Windows Analysis Report QUOTAZIONEpdf.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Process Tree |
---|
|
Malware Configuration |
---|
Threatname: Lokibot |
---|
{"C2 list": ["http://kbfvzoboss.bid/alien/fre.php", "http://alphastand.trade/alien/fre.php", "http://alphastand.win/alien/fre.php", "http://alphastand.top/alien/fre.php", "http://slimpackage.com/slimmain/five/fre.php"]}
Yara Overview |
---|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
SUSP_XORed_URL_in_EXE | Detects an XORed URL in an executable | Florian Roth |
| |
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_aPLib_compressed_binary | Yara detected aPLib compressed binary | Joe Security | ||
JoeSecurity_Lokibot | Yara detected Lokibot | Joe Security | ||
Loki_1 | Loki Payload | kevoreilly |
| |
Click to see the 37 entries |
Unpacked PEs |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
SUSP_XORed_URL_in_EXE | Detects an XORed URL in an executable | Florian Roth |
| |
JoeSecurity_aPLib_compressed_binary | Yara detected aPLib compressed binary | Joe Security | ||
Loki_1 | Loki Payload | kevoreilly |
| |
Lokibot | detect Lokibot in memory | JPCERT/CC Incident Response Group |
| |
SUSP_XORed_URL_in_EXE | Detects an XORed URL in an executable | Florian Roth |
| |
Click to see the 82 entries |
Sigma Overview |
---|
No Sigma rule has matched |
---|
Jbx Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Found malware configuration | Show sources |
Source: | Malware Configuration Extractor: |
Antivirus detection for URL or domain | Show sources |
Source: | Avira URL Cloud: |
Multi AV Scanner detection for domain / URL | Show sources |
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link |
Machine Learning detection for sample | Show sources |
Source: | Joe Sandbox ML: |
Source: | Avira: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 1_2_00405D7C | |
Source: | Code function: | 1_2_004053AA | |
Source: | Code function: | 1_2_00402630 | |
Source: | Code function: | 2_2_00403D74 |
Networking: |
---|
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) | Show sources |
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: |
C2 URLs / IPs found in malware configuration | Show sources |
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: |
Source: | ASN Name: |
Source: | IP Address: | ||
Source: | IP Address: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | Code function: | 2_2_00404ED4 |
Source: | Code function: | 1_2_00404F61 |
System Summary: |
---|
Malicious sample detected (through community Yara rule) | Show sources |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Code function: | 1_2_00403225 |
Source: | Code function: | 1_2_0040604C | |
Source: | Code function: | 1_2_00404772 | |
Source: | Code function: | 2_2_0040549C | |
Source: | Code function: | 2_2_004029D4 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | File read: | Jump to behavior |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Code function: | 2_2_0040650A |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | Code function: | 1_2_00402012 |
Source: | File read: | Jump to behavior |
Source: | Code function: | 1_2_00404275 |
Source: | Mutant created: |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Binary string: | ||
Source: | Binary string: |
Data Obfuscation: |
---|
Yara detected aPLib compressed binary | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Code function: | 1_2_72FB102E | |
Source: | Code function: | 2_2_00402AD4 | |
Source: | Code function: | 2_2_00402AFC |
Source: | Code function: | 1_2_00405DA3 |
Source: | File created: | Jump to dropped file |
Hooking and other Techniques for Hiding and Protection: |
---|
Icon mismatch, binary includes an icon from a different legit application in order to fool users | Show sources |
Source: | Icon embedded in binary file: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior |
Source: | Code function: | 1_2_00405D7C | |
Source: | Code function: | 1_2_004053AA | |
Source: | Code function: | 1_2_00402630 | |
Source: | Code function: | 2_2_00403D74 |
Source: | Thread delayed: | Jump to behavior |
Source: | API call chain: | graph_1-3623 | ||
Source: | API call chain: | graph_1-3627 |
Source: | Code function: | 1_2_00405DA3 |
Source: | Code function: | 2_2_00402B7C |
Source: | Process token adjusted: | Jump to behavior |
Source: | Code function: | 1_2_0019E79A | |
Source: | Code function: | 1_2_0019EADC | |
Source: | Code function: | 1_2_0019EA5F | |
Source: | Code function: | 1_2_0019EA9E | |
Source: | Code function: | 1_2_0019E9AE | |
Source: | Code function: | 2_2_0040317B |
HIPS / PFW / Operating System Protection Evasion: |
---|
Injects a PE file into a foreign processes | Show sources |
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Key value queried: | Jump to behavior |
Source: | Code function: | 1_2_00405AA7 |
Source: | Code function: | 2_2_00406069 |
Stealing of Sensitive Information: |
---|
Yara detected Lokibot | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Tries to steal Mail credentials (via file / registry access) | Show sources |
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) | Show sources |
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Tries to harvest and steal ftp login credentials | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Tries to steal Mail credentials (via file registry) | Show sources |
Source: | Code function: | 2_2_0040D069 | |
Source: | Code function: | 2_2_0040D069 |
Tries to harvest and steal browser information (history, passwords, etc) | Show sources |
Source: | File opened: | Jump to behavior |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality: |
---|
Yara detected Lokibot | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Native API1 | Path Interception | Access Token Manipulation1 | Deobfuscate/Decode Files or Information1 | OS Credential Dumping2 | Account Discovery1 | Remote Services | Archive Collected Data1 | Exfiltration Over Other Network Medium | Ingress Tool Transfer3 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | System Shutdown/Reboot1 |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Process Injection112 | Obfuscated Files or Information2 | Credentials in Registry2 | File and Directory Discovery2 | Remote Desktop Protocol | Data from Local System2 | Exfiltration Over Bluetooth | Encrypted Channel1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Software Packing1 | Security Account Manager | System Information Discovery5 | SMB/Windows Admin Shares | Email Collection1 | Automated Exfiltration | Non-Application Layer Protocol3 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Masquerading11 | NTDS | Security Software Discovery1 | Distributed Component Object Model | Clipboard Data1 | Scheduled Transfer | Application Layer Protocol113 | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Virtualization/Sandbox Evasion11 | LSA Secrets | Process Discovery1 | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Access Token Manipulation1 | Cached Domain Credentials | Virtualization/Sandbox Evasion11 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | Process Injection112 | DCSync | System Owner/User Discovery1 | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | Indicator Removal from Tools | Proc Filesystem | Remote System Discovery1 | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Joe Sandbox ML |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen2 | Download File |
Domains |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
5% | Virustotal | Browse |
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
9% | Virustotal | Browse | ||
100% | Avira URL Cloud | malware |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
slimpackage.com | 104.223.93.105 | true | true |
| unknown |
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false |
| unknown |
Contacted IPs |
---|
General Information |
---|
Joe Sandbox Version: | 34.0.0 Boulder Opal |
Analysis ID: | 553085 |
Start date: | 14.01.2022 |
Start time: | 09:51:34 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 5m 41s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | QUOTAZIONEpdf.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 20 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.troj.spyw.evad.winEXE@3/6@56/2 |
EGA Information: |
|
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
09:52:41 | API Interceptor |
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
104.223.93.105 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Domains |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
slimpackage.com | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
ASN-QUADRANET-GLOBALUS | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
No context |
---|
Dropped Files |
---|
No context |
---|
Created / dropped Files |
---|
Process: | C:\Users\user\Desktop\QUOTAZIONEpdf.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 250687 |
Entropy (8bit): | 7.724868567895106 |
Encrypted: | false |
SSDEEP: | 3072:1DyoBWj0S6M6pd7gA/FY2eM203epRkhG2AW3cKGPx5UvG0TTxT5ToKbvosMUC1qk:BZS6M6v0OSV/pShtRMtIzxdvg |
MD5: | 17CCB3C022F9B93E6E7E2A40C253DE9B |
SHA1: | 4D99B2643277CCA9B2FFC1DB5E9247212EA155F0 |
SHA-256: | AB11BFD0AF1FE8B3C42E933F37DFDA582152FFF477AA9DDE4EBB1ADFBD7BC72E |
SHA-512: | E292772D295B45C85E79D6CE37F607F977F20F337DA679B6A2EA78D436631D6DAA9CB844D70A6239F851E1709309D94A0EB808C8AA949A0FB4393F3876333282 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Users\user\Desktop\QUOTAZIONEpdf.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4096 |
Entropy (8bit): | 3.801392215291429 |
Encrypted: | false |
SSDEEP: | 24:e1GSb0JDlOErEcQeV3ax/+FBFUQahkFsAryvDTy2La5DTyxk8q6I1nPnRuV4MPgs:SgZF4h6FBFUQYXze9r6IPRuqStkx |
MD5: | 7F8DBC496B4EB973EC6509A63B7A4C01 |
SHA1: | E3E07E016B3A97604B94CBF8CB2C0FC0BF21033D |
SHA-256: | 4B229D563D725A5F994DEBF010F24F43D6078C18EF1D56628F9815372CA45FC6 |
SHA-512: | D4331F90CE80A5E95CF9E6DD008B6268C733B3A8D0C3CB6200511961126093D5FF0DE73D69F5689E9D7495EBAA8A69EBAE8089B45E080928BE2D37C9FF003E0D |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Users\user\Desktop\QUOTAZIONEpdf.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 5136 |
Entropy (8bit): | 6.121649200700411 |
Encrypted: | false |
SSDEEP: | 96:N+CSmQtQfy1mW8itQYKA36VwVmgEVBS0SNxjzvZOXVYBnZ5r:N+CSmQKK1mWBtQlAtVDEVtS7PvnPr |
MD5: | B97AC6F1BFD2778EC14E068EBCEC96AE |
SHA1: | AE5C7D27BE7135FD5765A337CBA06CAA65E943A9 |
SHA-256: | 065853BAB7BD450615B9697F39486EB81AB42F34AA502BB8BBC9631FCA53C608 |
SHA-512: | AF68D42ED2C127C2354BAEE151F23C967386C215EF9523943D594D85F94C208EC3C31D20479DAE1D5C6CBDBB4CABED88B4EF1555C17C98A6737446971870C72E |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Users\user\Desktop\QUOTAZIONEpdf.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 216745 |
Entropy (8bit): | 7.990426242680324 |
Encrypted: | true |
SSDEEP: | 3072:uWj0S6M6pd7gA/FY2eM203epRkhG2AW3cKGPx5UvG0TTxT5ToKbvosMUC1qi:SS6M6v0OSV/pShtRMtIzxdvgT |
MD5: | BAC58EACE647B10E7E15CCD5BCB67309 |
SHA1: | 60C8B10660CA6837C542855B77AA703139D6D02B |
SHA-256: | C35DD027079BE254D7EE5FBA88646D3BB6DCBDED2356041512441E1FBF08A1AE |
SHA-512: | 6A1F087896210D9811C4E6352ED8D02323F50F1754FA3590B3DD1782F344689FD275D0375676D296BBBE4CA50399B83D39937CB52A2F7743012C442C8AEE4135 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Users\user\Desktop\QUOTAZIONEpdf.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:U:U |
MD5: | C4CA4238A0B923820DCC509A6F75849B |
SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
|
Process: | C:\Users\user\Desktop\QUOTAZIONEpdf.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 46 |
Entropy (8bit): | 1.0424600748477153 |
Encrypted: | false |
SSDEEP: | 3:/lbON:u |
MD5: | 89CA7E02D8B79ED50986F098D5686EC9 |
SHA1: | A602E0D4398F00C827BFCF711066E67718CA1377 |
SHA-256: | 30AC626CBD4A97DB480A0379F6D2540195F594C967B7087A26566E352F24C794 |
SHA-512: | C5F453E32C0297E51BE43F84A7E63302E7D1E471FADF8BB789C22A4D6E03712D26E2B039D6FBDBD9EBD35C4E93EC27F03684A7BBB67C4FADCCE9F6279417B5DE |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 7.862243713227495 |
TrID: |
|
File name: | QUOTAZIONEpdf.exe |
File size: | 250601 |
MD5: | 23b85c2f43b23b57411e4f4366a10b25 |
SHA1: | 1511bfee72f99f691c93a1e6b070724890c6aea8 |
SHA256: | 9ad929181f755701c0152618393ccff03e0499944c2e3f22fa2d0539347f5c45 |
SHA512: | 7762714729e6bcbec554e573554ac5a78333a36369c3fe2a81c17fac2810b0b19fa191f05119a4805f7de27f15d2c9252ede56e3dd4b9799cce7593bbd8ae769 |
SSDEEP: | 6144:/wC3lY9KbXDPmKY9xUa07Bv0pe59CGKZDcMbDpTHle:5q0WKASKpCyZwwDlHle |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........uJ...$...$...$./.{...$...%.:.$.".y...$..7....$.f."...$.Rich..$.................PE..L......H.................Z..........%2..... |
File Icon |
---|
Icon Hash: | 1c188bca1b2d565b |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x403225 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
DLL Characteristics: | |
Time Stamp: | 0x48EFCDC9 [Fri Oct 10 21:48:57 2008 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | 099c0646ea7282d232219f8807883be0 |
Entrypoint Preview |
---|
Instruction |
---|
sub esp, 00000180h |
push ebx |
push ebp |
push esi |
xor ebx, ebx |
push edi |
mov dword ptr [esp+18h], ebx |
mov dword ptr [esp+10h], 00409128h |
xor esi, esi |
mov byte ptr [esp+14h], 00000020h |
call dword ptr [00407030h] |
push 00008001h |
call dword ptr [004070B4h] |
push ebx |
call dword ptr [0040727Ch] |
push 00000008h |
mov dword ptr [00423F58h], eax |
call 00007FAFA8C66570h |
mov dword ptr [00423EA4h], eax |
push ebx |
lea eax, dword ptr [esp+34h] |
push 00000160h |
push eax |
push ebx |
push 0041F450h |
call dword ptr [00407158h] |
push 004091B0h |
push 004236A0h |
call 00007FAFA8C66227h |
call dword ptr [004070B0h] |
mov edi, 00429000h |
push eax |
push edi |
call 00007FAFA8C66215h |
push ebx |
call dword ptr [0040710Ch] |
cmp byte ptr [00429000h], 00000022h |
mov dword ptr [00423EA0h], eax |
mov eax, edi |
jne 00007FAFA8C63A3Ch |
mov byte ptr [esp+14h], 00000022h |
mov eax, 00429001h |
push dword ptr [esp+14h] |
push eax |
call 00007FAFA8C65D08h |
push eax |
call dword ptr [0040721Ch] |
mov dword ptr [esp+1Ch], eax |
jmp 00007FAFA8C63A95h |
cmp cl, 00000020h |
jne 00007FAFA8C63A38h |
inc eax |
cmp byte ptr [eax], 00000020h |
je 00007FAFA8C63A2Ch |
cmp byte ptr [eax], 00000022h |
mov byte ptr [eax+eax+00h], 00000000h |
Rich Headers |
---|
Programming Language: |
|
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x73a4 | 0xb4 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x2c000 | 0x4148 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x7000 | 0x28c | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x5976 | 0x5a00 | False | 0.668619791667 | data | 6.46680044621 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rdata | 0x7000 | 0x1190 | 0x1200 | False | 0.444878472222 | data | 5.17796812871 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x9000 | 0x1af98 | 0x400 | False | 0.55078125 | data | 4.68983486809 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.ndata | 0x24000 | 0x8000 | 0x0 | False | 0 | empty | 0.0 | IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.rsrc | 0x2c000 | 0x4148 | 0x4200 | False | 0.441169507576 | data | 5.0955746829 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_ICON | 0x2c1f0 | 0x25a8 | dBase IV DBT of `.DBF, block length 9216, next free block index 40, next free block 4294967295, next used block 4294967295 | English | United States |
RT_ICON | 0x2e798 | 0x10a8 | dBase IV DBT of @.DBF, block length 4096, next free block index 40, next free block 4294374645, next used block 4294967295 | English | United States |
RT_ICON | 0x2f840 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_DIALOG | 0x2fca8 | 0x100 | data | English | United States |
RT_DIALOG | 0x2fda8 | 0x11c | data | English | United States |
RT_DIALOG | 0x2fec8 | 0x60 | data | English | United States |
RT_GROUP_ICON | 0x2ff28 | 0x30 | data | English | United States |
RT_MANIFEST | 0x2ff58 | 0x1eb | XML 1.0 document, ASCII text, with very long lines, with no line terminators | English | United States |
Imports |
---|
DLL | Import |
---|---|
KERNEL32.dll | CompareFileTime, SearchPathA, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CreateDirectoryA, SetFileAttributesA, Sleep, GetTickCount, CreateFileA, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, SetFileTime, GetTempPathA, GetCommandLineA, SetErrorMode, LoadLibraryA, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, GetTempFileNameA, lstrlenA, lstrcatA, GetSystemDirectoryA, GetVersion, CloseHandle, lstrcmpiA, lstrcmpA, ExpandEnvironmentStringsA, GlobalFree, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GetModuleHandleA, LoadLibraryExA, GetProcAddress, FreeLibrary, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, WriteFile, ReadFile, MulDiv, SetFilePointer, FindClose, FindNextFileA, FindFirstFileA, DeleteFileA, GetWindowsDirectoryA |
USER32.dll | EndDialog, ScreenToClient, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, DestroyWindow, CreateDialogParamA, SetTimer, SetWindowTextA, PostQuitMessage, SetForegroundWindow, wsprintfA, SendMessageTimeoutA, FindWindowExA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, OpenClipboard, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongA, LoadImageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, ShowWindow |
GDI32.dll | SetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectA, SetBkMode, SetTextColor, SelectObject |
SHELL32.dll | SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA, SHGetSpecialFolderLocation |
ADVAPI32.dll | RegQueryValueExA, RegSetValueExA, RegEnumKeyA, RegEnumValueA, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA |
COMCTL32.dll | ImageList_AddMasked, ImageList_Destroy, ImageList_Create |
ole32.dll | CoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance |
VERSION.dll | GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA |
Possible Origin |
---|
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Network Behavior |
---|
Snort IDS Alerts |
---|
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
01/14/22-09:52:38.800709 | TCP | 2024312 | ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 | 49742 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:52:38.800709 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49742 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:52:38.800709 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49742 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:52:40.325542 | TCP | 2024312 | ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 | 49743 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:52:40.325542 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49743 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:52:40.325542 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49743 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:52:41.740730 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49744 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:52:41.740730 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49744 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:52:41.740730 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49744 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:52:43.225955 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49745 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:52:43.225955 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49745 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:52:43.225955 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49745 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:52:44.662959 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49746 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:52:44.662959 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49746 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:52:44.662959 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49746 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:52:46.652463 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49747 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:52:46.652463 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49747 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:52:46.652463 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49747 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:52:48.938222 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49748 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:52:48.938222 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49748 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:52:48.938222 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49748 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:52:50.316402 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49749 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:52:50.316402 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49749 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:52:50.316402 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49749 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:52:51.814681 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49750 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:52:51.814681 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49750 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:52:51.814681 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49750 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:52:53.249069 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49751 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:52:53.249069 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49751 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:52:53.249069 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49751 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:52:54.669016 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49752 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:52:54.669016 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49752 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:52:54.669016 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49752 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:52:57.212577 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49755 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:52:57.212577 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49755 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:52:57.212577 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49755 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:52:59.611440 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49756 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:52:59.611440 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49756 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:52:59.611440 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49756 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:53:02.120828 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49757 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:53:02.120828 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49757 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:53:02.120828 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49757 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:53:03.980417 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49758 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:53:03.980417 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49758 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:53:03.980417 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49758 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:53:06.924774 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49759 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:53:06.924774 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49759 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:53:06.924774 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49759 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:53:08.606764 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49760 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:53:08.606764 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49760 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:53:08.606764 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49760 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:53:10.307978 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49761 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:53:10.307978 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49761 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:53:10.307978 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49761 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:53:11.692209 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49762 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:53:11.692209 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49762 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:53:11.692209 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49762 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:53:13.390692 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49763 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:53:13.390692 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49763 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:53:13.390692 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49763 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:53:15.147551 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49764 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:53:15.147551 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49764 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:53:15.147551 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49764 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:53:16.674289 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49765 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:53:16.674289 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49765 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:53:16.674289 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49765 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:53:18.230034 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49766 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:53:18.230034 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49766 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:53:18.230034 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49766 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:53:19.843821 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49770 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:53:19.843821 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49770 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:53:19.843821 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49770 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:53:21.176590 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49771 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:53:21.176590 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49771 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:53:21.176590 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49771 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:53:22.793268 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49772 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:53:22.793268 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49772 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:53:22.793268 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49772 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:53:25.250388 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49773 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:53:25.250388 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49773 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:53:25.250388 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49773 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:53:26.628571 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49775 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:53:26.628571 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49775 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:53:26.628571 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49775 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:53:28.069977 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49781 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:53:28.069977 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49781 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:53:28.069977 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49781 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:53:29.435190 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49789 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:53:29.435190 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49789 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:53:29.435190 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49789 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:53:32.376585 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49806 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:53:32.376585 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49806 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:53:32.376585 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49806 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:53:34.797108 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49813 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:53:34.797108 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49813 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:53:34.797108 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49813 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:53:38.518335 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49814 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:53:38.518335 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49814 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:53:38.518335 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49814 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:53:42.966613 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49815 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:53:42.966613 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49815 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:53:42.966613 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49815 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:53:50.386625 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49821 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:53:50.386625 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49821 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:53:50.386625 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49821 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:53:54.269267 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49822 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:53:54.269267 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49822 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:53:54.269267 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49822 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:53:57.036107 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49824 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:53:57.036107 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49824 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:53:57.036107 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49824 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:53:59.975080 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49825 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:53:59.975080 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49825 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:53:59.975080 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49825 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:54:02.086796 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49826 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:54:02.086796 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49826 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:54:02.086796 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49826 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:54:03.505879 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49832 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:54:03.505879 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49832 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:54:03.505879 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49832 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:54:04.907351 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49840 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:54:04.907351 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49840 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:54:04.907351 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49840 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:54:07.608302 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49852 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:54:07.608302 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49852 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:54:07.608302 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49852 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:54:10.712952 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49853 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:54:10.712952 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49853 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:54:10.712952 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49853 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:54:14.681172 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49854 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:54:14.681172 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49854 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:54:14.681172 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49854 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:54:17.053161 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49855 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:54:17.053161 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49855 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:54:17.053161 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49855 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:54:20.315523 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49856 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:54:20.315523 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49856 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:54:20.315523 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49856 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:54:22.278675 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49857 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:54:22.278675 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49857 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:54:22.278675 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49857 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:54:24.759273 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49858 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:54:24.759273 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49858 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:54:24.759273 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49858 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:54:26.128942 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49859 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:54:26.128942 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49859 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:54:26.128942 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49859 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:54:27.459033 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49860 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:54:27.459033 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49860 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:54:27.459033 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49860 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:54:28.746131 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49861 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:54:28.746131 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49861 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:54:28.746131 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49861 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:54:30.197089 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49862 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:54:30.197089 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49862 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:54:30.197089 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49862 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:54:31.498490 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49863 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:54:31.498490 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49863 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:54:31.498490 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49863 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:54:32.828735 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49864 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:54:32.828735 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49864 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:54:32.828735 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49864 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:54:34.246264 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49865 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:54:34.246264 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49865 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:54:34.246264 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49865 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:54:35.583283 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49866 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:54:35.583283 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49866 | 80 | 192.168.2.3 | 104.223.93.105 |
01/14/22-09:54:35.583283 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49866 | 80 | 192.168.2.3 | 104.223.93.105 |
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jan 14, 2022 09:52:38.673115015 CET | 49742 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:52:38.797828913 CET | 80 | 49742 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:52:38.798329115 CET | 49742 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:52:38.800709009 CET | 49742 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:52:38.925689936 CET | 80 | 49742 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:52:38.925797939 CET | 49742 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:52:39.049918890 CET | 80 | 49742 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:52:39.061507940 CET | 80 | 49742 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:52:39.061574936 CET | 80 | 49742 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:52:39.061729908 CET | 49742 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:52:39.061815023 CET | 49742 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:52:39.186889887 CET | 80 | 49742 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:52:40.199570894 CET | 49743 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:52:40.322210073 CET | 80 | 49743 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:52:40.322340965 CET | 49743 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:52:40.325541973 CET | 49743 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:52:40.452392101 CET | 80 | 49743 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:52:40.452498913 CET | 49743 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:52:40.603904009 CET | 80 | 49743 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:52:40.603960991 CET | 80 | 49743 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:52:40.603991985 CET | 80 | 49743 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:52:40.604147911 CET | 49743 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:52:40.604252100 CET | 49743 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:52:40.752100945 CET | 80 | 49743 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:52:41.613596916 CET | 49744 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:52:41.737896919 CET | 80 | 49744 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:52:41.738023996 CET | 49744 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:52:41.740730047 CET | 49744 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:52:41.864665985 CET | 80 | 49744 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:52:41.864794016 CET | 49744 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:52:41.989017010 CET | 80 | 49744 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:52:41.998064995 CET | 80 | 49744 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:52:41.998087883 CET | 80 | 49744 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:52:41.998192072 CET | 49744 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:52:41.998245955 CET | 49744 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:52:42.123435974 CET | 80 | 49744 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:52:43.098083973 CET | 49745 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:52:43.220474958 CET | 80 | 49745 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:52:43.220649004 CET | 49745 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:52:43.225955009 CET | 49745 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:52:43.348833084 CET | 80 | 49745 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:52:43.349733114 CET | 49745 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:52:43.472278118 CET | 80 | 49745 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:52:43.481673956 CET | 80 | 49745 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:52:43.481735945 CET | 80 | 49745 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:52:43.481894970 CET | 49745 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:52:43.483079910 CET | 49745 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:52:43.605353117 CET | 80 | 49745 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:52:44.517575026 CET | 49746 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:52:44.641727924 CET | 80 | 49746 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:52:44.641813993 CET | 49746 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:52:44.662959099 CET | 49746 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:52:44.787147045 CET | 80 | 49746 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:52:44.787275076 CET | 49746 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:52:44.914565086 CET | 80 | 49746 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:52:44.925323009 CET | 80 | 49746 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:52:44.925517082 CET | 80 | 49746 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:52:44.925570011 CET | 49746 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:52:44.925601959 CET | 49746 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:52:45.088896990 CET | 80 | 49746 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:52:46.249346018 CET | 49747 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:52:46.373480082 CET | 80 | 49747 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:52:46.373621941 CET | 49747 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:52:46.652462959 CET | 49747 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:52:46.776640892 CET | 80 | 49747 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:52:46.776705980 CET | 49747 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:52:46.900899887 CET | 80 | 49747 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:52:46.909101009 CET | 80 | 49747 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:52:46.909140110 CET | 80 | 49747 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:52:46.909204960 CET | 49747 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:52:46.909245014 CET | 49747 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:52:47.033881903 CET | 80 | 49747 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:52:48.811659098 CET | 49748 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:52:48.934251070 CET | 80 | 49748 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:52:48.934369087 CET | 49748 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:52:48.938221931 CET | 49748 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:52:49.060755968 CET | 80 | 49748 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:52:49.060915947 CET | 49748 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:52:49.243834019 CET | 80 | 49748 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:52:49.243886948 CET | 80 | 49748 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:52:49.243917942 CET | 80 | 49748 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:52:49.244081974 CET | 49748 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:52:49.244112968 CET | 49748 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:52:49.367177010 CET | 80 | 49748 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:52:50.187966108 CET | 49749 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:52:50.311187983 CET | 80 | 49749 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:52:50.311356068 CET | 49749 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:52:50.316401958 CET | 49749 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:52:50.509155035 CET | 80 | 49749 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:52:50.509278059 CET | 49749 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:52:50.631927013 CET | 80 | 49749 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:52:50.639916897 CET | 80 | 49749 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:52:50.639950991 CET | 80 | 49749 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:52:50.640219927 CET | 49749 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:52:50.640306950 CET | 49749 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:52:50.763415098 CET | 80 | 49749 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:52:51.683743000 CET | 49750 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:52:51.808108091 CET | 80 | 49750 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:52:51.808275938 CET | 49750 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:52:51.814681053 CET | 49750 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:52:51.939219952 CET | 80 | 49750 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:52:51.939326048 CET | 49750 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:52:52.063545942 CET | 80 | 49750 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:52:52.091804981 CET | 80 | 49750 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:52:52.091821909 CET | 80 | 49750 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:52:52.091917038 CET | 49750 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:52:52.091964960 CET | 49750 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:52:52.217159033 CET | 80 | 49750 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:52:53.110362053 CET | 49751 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:52:53.241544008 CET | 80 | 49751 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:52:53.241792917 CET | 49751 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:52:53.249068975 CET | 49751 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:52:53.402643919 CET | 80 | 49751 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:52:53.402760029 CET | 49751 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:52:53.541673899 CET | 80 | 49751 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:52:53.547552109 CET | 80 | 49751 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:52:53.547600985 CET | 80 | 49751 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:52:53.547725916 CET | 49751 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:52:53.547775030 CET | 49751 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:52:53.699661016 CET | 80 | 49751 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:52:54.536000013 CET | 49752 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:52:54.662133932 CET | 80 | 49752 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:52:54.662336111 CET | 49752 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:52:54.669015884 CET | 49752 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:52:54.793598890 CET | 80 | 49752 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:52:54.793697119 CET | 49752 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:52:54.918317080 CET | 80 | 49752 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:52:54.926312923 CET | 80 | 49752 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:52:54.926353931 CET | 80 | 49752 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:52:54.926480055 CET | 49752 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:52:54.926565886 CET | 49752 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:52:55.051983118 CET | 80 | 49752 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:52:57.082355976 CET | 49755 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:52:57.205127954 CET | 80 | 49755 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:52:57.205348969 CET | 49755 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:52:57.212577105 CET | 49755 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:52:57.335016966 CET | 80 | 49755 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:52:57.335104942 CET | 49755 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:52:57.457921982 CET | 80 | 49755 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:52:57.467825890 CET | 80 | 49755 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:52:57.467847109 CET | 80 | 49755 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:52:57.468019009 CET | 49755 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:52:57.468064070 CET | 49755 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:52:57.591134071 CET | 80 | 49755 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:52:59.481087923 CET | 49756 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:52:59.603635073 CET | 80 | 49756 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:52:59.603874922 CET | 49756 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:52:59.611439943 CET | 49756 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:52:59.738342047 CET | 80 | 49756 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:52:59.738571882 CET | 49756 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:52:59.861166000 CET | 80 | 49756 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:52:59.868741035 CET | 80 | 49756 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:52:59.868834019 CET | 80 | 49756 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:52:59.868901968 CET | 49756 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:52:59.868959904 CET | 49756 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:52:59.991909027 CET | 80 | 49756 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:01.983010054 CET | 49757 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:02.115494967 CET | 80 | 49757 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:02.115658045 CET | 49757 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:02.120827913 CET | 49757 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:02.245244980 CET | 80 | 49757 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:02.245347023 CET | 49757 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:02.369695902 CET | 80 | 49757 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:02.376370907 CET | 80 | 49757 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:02.376394987 CET | 80 | 49757 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:02.376497984 CET | 49757 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:02.376540899 CET | 49757 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:02.502068043 CET | 80 | 49757 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:03.852472067 CET | 49758 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:03.976937056 CET | 80 | 49758 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:03.977104902 CET | 49758 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:03.980417013 CET | 49758 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:04.106069088 CET | 80 | 49758 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:04.106193066 CET | 49758 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:04.230422020 CET | 80 | 49758 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:04.236856937 CET | 80 | 49758 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:04.236879110 CET | 80 | 49758 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:04.236958027 CET | 49758 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:04.237023115 CET | 49758 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:04.361481905 CET | 80 | 49758 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:06.792172909 CET | 49759 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:06.921638966 CET | 80 | 49759 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:06.921735048 CET | 49759 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:06.924773932 CET | 49759 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:07.074414015 CET | 80 | 49759 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:07.074510098 CET | 49759 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:07.224203110 CET | 80 | 49759 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:07.233124971 CET | 80 | 49759 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:07.233251095 CET | 80 | 49759 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:07.233354092 CET | 49759 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:07.233484030 CET | 49759 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:07.357954979 CET | 80 | 49759 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:08.473609924 CET | 49760 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:08.597876072 CET | 80 | 49760 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:08.598007917 CET | 49760 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:08.606764078 CET | 49760 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:08.731045961 CET | 80 | 49760 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:08.732410908 CET | 49760 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:08.856570005 CET | 80 | 49760 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:08.864233971 CET | 80 | 49760 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:08.864391088 CET | 49760 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:08.864398956 CET | 80 | 49760 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:08.864473104 CET | 49760 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:08.989067078 CET | 80 | 49760 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:10.149791956 CET | 49761 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:10.304790974 CET | 80 | 49761 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:10.304899931 CET | 49761 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:10.307977915 CET | 49761 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:10.499644995 CET | 80 | 49761 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:10.502069950 CET | 49761 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:10.626019955 CET | 80 | 49761 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:10.631426096 CET | 80 | 49761 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:10.631444931 CET | 80 | 49761 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:10.631601095 CET | 49761 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:10.631634951 CET | 49761 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:10.842083931 CET | 80 | 49761 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:11.564274073 CET | 49762 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:11.687297106 CET | 80 | 49762 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:11.687455893 CET | 49762 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:11.692209005 CET | 49762 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:11.815099001 CET | 80 | 49762 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:11.815228939 CET | 49762 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:11.938086987 CET | 80 | 49762 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:11.946695089 CET | 80 | 49762 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:11.946809053 CET | 80 | 49762 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:11.946926117 CET | 49762 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:11.947052002 CET | 49762 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:12.070259094 CET | 80 | 49762 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:13.263689995 CET | 49763 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:13.387890100 CET | 80 | 49763 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:13.388015985 CET | 49763 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:13.390691996 CET | 49763 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:13.515155077 CET | 80 | 49763 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:13.515346050 CET | 49763 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:13.639585972 CET | 80 | 49763 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:13.657711029 CET | 80 | 49763 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:13.657744884 CET | 80 | 49763 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:13.657892942 CET | 49763 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:13.657965899 CET | 49763 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:13.782521009 CET | 80 | 49763 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:15.011467934 CET | 49764 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:15.143964052 CET | 80 | 49764 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:15.144073963 CET | 49764 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:15.147551060 CET | 49764 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:15.271928072 CET | 80 | 49764 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:15.271997929 CET | 49764 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:15.396617889 CET | 80 | 49764 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:15.406161070 CET | 80 | 49764 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:15.406176090 CET | 80 | 49764 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:15.406301022 CET | 49764 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:15.406326056 CET | 49764 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:15.552254915 CET | 80 | 49764 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:16.545974970 CET | 49765 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:16.670469046 CET | 80 | 49765 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:16.670805931 CET | 49765 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:16.674288988 CET | 49765 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:16.798710108 CET | 80 | 49765 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:16.798804998 CET | 49765 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:16.923161030 CET | 80 | 49765 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:16.934175968 CET | 80 | 49765 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:16.934349060 CET | 49765 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:16.934357882 CET | 80 | 49765 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:16.934406996 CET | 49765 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:17.059601068 CET | 80 | 49765 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:18.104587078 CET | 49766 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:18.227161884 CET | 80 | 49766 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:18.227278948 CET | 49766 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:18.230034113 CET | 49766 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:18.352457047 CET | 80 | 49766 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:18.352592945 CET | 49766 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:18.475158930 CET | 80 | 49766 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:18.484214067 CET | 80 | 49766 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:18.484339952 CET | 80 | 49766 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:18.484441042 CET | 49766 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:18.484498024 CET | 49766 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:18.607786894 CET | 80 | 49766 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:19.717921972 CET | 49770 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:19.840317011 CET | 80 | 49770 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:19.840572119 CET | 49770 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:19.843821049 CET | 49770 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:19.966356993 CET | 80 | 49770 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:19.966540098 CET | 49770 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:20.089190960 CET | 80 | 49770 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:20.097187996 CET | 80 | 49770 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:20.097322941 CET | 80 | 49770 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:20.097629070 CET | 49770 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:20.097656965 CET | 49770 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:20.220742941 CET | 80 | 49770 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:21.047007084 CET | 49771 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:21.171355963 CET | 80 | 49771 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:21.171902895 CET | 49771 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:21.176589966 CET | 49771 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:21.302092075 CET | 80 | 49771 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:21.303132057 CET | 49771 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:21.427753925 CET | 80 | 49771 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:21.435849905 CET | 80 | 49771 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:21.435897112 CET | 80 | 49771 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:21.436203003 CET | 49771 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:21.561022043 CET | 80 | 49771 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:22.666246891 CET | 49772 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:22.790328979 CET | 80 | 49772 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:22.790483952 CET | 49772 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:22.793267965 CET | 49772 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:22.917289019 CET | 80 | 49772 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:22.920172930 CET | 49772 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:23.113514900 CET | 80 | 49772 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:23.150387049 CET | 80 | 49772 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:23.150677919 CET | 80 | 49772 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:23.150793076 CET | 49772 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:23.296163082 CET | 49772 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:23.420478106 CET | 80 | 49772 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:25.120821953 CET | 49773 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:25.246565104 CET | 80 | 49773 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:25.246664047 CET | 49773 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:25.250387907 CET | 49773 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:25.374768019 CET | 80 | 49773 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:25.374854088 CET | 49773 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:25.500363111 CET | 80 | 49773 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:25.508188009 CET | 80 | 49773 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:25.508251905 CET | 80 | 49773 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:25.508382082 CET | 49773 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:25.508457899 CET | 49773 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:25.635023117 CET | 80 | 49773 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:26.503109932 CET | 49775 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:26.625806093 CET | 80 | 49775 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:26.625920057 CET | 49775 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:26.628571033 CET | 49775 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:26.751311064 CET | 80 | 49775 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:26.751445055 CET | 49775 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:26.873924017 CET | 80 | 49775 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:26.881258965 CET | 80 | 49775 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:26.881376028 CET | 49775 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:26.881400108 CET | 80 | 49775 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:26.881453037 CET | 49775 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:27.004054070 CET | 80 | 49775 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:27.943618059 CET | 49781 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:28.066205978 CET | 80 | 49781 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:28.066376925 CET | 49781 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:28.069977045 CET | 49781 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:28.194497108 CET | 80 | 49781 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:28.194595098 CET | 49781 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:28.317151070 CET | 80 | 49781 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:28.325772047 CET | 80 | 49781 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:28.325805902 CET | 80 | 49781 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:28.325910091 CET | 49781 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:28.325938940 CET | 49781 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:28.448967934 CET | 80 | 49781 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:29.306583881 CET | 49789 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:29.431618929 CET | 80 | 49789 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:29.435159922 CET | 49789 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:29.435189962 CET | 49789 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:29.563728094 CET | 80 | 49789 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:29.567574978 CET | 49789 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:29.692378044 CET | 80 | 49789 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:29.699652910 CET | 80 | 49789 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:29.699667931 CET | 80 | 49789 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:29.700038910 CET | 49789 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:29.700052977 CET | 49789 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:29.824692011 CET | 80 | 49789 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:32.249636889 CET | 49806 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:32.372044086 CET | 80 | 49806 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:32.373085976 CET | 49806 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:32.376585007 CET | 49806 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:32.498994112 CET | 80 | 49806 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:32.501925945 CET | 49806 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:32.624532938 CET | 80 | 49806 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:32.632582903 CET | 80 | 49806 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:32.632626057 CET | 80 | 49806 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:32.632708073 CET | 49806 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:32.632745028 CET | 49806 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:32.755970955 CET | 80 | 49806 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:34.668543100 CET | 49813 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:34.793478012 CET | 80 | 49813 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:34.793773890 CET | 49813 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:34.797107935 CET | 49813 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:34.921138048 CET | 80 | 49813 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:34.921205997 CET | 49813 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:35.045180082 CET | 80 | 49813 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:35.055516958 CET | 80 | 49813 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:35.055536985 CET | 80 | 49813 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:35.055625916 CET | 49813 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:35.055655956 CET | 49813 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:35.179922104 CET | 80 | 49813 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:38.390980959 CET | 49814 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:38.514982939 CET | 80 | 49814 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:38.515525103 CET | 49814 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:38.518335104 CET | 49814 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:38.642352104 CET | 80 | 49814 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:38.642458916 CET | 49814 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:38.766614914 CET | 80 | 49814 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:38.778532028 CET | 80 | 49814 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:38.778564930 CET | 80 | 49814 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:38.778651953 CET | 49814 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:38.778692007 CET | 49814 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:38.903242111 CET | 80 | 49814 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:42.339562893 CET | 49815 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:42.463573933 CET | 80 | 49815 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:42.463762999 CET | 49815 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:42.966613054 CET | 49815 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:43.100037098 CET | 80 | 49815 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:43.102488041 CET | 49815 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:43.276439905 CET | 80 | 49815 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:43.286082029 CET | 80 | 49815 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:43.286115885 CET | 80 | 49815 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:43.286218882 CET | 49815 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:43.286248922 CET | 49815 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:43.456432104 CET | 80 | 49815 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:50.259232044 CET | 49821 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:50.381932020 CET | 80 | 49821 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:50.382045984 CET | 49821 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:50.386625051 CET | 49821 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:50.509217024 CET | 80 | 49821 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:50.509305954 CET | 49821 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:50.631870985 CET | 80 | 49821 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:50.642754078 CET | 80 | 49821 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:50.642770052 CET | 80 | 49821 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:50.642895937 CET | 49821 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:50.643001080 CET | 49821 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:50.765794992 CET | 80 | 49821 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:54.142047882 CET | 49822 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:54.266123056 CET | 80 | 49822 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:54.266206980 CET | 49822 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:54.269267082 CET | 49822 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:54.395263910 CET | 80 | 49822 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:54.395328999 CET | 49822 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:54.520034075 CET | 80 | 49822 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:54.529158115 CET | 80 | 49822 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:54.529268980 CET | 80 | 49822 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:54.529285908 CET | 49822 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:54.529316902 CET | 49822 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:54.653960943 CET | 80 | 49822 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:56.910099030 CET | 49824 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:57.032663107 CET | 80 | 49824 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:57.032762051 CET | 49824 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:57.036107063 CET | 49824 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:57.158622980 CET | 80 | 49824 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:57.158740997 CET | 49824 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:57.281152010 CET | 80 | 49824 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:57.289953947 CET | 80 | 49824 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:57.290020943 CET | 80 | 49824 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:57.290108919 CET | 49824 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:57.290502071 CET | 49824 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:57.414272070 CET | 80 | 49824 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:59.478718042 CET | 49825 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:59.602664948 CET | 80 | 49825 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:53:59.602826118 CET | 49825 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:53:59.975080013 CET | 49825 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:00.099400997 CET | 80 | 49825 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:00.099469900 CET | 49825 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:00.261131048 CET | 80 | 49825 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:00.267862082 CET | 80 | 49825 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:00.267879963 CET | 80 | 49825 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:00.267966986 CET | 49825 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:00.267999887 CET | 49825 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:00.392546892 CET | 80 | 49825 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:01.958154917 CET | 49826 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:02.083828926 CET | 80 | 49826 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:02.083956003 CET | 49826 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:02.086796045 CET | 49826 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:02.212471008 CET | 80 | 49826 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:02.212654114 CET | 49826 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:02.337027073 CET | 80 | 49826 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:02.343744040 CET | 80 | 49826 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:02.343775034 CET | 80 | 49826 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:02.343929052 CET | 49826 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:02.343960047 CET | 49826 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:02.468472004 CET | 80 | 49826 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:03.376602888 CET | 49832 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:03.503099918 CET | 80 | 49832 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:03.503205061 CET | 49832 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:03.505878925 CET | 49832 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:03.630043030 CET | 80 | 49832 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:03.630158901 CET | 49832 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:03.754757881 CET | 80 | 49832 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:03.763714075 CET | 80 | 49832 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:03.763926029 CET | 49832 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:03.764245987 CET | 80 | 49832 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:03.764323950 CET | 49832 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:03.894449949 CET | 80 | 49832 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:04.780109882 CET | 49840 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:04.903615952 CET | 80 | 49840 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:04.903791904 CET | 49840 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:04.907351017 CET | 49840 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:05.029817104 CET | 80 | 49840 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:05.030078888 CET | 49840 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:05.152621984 CET | 80 | 49840 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:05.161437035 CET | 80 | 49840 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:05.161470890 CET | 80 | 49840 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:05.164660931 CET | 49840 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:05.164720058 CET | 49840 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:05.288018942 CET | 80 | 49840 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:07.473889112 CET | 49852 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:07.604805946 CET | 80 | 49852 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:07.605096102 CET | 49852 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:07.608302116 CET | 49852 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:07.732795000 CET | 80 | 49852 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:07.732930899 CET | 49852 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:07.858572960 CET | 80 | 49852 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:07.866544008 CET | 80 | 49852 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:07.866569042 CET | 80 | 49852 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:07.869054079 CET | 49852 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:07.869097948 CET | 49852 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:07.993654013 CET | 80 | 49852 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:10.581646919 CET | 49853 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:10.705517054 CET | 80 | 49853 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:10.705708027 CET | 49853 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:10.712951899 CET | 49853 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:10.835719109 CET | 80 | 49853 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:10.835877895 CET | 49853 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:10.960030079 CET | 80 | 49853 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:10.966197014 CET | 80 | 49853 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:10.966240883 CET | 80 | 49853 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:10.966450930 CET | 49853 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:10.966733932 CET | 49853 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:11.090085030 CET | 80 | 49853 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:14.444958925 CET | 49854 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:14.678246975 CET | 80 | 49854 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:14.678423882 CET | 49854 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:14.681171894 CET | 49854 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:14.805207014 CET | 80 | 49854 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:14.805303097 CET | 49854 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:14.933281898 CET | 80 | 49854 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:14.940711975 CET | 80 | 49854 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:14.940762997 CET | 80 | 49854 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:14.940870047 CET | 49854 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:14.941514015 CET | 49854 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:15.104063034 CET | 80 | 49854 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:16.891421080 CET | 49855 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:17.015642881 CET | 80 | 49855 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:17.017808914 CET | 49855 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:17.053160906 CET | 49855 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:17.177468061 CET | 80 | 49855 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:17.180231094 CET | 49855 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:17.304373980 CET | 80 | 49855 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:17.313810110 CET | 80 | 49855 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:17.313905001 CET | 80 | 49855 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:17.313967943 CET | 49855 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:17.314060926 CET | 49855 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:17.438457966 CET | 80 | 49855 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:20.183954954 CET | 49856 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:20.309046984 CET | 80 | 49856 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:20.309209108 CET | 49856 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:20.315522909 CET | 49856 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:20.439687967 CET | 80 | 49856 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:20.439775944 CET | 49856 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:20.564701080 CET | 80 | 49856 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:20.574155092 CET | 80 | 49856 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:20.574270964 CET | 80 | 49856 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:20.574302912 CET | 49856 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:20.574352980 CET | 49856 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:20.698834896 CET | 80 | 49856 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:22.150954962 CET | 49857 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:22.275007010 CET | 80 | 49857 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:22.275120020 CET | 49857 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:22.278675079 CET | 49857 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:22.413964033 CET | 80 | 49857 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:22.414038897 CET | 49857 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:22.538590908 CET | 80 | 49857 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:22.548707962 CET | 80 | 49857 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:22.548749924 CET | 80 | 49857 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:22.548811913 CET | 49857 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:22.549343109 CET | 49857 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:22.673228025 CET | 80 | 49857 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:24.627247095 CET | 49858 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:24.755486012 CET | 80 | 49858 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:24.755637884 CET | 49858 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:24.759273052 CET | 49858 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:24.883593082 CET | 80 | 49858 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:24.883680105 CET | 49858 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:25.007806063 CET | 80 | 49858 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:25.014372110 CET | 80 | 49858 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:25.014393091 CET | 80 | 49858 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:25.014537096 CET | 49858 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:25.014580965 CET | 49858 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:25.139523029 CET | 80 | 49858 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:25.992810965 CET | 49859 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:26.120533943 CET | 80 | 49859 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:26.120656013 CET | 49859 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:26.128942013 CET | 49859 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:26.255944014 CET | 80 | 49859 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:26.256269932 CET | 49859 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:26.380359888 CET | 80 | 49859 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:26.390346050 CET | 80 | 49859 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:26.390363932 CET | 80 | 49859 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:26.390472889 CET | 49859 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:26.390511036 CET | 49859 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:26.520668030 CET | 80 | 49859 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:27.327622890 CET | 49860 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:27.451699972 CET | 80 | 49860 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:27.451808929 CET | 49860 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:27.459033012 CET | 49860 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:27.583070040 CET | 80 | 49860 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:27.583146095 CET | 49860 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:27.707375050 CET | 80 | 49860 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:27.717861891 CET | 80 | 49860 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:27.717950106 CET | 80 | 49860 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:27.718023062 CET | 49860 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:27.718555927 CET | 49860 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:27.842720985 CET | 80 | 49860 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:28.616265059 CET | 49861 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:28.739173889 CET | 80 | 49861 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:28.742439032 CET | 49861 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:28.746130943 CET | 49861 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:28.882603884 CET | 80 | 49861 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:28.882826090 CET | 49861 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:29.010432959 CET | 80 | 49861 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:29.017143965 CET | 80 | 49861 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:29.017170906 CET | 80 | 49861 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:29.017276049 CET | 49861 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:29.017318964 CET | 49861 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:29.140120029 CET | 80 | 49861 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:30.050865889 CET | 49862 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:30.175286055 CET | 80 | 49862 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:30.175498009 CET | 49862 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:30.197088957 CET | 49862 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:30.321353912 CET | 80 | 49862 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:30.321491957 CET | 49862 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:30.446279049 CET | 80 | 49862 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:30.453828096 CET | 80 | 49862 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:30.453915119 CET | 80 | 49862 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:30.453955889 CET | 49862 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:30.453982115 CET | 49862 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:30.578679085 CET | 80 | 49862 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:31.372874975 CET | 49863 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:31.495564938 CET | 80 | 49863 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:31.495714903 CET | 49863 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:31.498490095 CET | 49863 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:31.621664047 CET | 80 | 49863 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:31.621882915 CET | 49863 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:31.744261980 CET | 80 | 49863 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:31.754610062 CET | 80 | 49863 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:31.754734993 CET | 80 | 49863 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:31.754847050 CET | 49863 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:31.754877090 CET | 49863 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:31.878398895 CET | 80 | 49863 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:32.678761005 CET | 49864 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:32.825844049 CET | 80 | 49864 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:32.825999022 CET | 49864 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:32.828735113 CET | 49864 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:32.953165054 CET | 80 | 49864 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:32.953716993 CET | 49864 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:33.097723961 CET | 80 | 49864 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:33.107048988 CET | 80 | 49864 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:33.107198954 CET | 49864 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:33.107671976 CET | 80 | 49864 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:33.107748032 CET | 49864 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:33.232752085 CET | 80 | 49864 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:34.111469984 CET | 49865 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:34.235866070 CET | 80 | 49865 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:34.236105919 CET | 49865 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:34.246263981 CET | 49865 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:34.371639013 CET | 80 | 49865 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:34.371715069 CET | 49865 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:34.496872902 CET | 80 | 49865 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:34.502947092 CET | 80 | 49865 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:34.503043890 CET | 80 | 49865 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:34.503123045 CET | 49865 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:34.503149033 CET | 49865 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:34.628434896 CET | 80 | 49865 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:35.457746029 CET | 49866 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:35.580398083 CET | 80 | 49866 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:35.580612898 CET | 49866 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:35.583282948 CET | 49866 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:35.705717087 CET | 80 | 49866 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:35.705868959 CET | 49866 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:35.832878113 CET | 80 | 49866 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:35.838768005 CET | 80 | 49866 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:35.838787079 CET | 80 | 49866 | 104.223.93.105 | 192.168.2.3 |
Jan 14, 2022 09:54:35.838912964 CET | 49866 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:35.838943005 CET | 49866 | 80 | 192.168.2.3 | 104.223.93.105 |
Jan 14, 2022 09:54:35.962656975 CET | 80 | 49866 | 104.223.93.105 | 192.168.2.3 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jan 14, 2022 09:52:38.638278008 CET | 57459 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 14, 2022 09:52:38.657176971 CET | 53 | 57459 | 8.8.8.8 | 192.168.2.3 |
Jan 14, 2022 09:52:40.178615093 CET | 57875 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 14, 2022 09:52:40.198261976 CET | 53 | 57875 | 8.8.8.8 | 192.168.2.3 |
Jan 14, 2022 09:52:41.491287947 CET | 54154 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 14, 2022 09:52:41.610778093 CET | 53 | 54154 | 8.8.8.8 | 192.168.2.3 |
Jan 14, 2022 09:52:42.955676079 CET | 52806 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 14, 2022 09:52:43.096473932 CET | 53 | 52806 | 8.8.8.8 | 192.168.2.3 |
Jan 14, 2022 09:52:44.396620035 CET | 53910 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 14, 2022 09:52:44.515840054 CET | 53 | 53910 | 8.8.8.8 | 192.168.2.3 |
Jan 14, 2022 09:52:46.228964090 CET | 64021 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 14, 2022 09:52:46.248193026 CET | 53 | 64021 | 8.8.8.8 | 192.168.2.3 |
Jan 14, 2022 09:52:48.792082071 CET | 60784 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 14, 2022 09:52:48.809930086 CET | 53 | 60784 | 8.8.8.8 | 192.168.2.3 |
Jan 14, 2022 09:52:50.168030977 CET | 51143 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 14, 2022 09:52:50.185595036 CET | 53 | 51143 | 8.8.8.8 | 192.168.2.3 |
Jan 14, 2022 09:52:51.662257910 CET | 56009 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 14, 2022 09:52:51.680947065 CET | 53 | 56009 | 8.8.8.8 | 192.168.2.3 |
Jan 14, 2022 09:52:53.089287043 CET | 59026 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 14, 2022 09:52:53.108489990 CET | 53 | 59026 | 8.8.8.8 | 192.168.2.3 |
Jan 14, 2022 09:52:54.513963938 CET | 49572 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 14, 2022 09:52:54.534598112 CET | 53 | 49572 | 8.8.8.8 | 192.168.2.3 |
Jan 14, 2022 09:52:57.062278032 CET | 52130 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 14, 2022 09:52:57.081229925 CET | 53 | 52130 | 8.8.8.8 | 192.168.2.3 |
Jan 14, 2022 09:52:59.459840059 CET | 55102 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 14, 2022 09:52:59.479227066 CET | 53 | 55102 | 8.8.8.8 | 192.168.2.3 |
Jan 14, 2022 09:53:01.961615086 CET | 56236 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 14, 2022 09:53:01.981122017 CET | 53 | 56236 | 8.8.8.8 | 192.168.2.3 |
Jan 14, 2022 09:53:03.698502064 CET | 56527 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 14, 2022 09:53:03.715970993 CET | 53 | 56527 | 8.8.8.8 | 192.168.2.3 |
Jan 14, 2022 09:53:06.771358013 CET | 49559 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 14, 2022 09:53:06.790982008 CET | 53 | 49559 | 8.8.8.8 | 192.168.2.3 |
Jan 14, 2022 09:53:08.452569008 CET | 52650 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 14, 2022 09:53:08.471786976 CET | 53 | 52650 | 8.8.8.8 | 192.168.2.3 |
Jan 14, 2022 09:53:10.127753973 CET | 63297 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 14, 2022 09:53:10.148004055 CET | 53 | 63297 | 8.8.8.8 | 192.168.2.3 |
Jan 14, 2022 09:53:11.543363094 CET | 58361 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 14, 2022 09:53:11.562706947 CET | 53 | 58361 | 8.8.8.8 | 192.168.2.3 |
Jan 14, 2022 09:53:13.143388033 CET | 53615 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 14, 2022 09:53:13.262392044 CET | 53 | 53615 | 8.8.8.8 | 192.168.2.3 |
Jan 14, 2022 09:53:14.991425037 CET | 50728 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 14, 2022 09:53:15.010253906 CET | 53 | 50728 | 8.8.8.8 | 192.168.2.3 |
Jan 14, 2022 09:53:16.526405096 CET | 53777 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 14, 2022 09:53:16.543914080 CET | 53 | 53777 | 8.8.8.8 | 192.168.2.3 |
Jan 14, 2022 09:53:18.082562923 CET | 57106 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 14, 2022 09:53:18.101998091 CET | 53 | 57106 | 8.8.8.8 | 192.168.2.3 |
Jan 14, 2022 09:53:19.696553946 CET | 58058 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 14, 2022 09:53:19.715605974 CET | 53 | 58058 | 8.8.8.8 | 192.168.2.3 |
Jan 14, 2022 09:53:21.026103020 CET | 64367 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 14, 2022 09:53:21.045577049 CET | 53 | 64367 | 8.8.8.8 | 192.168.2.3 |
Jan 14, 2022 09:53:22.642846107 CET | 51539 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 14, 2022 09:53:22.662409067 CET | 53 | 51539 | 8.8.8.8 | 192.168.2.3 |
Jan 14, 2022 09:53:25.096461058 CET | 55393 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 14, 2022 09:53:25.115611076 CET | 53 | 55393 | 8.8.8.8 | 192.168.2.3 |
Jan 14, 2022 09:53:26.482763052 CET | 63456 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 14, 2022 09:53:26.502017975 CET | 53 | 63456 | 8.8.8.8 | 192.168.2.3 |
Jan 14, 2022 09:53:27.923367977 CET | 49250 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 14, 2022 09:53:27.941533089 CET | 53 | 49250 | 8.8.8.8 | 192.168.2.3 |
Jan 14, 2022 09:53:29.277138948 CET | 53079 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 14, 2022 09:53:29.298034906 CET | 53 | 53079 | 8.8.8.8 | 192.168.2.3 |
Jan 14, 2022 09:53:32.222469091 CET | 56706 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 14, 2022 09:53:32.240061998 CET | 53 | 56706 | 8.8.8.8 | 192.168.2.3 |
Jan 14, 2022 09:53:34.646564960 CET | 53569 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 14, 2022 09:53:34.666029930 CET | 53 | 53569 | 8.8.8.8 | 192.168.2.3 |
Jan 14, 2022 09:53:38.370861053 CET | 62855 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 14, 2022 09:53:38.389735937 CET | 53 | 62855 | 8.8.8.8 | 192.168.2.3 |
Jan 14, 2022 09:53:42.318813086 CET | 51046 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 14, 2022 09:53:42.336323023 CET | 53 | 51046 | 8.8.8.8 | 192.168.2.3 |
Jan 14, 2022 09:53:50.238415003 CET | 53465 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 14, 2022 09:53:50.257669926 CET | 53 | 53465 | 8.8.8.8 | 192.168.2.3 |
Jan 14, 2022 09:53:54.120655060 CET | 49290 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 14, 2022 09:53:54.140160084 CET | 53 | 49290 | 8.8.8.8 | 192.168.2.3 |
Jan 14, 2022 09:53:56.889389038 CET | 59754 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 14, 2022 09:53:56.908751011 CET | 53 | 59754 | 8.8.8.8 | 192.168.2.3 |
Jan 14, 2022 09:53:59.456651926 CET | 49234 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 14, 2022 09:53:59.475377083 CET | 53 | 49234 | 8.8.8.8 | 192.168.2.3 |
Jan 14, 2022 09:54:01.937850952 CET | 58720 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 14, 2022 09:54:01.956938028 CET | 53 | 58720 | 8.8.8.8 | 192.168.2.3 |
Jan 14, 2022 09:54:03.356400967 CET | 57447 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 14, 2022 09:54:03.375410080 CET | 53 | 57447 | 8.8.8.8 | 192.168.2.3 |
Jan 14, 2022 09:54:04.759175062 CET | 63583 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 14, 2022 09:54:04.778942108 CET | 53 | 63583 | 8.8.8.8 | 192.168.2.3 |
Jan 14, 2022 09:54:07.453048944 CET | 64099 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 14, 2022 09:54:07.472659111 CET | 53 | 64099 | 8.8.8.8 | 192.168.2.3 |
Jan 14, 2022 09:54:10.560174942 CET | 64610 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 14, 2022 09:54:10.580290079 CET | 53 | 64610 | 8.8.8.8 | 192.168.2.3 |
Jan 14, 2022 09:54:14.424412966 CET | 51989 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 14, 2022 09:54:14.443897963 CET | 53 | 51989 | 8.8.8.8 | 192.168.2.3 |
Jan 14, 2022 09:54:16.826210022 CET | 53152 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 14, 2022 09:54:16.845690966 CET | 53 | 53152 | 8.8.8.8 | 192.168.2.3 |
Jan 14, 2022 09:54:20.161289930 CET | 61590 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 14, 2022 09:54:20.180885077 CET | 53 | 61590 | 8.8.8.8 | 192.168.2.3 |
Jan 14, 2022 09:54:22.129714012 CET | 56077 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 14, 2022 09:54:22.149153948 CET | 53 | 56077 | 8.8.8.8 | 192.168.2.3 |
Jan 14, 2022 09:54:24.605570078 CET | 57951 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 14, 2022 09:54:24.624635935 CET | 53 | 57951 | 8.8.8.8 | 192.168.2.3 |
Jan 14, 2022 09:54:25.971417904 CET | 53276 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 14, 2022 09:54:25.991489887 CET | 53 | 53276 | 8.8.8.8 | 192.168.2.3 |
Jan 14, 2022 09:54:27.306365967 CET | 60135 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 14, 2022 09:54:27.325659990 CET | 53 | 60135 | 8.8.8.8 | 192.168.2.3 |
Jan 14, 2022 09:54:28.596005917 CET | 49849 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 14, 2022 09:54:28.613475084 CET | 53 | 49849 | 8.8.8.8 | 192.168.2.3 |
Jan 14, 2022 09:54:30.029385090 CET | 60253 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 14, 2022 09:54:30.048664093 CET | 53 | 60253 | 8.8.8.8 | 192.168.2.3 |
Jan 14, 2022 09:54:31.352067947 CET | 58706 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 14, 2022 09:54:31.371239901 CET | 53 | 58706 | 8.8.8.8 | 192.168.2.3 |
Jan 14, 2022 09:54:32.648261070 CET | 62677 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 14, 2022 09:54:32.668024063 CET | 53 | 62677 | 8.8.8.8 | 192.168.2.3 |
Jan 14, 2022 09:54:34.090576887 CET | 62595 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 14, 2022 09:54:34.109834909 CET | 53 | 62595 | 8.8.8.8 | 192.168.2.3 |
Jan 14, 2022 09:54:35.436048031 CET | 51189 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 14, 2022 09:54:35.455698967 CET | 53 | 51189 | 8.8.8.8 | 192.168.2.3 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Jan 14, 2022 09:52:38.638278008 CET | 192.168.2.3 | 8.8.8.8 | 0x73a6 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 09:52:40.178615093 CET | 192.168.2.3 | 8.8.8.8 | 0x2372 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 09:52:41.491287947 CET | 192.168.2.3 | 8.8.8.8 | 0x22db | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 09:52:42.955676079 CET | 192.168.2.3 | 8.8.8.8 | 0x10bc | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 09:52:44.396620035 CET | 192.168.2.3 | 8.8.8.8 | 0x81aa | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 09:52:46.228964090 CET | 192.168.2.3 | 8.8.8.8 | 0x43fd | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 09:52:48.792082071 CET | 192.168.2.3 | 8.8.8.8 | 0xfaa3 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 09:52:50.168030977 CET | 192.168.2.3 | 8.8.8.8 | 0x44d | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 09:52:51.662257910 CET | 192.168.2.3 | 8.8.8.8 | 0xade | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 09:52:53.089287043 CET | 192.168.2.3 | 8.8.8.8 | 0x8db2 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 09:52:54.513963938 CET | 192.168.2.3 | 8.8.8.8 | 0xc253 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 09:52:57.062278032 CET | 192.168.2.3 | 8.8.8.8 | 0xc65e | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 09:52:59.459840059 CET | 192.168.2.3 | 8.8.8.8 | 0xc212 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 09:53:01.961615086 CET | 192.168.2.3 | 8.8.8.8 | 0x791e | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 09:53:03.698502064 CET | 192.168.2.3 | 8.8.8.8 | 0x96c6 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 09:53:06.771358013 CET | 192.168.2.3 | 8.8.8.8 | 0x44e | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 09:53:08.452569008 CET | 192.168.2.3 | 8.8.8.8 | 0xd242 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 09:53:10.127753973 CET | 192.168.2.3 | 8.8.8.8 | 0xe5aa | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 09:53:11.543363094 CET | 192.168.2.3 | 8.8.8.8 | 0x5691 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 09:53:13.143388033 CET | 192.168.2.3 | 8.8.8.8 | 0x7cc9 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 09:53:14.991425037 CET | 192.168.2.3 | 8.8.8.8 | 0x7ef9 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 09:53:16.526405096 CET | 192.168.2.3 | 8.8.8.8 | 0x6ba7 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 09:53:18.082562923 CET | 192.168.2.3 | 8.8.8.8 | 0x89d | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 09:53:19.696553946 CET | 192.168.2.3 | 8.8.8.8 | 0x6477 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 09:53:21.026103020 CET | 192.168.2.3 | 8.8.8.8 | 0x5995 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 09:53:22.642846107 CET | 192.168.2.3 | 8.8.8.8 | 0xdc3b | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 09:53:25.096461058 CET | 192.168.2.3 | 8.8.8.8 | 0xbb7a | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 09:53:26.482763052 CET | 192.168.2.3 | 8.8.8.8 | 0xe699 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 09:53:27.923367977 CET | 192.168.2.3 | 8.8.8.8 | 0x9470 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 09:53:29.277138948 CET | 192.168.2.3 | 8.8.8.8 | 0xc434 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 09:53:32.222469091 CET | 192.168.2.3 | 8.8.8.8 | 0x2c67 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 09:53:34.646564960 CET | 192.168.2.3 | 8.8.8.8 | 0x502b | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 09:53:38.370861053 CET | 192.168.2.3 | 8.8.8.8 | 0x34b2 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 09:53:42.318813086 CET | 192.168.2.3 | 8.8.8.8 | 0x2d60 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 09:53:50.238415003 CET | 192.168.2.3 | 8.8.8.8 | 0x9197 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 09:53:54.120655060 CET | 192.168.2.3 | 8.8.8.8 | 0xb7c1 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 09:53:56.889389038 CET | 192.168.2.3 | 8.8.8.8 | 0x33b5 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 09:53:59.456651926 CET | 192.168.2.3 | 8.8.8.8 | 0x9b3c | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 09:54:01.937850952 CET | 192.168.2.3 | 8.8.8.8 | 0x41cf | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 09:54:03.356400967 CET | 192.168.2.3 | 8.8.8.8 | 0x48f0 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 09:54:04.759175062 CET | 192.168.2.3 | 8.8.8.8 | 0x2242 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 09:54:07.453048944 CET | 192.168.2.3 | 8.8.8.8 | 0xc831 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 09:54:10.560174942 CET | 192.168.2.3 | 8.8.8.8 | 0x389 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 09:54:14.424412966 CET | 192.168.2.3 | 8.8.8.8 | 0xd0be | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 09:54:16.826210022 CET | 192.168.2.3 | 8.8.8.8 | 0x8155 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 09:54:20.161289930 CET | 192.168.2.3 | 8.8.8.8 | 0xfb07 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 09:54:22.129714012 CET | 192.168.2.3 | 8.8.8.8 | 0x2293 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 09:54:24.605570078 CET | 192.168.2.3 | 8.8.8.8 | 0xf44e | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 09:54:25.971417904 CET | 192.168.2.3 | 8.8.8.8 | 0x85e0 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 09:54:27.306365967 CET | 192.168.2.3 | 8.8.8.8 | 0x50f2 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 09:54:28.596005917 CET | 192.168.2.3 | 8.8.8.8 | 0xebb1 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 09:54:30.029385090 CET | 192.168.2.3 | 8.8.8.8 | 0x1a9a | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 09:54:31.352067947 CET | 192.168.2.3 | 8.8.8.8 | 0x371e | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 09:54:32.648261070 CET | 192.168.2.3 | 8.8.8.8 | 0xf39e | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 09:54:34.090576887 CET | 192.168.2.3 | 8.8.8.8 | 0x1648 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 09:54:35.436048031 CET | 192.168.2.3 | 8.8.8.8 | 0x4a4b | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Jan 14, 2022 09:52:38.657176971 CET | 8.8.8.8 | 192.168.2.3 | 0x73a6 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 09:52:40.198261976 CET | 8.8.8.8 | 192.168.2.3 | 0x2372 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 09:52:41.610778093 CET | 8.8.8.8 | 192.168.2.3 | 0x22db | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 09:52:43.096473932 CET | 8.8.8.8 | 192.168.2.3 | 0x10bc | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 09:52:44.515840054 CET | 8.8.8.8 | 192.168.2.3 | 0x81aa | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 09:52:46.248193026 CET | 8.8.8.8 | 192.168.2.3 | 0x43fd | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 09:52:48.809930086 CET | 8.8.8.8 | 192.168.2.3 | 0xfaa3 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 09:52:50.185595036 CET | 8.8.8.8 | 192.168.2.3 | 0x44d | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 09:52:51.680947065 CET | 8.8.8.8 | 192.168.2.3 | 0xade | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 09:52:53.108489990 CET | 8.8.8.8 | 192.168.2.3 | 0x8db2 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 09:52:54.534598112 CET | 8.8.8.8 | 192.168.2.3 | 0xc253 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 09:52:57.081229925 CET | 8.8.8.8 | 192.168.2.3 | 0xc65e | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 09:52:59.479227066 CET | 8.8.8.8 | 192.168.2.3 | 0xc212 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 09:53:01.981122017 CET | 8.8.8.8 | 192.168.2.3 | 0x791e | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 09:53:03.715970993 CET | 8.8.8.8 | 192.168.2.3 | 0x96c6 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 09:53:06.790982008 CET | 8.8.8.8 | 192.168.2.3 | 0x44e | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 09:53:08.471786976 CET | 8.8.8.8 | 192.168.2.3 | 0xd242 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 09:53:10.148004055 CET | 8.8.8.8 | 192.168.2.3 | 0xe5aa | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 09:53:11.562706947 CET | 8.8.8.8 | 192.168.2.3 | 0x5691 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 09:53:13.262392044 CET | 8.8.8.8 | 192.168.2.3 | 0x7cc9 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 09:53:15.010253906 CET | 8.8.8.8 | 192.168.2.3 | 0x7ef9 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 09:53:16.543914080 CET | 8.8.8.8 | 192.168.2.3 | 0x6ba7 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 09:53:18.101998091 CET | 8.8.8.8 | 192.168.2.3 | 0x89d | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 09:53:19.715605974 CET | 8.8.8.8 | 192.168.2.3 | 0x6477 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 09:53:21.045577049 CET | 8.8.8.8 | 192.168.2.3 | 0x5995 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 09:53:22.662409067 CET | 8.8.8.8 | 192.168.2.3 | 0xdc3b | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 09:53:25.115611076 CET | 8.8.8.8 | 192.168.2.3 | 0xbb7a | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 09:53:26.502017975 CET | 8.8.8.8 | 192.168.2.3 | 0xe699 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 09:53:27.941533089 CET | 8.8.8.8 | 192.168.2.3 | 0x9470 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 09:53:29.298034906 CET | 8.8.8.8 | 192.168.2.3 | 0xc434 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 09:53:32.240061998 CET | 8.8.8.8 | 192.168.2.3 | 0x2c67 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 09:53:34.666029930 CET | 8.8.8.8 | 192.168.2.3 | 0x502b | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 09:53:38.389735937 CET | 8.8.8.8 | 192.168.2.3 | 0x34b2 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 09:53:42.336323023 CET | 8.8.8.8 | 192.168.2.3 | 0x2d60 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 09:53:50.257669926 CET | 8.8.8.8 | 192.168.2.3 | 0x9197 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 09:53:54.140160084 CET | 8.8.8.8 | 192.168.2.3 | 0xb7c1 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 09:53:56.908751011 CET | 8.8.8.8 | 192.168.2.3 | 0x33b5 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 09:53:59.475377083 CET | 8.8.8.8 | 192.168.2.3 | 0x9b3c | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 09:54:01.956938028 CET | 8.8.8.8 | 192.168.2.3 | 0x41cf | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 09:54:03.375410080 CET | 8.8.8.8 | 192.168.2.3 | 0x48f0 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 09:54:04.778942108 CET | 8.8.8.8 | 192.168.2.3 | 0x2242 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 09:54:07.472659111 CET | 8.8.8.8 | 192.168.2.3 | 0xc831 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 09:54:10.580290079 CET | 8.8.8.8 | 192.168.2.3 | 0x389 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 09:54:14.443897963 CET | 8.8.8.8 | 192.168.2.3 | 0xd0be | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 09:54:16.845690966 CET | 8.8.8.8 | 192.168.2.3 | 0x8155 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 09:54:20.180885077 CET | 8.8.8.8 | 192.168.2.3 | 0xfb07 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 09:54:22.149153948 CET | 8.8.8.8 | 192.168.2.3 | 0x2293 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 09:54:24.624635935 CET | 8.8.8.8 | 192.168.2.3 | 0xf44e | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 09:54:25.991489887 CET | 8.8.8.8 | 192.168.2.3 | 0x85e0 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 09:54:27.325659990 CET | 8.8.8.8 | 192.168.2.3 | 0x50f2 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 09:54:28.613475084 CET | 8.8.8.8 | 192.168.2.3 | 0xebb1 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 09:54:30.048664093 CET | 8.8.8.8 | 192.168.2.3 | 0x1a9a | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 09:54:31.371239901 CET | 8.8.8.8 | 192.168.2.3 | 0x371e | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 09:54:32.668024063 CET | 8.8.8.8 | 192.168.2.3 | 0xf39e | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 09:54:34.109834909 CET | 8.8.8.8 | 192.168.2.3 | 0x1648 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 09:54:35.455698967 CET | 8.8.8.8 | 192.168.2.3 | 0x4a4b | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) |
HTTP Request Dependency Graph |
---|
|
HTTP Packets |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.3 | 49742 | 104.223.93.105 | 80 | C:\Users\user\Desktop\QUOTAZIONEpdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 09:52:38.800709009 CET | 1104 | OUT | |
Jan 14, 2022 09:52:38.925797939 CET | 1105 | OUT | |
Jan 14, 2022 09:52:39.061507940 CET | 1105 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.2.3 | 49743 | 104.223.93.105 | 80 | C:\Users\user\Desktop\QUOTAZIONEpdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 09:52:40.325541973 CET | 1106 | OUT | |
Jan 14, 2022 09:52:40.452498913 CET | 1106 | OUT | |
Jan 14, 2022 09:52:40.603960991 CET | 1106 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
10 | 192.168.2.3 | 49752 | 104.223.93.105 | 80 | C:\Users\user\Desktop\QUOTAZIONEpdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 09:52:54.669015884 CET | 1121 | OUT | |
Jan 14, 2022 09:52:54.793697119 CET | 1121 | OUT | |
Jan 14, 2022 09:52:54.926312923 CET | 1122 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
11 | 192.168.2.3 | 49755 | 104.223.93.105 | 80 | C:\Users\user\Desktop\QUOTAZIONEpdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 09:52:57.212577105 CET | 1145 | OUT | |
Jan 14, 2022 09:52:57.335104942 CET | 1146 | OUT | |
Jan 14, 2022 09:52:57.467825890 CET | 1146 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
12 | 192.168.2.3 | 49756 | 104.223.93.105 | 80 | C:\Users\user\Desktop\QUOTAZIONEpdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 09:52:59.611439943 CET | 1147 | OUT | |
Jan 14, 2022 09:52:59.738571882 CET | 1147 | OUT | |
Jan 14, 2022 09:52:59.868741035 CET | 1147 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
13 | 192.168.2.3 | 49757 | 104.223.93.105 | 80 | C:\Users\user\Desktop\QUOTAZIONEpdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 09:53:02.120827913 CET | 1148 | OUT | |
Jan 14, 2022 09:53:02.245347023 CET | 1148 | OUT | |
Jan 14, 2022 09:53:02.376370907 CET | 1149 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
14 | 192.168.2.3 | 49758 | 104.223.93.105 | 80 | C:\Users\user\Desktop\QUOTAZIONEpdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 09:53:03.980417013 CET | 1149 | OUT | |
Jan 14, 2022 09:53:04.106193066 CET | 1150 | OUT | |
Jan 14, 2022 09:53:04.236856937 CET | 1150 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
15 | 192.168.2.3 | 49759 | 104.223.93.105 | 80 | C:\Users\user\Desktop\QUOTAZIONEpdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 09:53:06.924773932 CET | 1151 | OUT | |
Jan 14, 2022 09:53:07.074510098 CET | 1151 | OUT | |
Jan 14, 2022 09:53:07.233124971 CET | 1151 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
16 | 192.168.2.3 | 49760 | 104.223.93.105 | 80 | C:\Users\user\Desktop\QUOTAZIONEpdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 09:53:08.606764078 CET | 1152 | OUT | |
Jan 14, 2022 09:53:08.732410908 CET | 1153 | OUT | |
Jan 14, 2022 09:53:08.864233971 CET | 1153 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
17 | 192.168.2.3 | 49761 | 104.223.93.105 | 80 | C:\Users\user\Desktop\QUOTAZIONEpdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 09:53:10.307977915 CET | 1154 | OUT | |
Jan 14, 2022 09:53:10.502069950 CET | 1154 | OUT | |
Jan 14, 2022 09:53:10.631426096 CET | 1154 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
18 | 192.168.2.3 | 49762 | 104.223.93.105 | 80 | C:\Users\user\Desktop\QUOTAZIONEpdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 09:53:11.692209005 CET | 1155 | OUT | |
Jan 14, 2022 09:53:11.815228939 CET | 1155 | OUT | |
Jan 14, 2022 09:53:11.946695089 CET | 1156 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
19 | 192.168.2.3 | 49763 | 104.223.93.105 | 80 | C:\Users\user\Desktop\QUOTAZIONEpdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 09:53:13.390691996 CET | 1156 | OUT | |
Jan 14, 2022 09:53:13.515346050 CET | 1157 | OUT | |
Jan 14, 2022 09:53:13.657711029 CET | 1157 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
2 | 192.168.2.3 | 49744 | 104.223.93.105 | 80 | C:\Users\user\Desktop\QUOTAZIONEpdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 09:52:41.740730047 CET | 1107 | OUT | |
Jan 14, 2022 09:52:41.864794016 CET | 1108 | OUT | |
Jan 14, 2022 09:52:41.998064995 CET | 1108 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
20 | 192.168.2.3 | 49764 | 104.223.93.105 | 80 | C:\Users\user\Desktop\QUOTAZIONEpdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 09:53:15.147551060 CET | 1158 | OUT | |
Jan 14, 2022 09:53:15.271997929 CET | 1158 | OUT | |
Jan 14, 2022 09:53:15.406161070 CET | 1158 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
21 | 192.168.2.3 | 49765 | 104.223.93.105 | 80 | C:\Users\user\Desktop\QUOTAZIONEpdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 09:53:16.674288988 CET | 1159 | OUT | |
Jan 14, 2022 09:53:16.798804998 CET | 1159 | OUT | |
Jan 14, 2022 09:53:16.934175968 CET | 1160 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
22 | 192.168.2.3 | 49766 | 104.223.93.105 | 80 | C:\Users\user\Desktop\QUOTAZIONEpdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 09:53:18.230034113 CET | 1161 | OUT | |
Jan 14, 2022 09:53:18.352592945 CET | 1163 | OUT | |
Jan 14, 2022 09:53:18.484214067 CET | 1163 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
23 | 192.168.2.3 | 49770 | 104.223.93.105 | 80 | C:\Users\user\Desktop\QUOTAZIONEpdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 09:53:19.843821049 CET | 1166 | OUT | |
Jan 14, 2022 09:53:19.966540098 CET | 1167 | OUT | |
Jan 14, 2022 09:53:20.097187996 CET | 1167 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
24 | 192.168.2.3 | 49771 | 104.223.93.105 | 80 | C:\Users\user\Desktop\QUOTAZIONEpdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 09:53:21.176589966 CET | 1168 | OUT | |
Jan 14, 2022 09:53:21.303132057 CET | 1168 | OUT | |
Jan 14, 2022 09:53:21.435849905 CET | 1168 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
25 | 192.168.2.3 | 49772 | 104.223.93.105 | 80 | C:\Users\user\Desktop\QUOTAZIONEpdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 09:53:22.793267965 CET | 1169 | OUT | |
Jan 14, 2022 09:53:22.920172930 CET | 1170 | OUT | |
Jan 14, 2022 09:53:23.150387049 CET | 1170 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
26 | 192.168.2.3 | 49773 | 104.223.93.105 | 80 | C:\Users\user\Desktop\QUOTAZIONEpdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 09:53:25.250387907 CET | 1171 | OUT | |
Jan 14, 2022 09:53:25.374854088 CET | 1171 | OUT | |
Jan 14, 2022 09:53:25.508188009 CET | 1171 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
27 | 192.168.2.3 | 49775 | 104.223.93.105 | 80 | C:\Users\user\Desktop\QUOTAZIONEpdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 09:53:26.628571033 CET | 1245 | OUT | |
Jan 14, 2022 09:53:26.751445055 CET | 1251 | OUT | |
Jan 14, 2022 09:53:26.881258965 CET | 1298 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
28 | 192.168.2.3 | 49781 | 104.223.93.105 | 80 | C:\Users\user\Desktop\QUOTAZIONEpdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 09:53:28.069977045 CET | 1431 | OUT | |
Jan 14, 2022 09:53:28.194595098 CET | 1463 | OUT | |
Jan 14, 2022 09:53:28.325772047 CET | 1465 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
29 | 192.168.2.3 | 49789 | 104.223.93.105 | 80 | C:\Users\user\Desktop\QUOTAZIONEpdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 09:53:29.435189962 CET | 1800 | OUT | |
Jan 14, 2022 09:53:29.567574978 CET | 1910 | OUT | |
Jan 14, 2022 09:53:29.699652910 CET | 1912 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
3 | 192.168.2.3 | 49745 | 104.223.93.105 | 80 | C:\Users\user\Desktop\QUOTAZIONEpdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 09:52:43.225955009 CET | 1109 | OUT | |
Jan 14, 2022 09:52:43.349733114 CET | 1109 | OUT | |
Jan 14, 2022 09:52:43.481673956 CET | 1109 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
30 | 192.168.2.3 | 49806 | 104.223.93.105 | 80 | C:\Users\user\Desktop\QUOTAZIONEpdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 09:53:32.376585007 CET | 1984 | OUT | |
Jan 14, 2022 09:53:32.501925945 CET | 1985 | OUT | |
Jan 14, 2022 09:53:32.632582903 CET | 1987 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
31 | 192.168.2.3 | 49813 | 104.223.93.105 | 80 | C:\Users\user\Desktop\QUOTAZIONEpdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 09:53:34.797107935 CET | 2000 | OUT | |
Jan 14, 2022 09:53:34.921205997 CET | 2000 | OUT | |
Jan 14, 2022 09:53:35.055516958 CET | 2000 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
32 | 192.168.2.3 | 49814 | 104.223.93.105 | 80 | C:\Users\user\Desktop\QUOTAZIONEpdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 09:53:38.518335104 CET | 2001 | OUT | |
Jan 14, 2022 09:53:38.642458916 CET | 2001 | OUT | |
Jan 14, 2022 09:53:38.778532028 CET | 2002 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
33 | 192.168.2.3 | 49815 | 104.223.93.105 | 80 | C:\Users\user\Desktop\QUOTAZIONEpdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 09:53:42.966613054 CET | 2003 | OUT | |
Jan 14, 2022 09:53:43.102488041 CET | 2003 | OUT | |
Jan 14, 2022 09:53:43.286082029 CET | 2005 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
34 | 192.168.2.3 | 49821 | 104.223.93.105 | 80 | C:\Users\user\Desktop\QUOTAZIONEpdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 09:53:50.386625051 CET | 9596 | OUT | |
Jan 14, 2022 09:53:50.509305954 CET | 9596 | OUT | |
Jan 14, 2022 09:53:50.642754078 CET | 9596 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
35 | 192.168.2.3 | 49822 | 104.223.93.105 | 80 | C:\Users\user\Desktop\QUOTAZIONEpdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 09:53:54.269267082 CET | 9597 | OUT | |
Jan 14, 2022 09:53:54.395328999 CET | 9597 | OUT | |
Jan 14, 2022 09:53:54.529158115 CET | 9598 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
36 | 192.168.2.3 | 49824 | 104.223.93.105 | 80 | C:\Users\user\Desktop\QUOTAZIONEpdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 09:53:57.036107063 CET | 10122 | OUT | |
Jan 14, 2022 09:53:57.158740997 CET | 10273 | OUT | |
Jan 14, 2022 09:53:57.289953947 CET | 10273 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
37 | 192.168.2.3 | 49825 | 104.223.93.105 | 80 | C:\Users\user\Desktop\QUOTAZIONEpdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 09:53:59.975080013 CET | 10274 | OUT | |
Jan 14, 2022 09:54:00.099469900 CET | 10274 | OUT | |
Jan 14, 2022 09:54:00.267862082 CET | 10274 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
38 | 192.168.2.3 | 49826 | 104.223.93.105 | 80 | C:\Users\user\Desktop\QUOTAZIONEpdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 09:54:02.086796045 CET | 10275 | OUT | |
Jan 14, 2022 09:54:02.212654114 CET | 10275 | OUT | |
Jan 14, 2022 09:54:02.343744040 CET | 10276 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
39 | 192.168.2.3 | 49832 | 104.223.93.105 | 80 | C:\Users\user\Desktop\QUOTAZIONEpdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 09:54:03.505878925 CET | 10288 | OUT | |
Jan 14, 2022 09:54:03.630158901 CET | 10289 | OUT | |
Jan 14, 2022 09:54:03.763714075 CET | 10292 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
4 | 192.168.2.3 | 49746 | 104.223.93.105 | 80 | C:\Users\user\Desktop\QUOTAZIONEpdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 09:52:44.662959099 CET | 1110 | OUT | |
Jan 14, 2022 09:52:44.787275076 CET | 1110 | OUT | |
Jan 14, 2022 09:52:44.925323009 CET | 1111 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
40 | 192.168.2.3 | 49840 | 104.223.93.105 | 80 | C:\Users\user\Desktop\QUOTAZIONEpdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 09:54:04.907351017 CET | 10305 | OUT | |
Jan 14, 2022 09:54:05.030078888 CET | 10307 | OUT | |
Jan 14, 2022 09:54:05.161437035 CET | 10309 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
41 | 192.168.2.3 | 49852 | 104.223.93.105 | 80 | C:\Users\user\Desktop\QUOTAZIONEpdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 09:54:07.608302116 CET | 10337 | OUT | |
Jan 14, 2022 09:54:07.732930899 CET | 10337 | OUT | |
Jan 14, 2022 09:54:07.866544008 CET | 10338 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
42 | 192.168.2.3 | 49853 | 104.223.93.105 | 80 | C:\Users\user\Desktop\QUOTAZIONEpdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 09:54:10.712951899 CET | 10338 | OUT | |
Jan 14, 2022 09:54:10.835877895 CET | 10339 | OUT | |
Jan 14, 2022 09:54:10.966197014 CET | 10339 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
43 | 192.168.2.3 | 49854 | 104.223.93.105 | 80 | C:\Users\user\Desktop\QUOTAZIONEpdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 09:54:14.681171894 CET | 10340 | OUT | |
Jan 14, 2022 09:54:14.805303097 CET | 10340 | OUT | |
Jan 14, 2022 09:54:14.940711975 CET | 10340 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
44 | 192.168.2.3 | 49855 | 104.223.93.105 | 80 | C:\Users\user\Desktop\QUOTAZIONEpdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 09:54:17.053160906 CET | 10341 | OUT | |
Jan 14, 2022 09:54:17.180231094 CET | 10342 | OUT | |
Jan 14, 2022 09:54:17.313810110 CET | 10342 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
45 | 192.168.2.3 | 49856 | 104.223.93.105 | 80 | C:\Users\user\Desktop\QUOTAZIONEpdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 09:54:20.315522909 CET | 10343 | OUT | |
Jan 14, 2022 09:54:20.439775944 CET | 10344 | OUT | |
Jan 14, 2022 09:54:20.574155092 CET | 10344 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
46 | 192.168.2.3 | 49857 | 104.223.93.105 | 80 | C:\Users\user\Desktop\QUOTAZIONEpdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 09:54:22.278675079 CET | 10345 | OUT | |
Jan 14, 2022 09:54:22.414038897 CET | 10345 | OUT | |
Jan 14, 2022 09:54:22.548707962 CET | 10345 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
47 | 192.168.2.3 | 49858 | 104.223.93.105 | 80 | C:\Users\user\Desktop\QUOTAZIONEpdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 09:54:24.759273052 CET | 10346 | OUT | |
Jan 14, 2022 09:54:24.883680105 CET | 10346 | OUT | |
Jan 14, 2022 09:54:25.014372110 CET | 10347 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
48 | 192.168.2.3 | 49859 | 104.223.93.105 | 80 | C:\Users\user\Desktop\QUOTAZIONEpdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 09:54:26.128942013 CET | 10347 | OUT | |
Jan 14, 2022 09:54:26.256269932 CET | 10348 | OUT | |
Jan 14, 2022 09:54:26.390346050 CET | 10348 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
49 | 192.168.2.3 | 49860 | 104.223.93.105 | 80 | C:\Users\user\Desktop\QUOTAZIONEpdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 09:54:27.459033012 CET | 10349 | OUT | |
Jan 14, 2022 09:54:27.583146095 CET | 10349 | OUT | |
Jan 14, 2022 09:54:27.717861891 CET | 10349 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
5 | 192.168.2.3 | 49747 | 104.223.93.105 | 80 | C:\Users\user\Desktop\QUOTAZIONEpdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 09:52:46.652462959 CET | 1111 | OUT | |
Jan 14, 2022 09:52:46.776705980 CET | 1112 | OUT | |
Jan 14, 2022 09:52:46.909101009 CET | 1112 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
50 | 192.168.2.3 | 49861 | 104.223.93.105 | 80 | C:\Users\user\Desktop\QUOTAZIONEpdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 09:54:28.746130943 CET | 10350 | OUT | |
Jan 14, 2022 09:54:28.882826090 CET | 10351 | OUT | |
Jan 14, 2022 09:54:29.017143965 CET | 10351 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
51 | 192.168.2.3 | 49862 | 104.223.93.105 | 80 | C:\Users\user\Desktop\QUOTAZIONEpdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 09:54:30.197088957 CET | 10352 | OUT | |
Jan 14, 2022 09:54:30.321491957 CET | 10352 | OUT | |
Jan 14, 2022 09:54:30.453828096 CET | 10352 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
52 | 192.168.2.3 | 49863 | 104.223.93.105 | 80 | C:\Users\user\Desktop\QUOTAZIONEpdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 09:54:31.498490095 CET | 10353 | OUT | |
Jan 14, 2022 09:54:31.621882915 CET | 10353 | OUT | |
Jan 14, 2022 09:54:31.754610062 CET | 10354 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
53 | 192.168.2.3 | 49864 | 104.223.93.105 | 80 | C:\Users\user\Desktop\QUOTAZIONEpdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 09:54:32.828735113 CET | 10355 | OUT | |
Jan 14, 2022 09:54:32.953716993 CET | 10355 | OUT | |
Jan 14, 2022 09:54:33.107048988 CET | 10355 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
54 | 192.168.2.3 | 49865 | 104.223.93.105 | 80 | C:\Users\user\Desktop\QUOTAZIONEpdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 09:54:34.246263981 CET | 10356 | OUT | |
Jan 14, 2022 09:54:34.371715069 CET | 10356 | OUT | |
Jan 14, 2022 09:54:34.502947092 CET | 10357 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
55 | 192.168.2.3 | 49866 | 104.223.93.105 | 80 | C:\Users\user\Desktop\QUOTAZIONEpdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 09:54:35.583282948 CET | 10357 | OUT | |
Jan 14, 2022 09:54:35.705868959 CET | 10358 | OUT | |
Jan 14, 2022 09:54:35.838768005 CET | 10358 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
6 | 192.168.2.3 | 49748 | 104.223.93.105 | 80 | C:\Users\user\Desktop\QUOTAZIONEpdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 09:52:48.938221931 CET | 1113 | OUT | |
Jan 14, 2022 09:52:49.060915947 CET | 1113 | OUT | |
Jan 14, 2022 09:52:49.243886948 CET | 1113 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
7 | 192.168.2.3 | 49749 | 104.223.93.105 | 80 | C:\Users\user\Desktop\QUOTAZIONEpdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 09:52:50.316401958 CET | 1114 | OUT | |
Jan 14, 2022 09:52:50.509278059 CET | 1115 | OUT | |
Jan 14, 2022 09:52:50.639916897 CET | 1115 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
8 | 192.168.2.3 | 49750 | 104.223.93.105 | 80 | C:\Users\user\Desktop\QUOTAZIONEpdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 09:52:51.814681053 CET | 1116 | OUT | |
Jan 14, 2022 09:52:51.939326048 CET | 1116 | OUT | |
Jan 14, 2022 09:52:52.091804981 CET | 1116 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
9 | 192.168.2.3 | 49751 | 104.223.93.105 | 80 | C:\Users\user\Desktop\QUOTAZIONEpdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 09:52:53.249068975 CET | 1117 | OUT | |
Jan 14, 2022 09:52:53.402760029 CET | 1117 | OUT | |
Jan 14, 2022 09:52:53.547552109 CET | 1118 | IN |
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
High Level Behavior Distribution |
---|
back
Click to dive into process behavior distribution
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 09:52:29 |
Start date: | 14/01/2022 |
Path: | C:\Users\user\Desktop\QUOTAZIONEpdf.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 250601 bytes |
MD5 hash: | 23B85C2F43B23B57411E4F4366A10B25 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
General |
---|
Start time: | 09:52:31 |
Start date: | 14/01/2022 |
Path: | C:\Users\user\Desktop\QUOTAZIONEpdf.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 250601 bytes |
MD5 hash: | 23B85C2F43B23B57411E4F4366A10B25 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Disassembly |
---|
Code Analysis |
---|
Execution Graph |
---|
Execution Coverage: | 11.9% |
Dynamic/Decrypted Code Coverage: | 6.1% |
Signature Coverage: | 22.2% |
Total number of Nodes: | 1336 |
Total number of Limit Nodes: | 25 |
Graph
Executed Functions |
---|
Function 00403225, Relevance: 70.3, APIs: 23, Strings: 17, Instructions: 270filestringcomCOMMON
Control-flow Graph |
---|
C-Code - Quality: 82% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004053AA, Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 156filestringCOMMON
Control-flow Graph |
---|
C-Code - Quality: 94% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
C-Code - Quality: 98% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405D7C, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
Control-flow Graph |
---|
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004035E3, Relevance: 51.0, APIs: 15, Strings: 14, Instructions: 213stringregistrylibraryCOMMON
Control-flow Graph |
---|
C-Code - Quality: 96% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402C5B, Relevance: 26.5, APIs: 5, Strings: 10, Instructions: 203memoryCOMMON
Control-flow Graph |
---|
C-Code - Quality: 96% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401734, Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 147stringtimeCOMMON
Control-flow Graph |
---|
C-Code - Quality: 75% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402F01, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 109fileCOMMON
Control-flow Graph |
---|
C-Code - Quality: 93% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040302C, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 108fileCOMMON
Control-flow Graph |
---|
C-Code - Quality: 94% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401F51, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 69libraryloaderCOMMON
Control-flow Graph |
---|
C-Code - Quality: 57% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
C-Code - Quality: 85% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
C-Code - Quality: 76% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
C-Code - Quality: 84% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406481, Relevance: 5.2, APIs: 4, Instructions: 236COMMON
Control-flow Graph |
---|
C-Code - Quality: 99% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406682, Relevance: 5.2, APIs: 4, Instructions: 208COMMON
C-Code - Quality: 98% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406398, Relevance: 5.2, APIs: 4, Instructions: 205COMMON
C-Code - Quality: 98% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405E9D, Relevance: 5.2, APIs: 4, Instructions: 198COMMON
C-Code - Quality: 98% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004062EB, Relevance: 5.2, APIs: 4, Instructions: 180COMMON
C-Code - Quality: 98% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406409, Relevance: 5.2, APIs: 4, Instructions: 170COMMON
C-Code - Quality: 98% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406355, Relevance: 5.2, APIs: 4, Instructions: 168COMMON
C-Code - Quality: 98% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401389, Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
C-Code - Quality: 69% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040575C, Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
C-Code - Quality: 68% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040573D, Relevance: 3.0, APIs: 2, Instructions: 9COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004031A8, Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004031DA, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 00404F61, Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 278windowclipboardmemoryCOMMON
C-Code - Quality: 95% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404772, Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 478windowmemoryCOMMONCrypto
C-Code - Quality: 97% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404275, Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 266stringCOMMON
C-Code - Quality: 78% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405AA7, Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 195stringCOMMON
C-Code - Quality: 74% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402012, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 134comCOMMON
C-Code - Quality: 74% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402630, Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
C-Code - Quality: 39% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0019E79A, Relevance: .2, Instructions: 196COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0019E9AE, Relevance: .1, Instructions: 61COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0019EA9E, Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0019EADC, Relevance: .0, Instructions: 23COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0019EA5F, Relevance: .0, Instructions: 7COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 83% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403F7F, Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 204windowstringCOMMON
C-Code - Quality: 93% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 90% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004057D3, Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 144filememoryCOMMON
C-Code - Quality: 93% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403E9E, Relevance: 12.1, APIs: 8, Instructions: 61COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 93% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004046F2, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402B2D, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004022F5, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71registrystringCOMMON
C-Code - Quality: 90% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 84% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401CC1, Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404610, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78stringCOMMON
C-Code - Quality: 51% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401BAD, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
C-Code - Quality: 51% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004052E5, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 24processCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405578, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401EC5, Relevance: 6.1, APIs: 4, Instructions: 54memoryCOMMON
C-Code - Quality: 85% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401D1B, Relevance: 6.0, APIs: 4, Instructions: 34COMMON
C-Code - Quality: 67% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404D73, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004024B0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34filestringCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004055BF, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004056D1, Relevance: 5.0, APIs: 4, Instructions: 30stringCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph |
---|
Execution Coverage: | 31.3% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 2.3% |
Total number of Nodes: | 1846 |
Total number of Limit Nodes: | 92 |
Graph
Executed Functions |
---|
Function 00403D74, Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 200fileCOMMON
Control-flow Graph |
---|
C-Code - Quality: 85% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 78% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402B7C, Relevance: 3.0, APIs: 2, Instructions: 20memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406069, Relevance: 1.5, APIs: 1, Instructions: 12COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404ED4, Relevance: 1.5, APIs: 1, Instructions: 9networkCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
C-Code - Quality: 75% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
C-Code - Quality: 37% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004040BB, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 129filememoryCOMMON
Control-flow Graph |
---|
C-Code - Quality: 74% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00413866, Relevance: 4.6, APIs: 3, Instructions: 147synchronizationCOMMON
C-Code - Quality: 79% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004042CF, Relevance: 4.6, APIs: 3, Instructions: 60fileCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00412D31, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 178threadCOMMON
C-Code - Quality: 34% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402C03, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 13libraryloaderCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 92% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402BAB, Relevance: 3.0, APIs: 2, Instructions: 11memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004060BD, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
C-Code - Quality: 40% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403C62, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040642C, Relevance: 1.5, APIs: 1, Instructions: 18COMMON
C-Code - Quality: 37% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 37% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403BD0, Relevance: 1.5, APIs: 1, Instructions: 14COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040427D, Relevance: 1.5, APIs: 1, Instructions: 13COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403C40, Relevance: 1.5, APIs: 1, Instructions: 12COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403C08, Relevance: 1.5, APIs: 1, Instructions: 12fileCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403BEF, Relevance: 1.5, APIs: 1, Instructions: 12COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403BB7, Relevance: 1.5, APIs: 1, Instructions: 12COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403B64, Relevance: 1.5, APIs: 1, Instructions: 11COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404DE5, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403F9E, Relevance: 1.3, APIs: 1, Instructions: 16COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406472, Relevance: 1.3, APIs: 1, Instructions: 12sleepCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004058EA, Relevance: 1.3, APIs: 1, Instructions: 12COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405924, Relevance: 1.3, APIs: 1, Instructions: 12COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 0040D069, Relevance: 12.6, Strings: 10, Instructions: 138COMMON
C-Code - Quality: 88% |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |