APIs: 1, Instructions: 14COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040427D, Relevance: 1.5, APIs: 1, Instructions: 13COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403C40, Relevance: 1.5, APIs: 1, Instructions: 12COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403C08, Relevance: 1.5, APIs: 1, Instructions: 12fileCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403BEF, Relevance: 1.5, APIs: 1, Instructions: 12COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403BB7, Relevance: 1.5, APIs: 1, Instructions: 12COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403B64, Relevance: 1.5, APIs: 1, Instructions: 11COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404DE5, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403F9E, Relevance: 1.3, APIs: 1, Instructions: 16COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406472, Relevance: 1.3, APIs: 1, Instructions: 12sleepCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004058EA, Relevance: 1.3, APIs: 1, Instructions: 12COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405924, Relevance: 1.3, APIs: 1, Instructions: 12COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 0040D069, Relevance: 12.6, Strings: 10, Instructions: 138COMMON
C-Code - Quality: 88% |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |