Windows Analysis Report Cotizaci#U00f3npdf.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Process Tree |
---|
|
Malware Configuration |
---|
Threatname: Lokibot |
---|
{"C2 list": ["http://kbfvzoboss.bid/alien/fre.php", "http://alphastand.trade/alien/fre.php", "http://alphastand.win/alien/fre.php", "http://alphastand.top/alien/fre.php"]}
Yara Overview |
---|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_aPLib_compressed_binary | Yara detected aPLib compressed binary | Joe Security | ||
JoeSecurity_Lokibot | Yara detected Lokibot | Joe Security | ||
Loki_1 | Loki Payload | kevoreilly |
| |
Lokibot | detect Lokibot in memory | JPCERT/CC Incident Response Group |
| |
Click to see the 37 entries |
Unpacked PEs |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
SUSP_XORed_URL_in_EXE | Detects an XORed URL in an executable | Florian Roth |
| |
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_aPLib_compressed_binary | Yara detected aPLib compressed binary | Joe Security | ||
JoeSecurity_Lokibot | Yara detected Lokibot | Joe Security | ||
Loki_1 | Loki Payload | kevoreilly |
| |
Click to see the 82 entries |
Sigma Overview |
---|
No Sigma rule has matched |
---|
Jbx Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Found malware configuration | Show sources |
Source: | Malware Configuration Extractor: |
Multi AV Scanner detection for submitted file | Show sources |
Source: | Virustotal: | Perma Link |
Antivirus detection for URL or domain | Show sources |
Source: | Avira URL Cloud: |
Multi AV Scanner detection for domain / URL | Show sources |
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link |
Machine Learning detection for sample | Show sources |
Source: | Joe Sandbox ML: |
Source: | Avira: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 0_2_00405D7C | |
Source: | Code function: | 0_2_004053AA | |
Source: | Code function: | 0_2_00402630 | |
Source: | Code function: | 1_2_00403D74 |
Networking: |
---|
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) | Show sources |
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: |
C2 URLs / IPs found in malware configuration | Show sources |
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: |
Source: | ASN Name: |
Source: | IP Address: | ||
Source: | IP Address: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | Code function: | 1_2_00404ED4 |
Source: | Code function: | 0_2_00404F61 |
System Summary: |
---|
Malicious sample detected (through community Yara rule) | Show sources |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Code function: | 0_2_00403225 |
Source: | Code function: | 0_2_0040604C | |
Source: | Code function: | 0_2_00404772 | |
Source: | Code function: | 1_2_0040549C | |
Source: | Code function: | 1_2_004029D4 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Virustotal: |
Source: | File read: | Jump to behavior |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Code function: | 1_2_0040650A |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | Code function: | 0_2_00402012 |
Source: | File read: | Jump to behavior |
Source: | Code function: | 0_2_00404275 |
Source: | Mutant created: |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Binary string: | ||
Source: | Binary string: |
Data Obfuscation: |
---|
Yara detected aPLib compressed binary | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Code function: | 0_2_7332102E | |
Source: | Code function: | 1_2_00402AD4 | |
Source: | Code function: | 1_2_00402AFC |
Source: | Code function: | 0_2_00405DA3 |
Source: | File created: | Jump to dropped file |
Hooking and other Techniques for Hiding and Protection: |
---|
Icon mismatch, binary includes an icon from a different legit application in order to fool users | Show sources |
Source: | Icon embedded in binary file: |
Source: | Registry key monitored for changes: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior |
Source: | Code function: | 0_2_00405D7C | |
Source: | Code function: | 0_2_004053AA | |
Source: | Code function: | 0_2_00402630 | |
Source: | Code function: | 1_2_00403D74 |
Source: | Thread delayed: | Jump to behavior |
Source: | API call chain: | graph_0-3610 | ||
Source: | API call chain: | graph_0-3611 |
Source: | Code function: | 0_2_00405DA3 |
Source: | Code function: | 1_2_00402B7C |
Source: | Process token adjusted: | Jump to behavior |
Source: | Code function: | 0_2_0019EA4E | |
Source: | Code function: | 0_2_0019E83A | |
Source: | Code function: | 0_2_0019EB7C | |
Source: | Code function: | 0_2_0019EAFF | |
Source: | Code function: | 0_2_0019EB3E | |
Source: | Code function: | 1_2_0040317B |
HIPS / PFW / Operating System Protection Evasion: |
---|
Injects a PE file into a foreign processes | Show sources |
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Key value queried: | Jump to behavior |
Source: | Code function: | 0_2_00405AA7 |
Source: | Code function: | 1_2_00406069 |
Stealing of Sensitive Information: |
---|
Yara detected Lokibot | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Tries to steal Mail credentials (via file / registry access) | Show sources |
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) | Show sources |
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Tries to harvest and steal ftp login credentials | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Tries to steal Mail credentials (via file registry) | Show sources |
Source: | Code function: | 1_2_0040D069 | |
Source: | Code function: | 1_2_0040D069 |
Tries to harvest and steal browser information (history, passwords, etc) | Show sources |
Source: | File opened: | Jump to behavior |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality: |
---|
Yara detected Lokibot | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Native API1 | Path Interception | Access Token Manipulation1 | Deobfuscate/Decode Files or Information1 | OS Credential Dumping2 | Account Discovery1 | Remote Services | Archive Collected Data1 | Exfiltration Over Other Network Medium | Ingress Tool Transfer3 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | System Shutdown/Reboot1 |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Process Injection112 | Obfuscated Files or Information2 | Credentials in Registry2 | File and Directory Discovery2 | Remote Desktop Protocol | Data from Local System2 | Exfiltration Over Bluetooth | Encrypted Channel1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Software Packing1 | Security Account Manager | System Information Discovery5 | SMB/Windows Admin Shares | Email Collection1 | Automated Exfiltration | Non-Application Layer Protocol3 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Masquerading11 | NTDS | Query Registry1 | Distributed Component Object Model | Clipboard Data1 | Scheduled Transfer | Application Layer Protocol113 | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Virtualization/Sandbox Evasion11 | LSA Secrets | Security Software Discovery1 | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Access Token Manipulation1 | Cached Domain Credentials | Process Discovery1 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | Process Injection112 | DCSync | Virtualization/Sandbox Evasion11 | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | Indicator Removal from Tools | Proc Filesystem | System Owner/User Discovery1 | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue | |
Exploit Public-Facing Application | PowerShell | At (Linux) | At (Linux) | Masquerading | /etc/passwd and /etc/shadow | Remote System Discovery1 | Software Deployment Tools | Data Staged | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Web Protocols | Rogue Cellular Base Station | Data Destruction |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
25% | Virustotal | Browse | ||
100% | Joe Sandbox ML |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen2 | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File |
Domains |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
8% | Virustotal | Browse |
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
9% | Virustotal | Browse | ||
100% | Avira URL Cloud | malware |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
slimpackage.com | 104.223.93.105 | true | true |
| unknown |
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false |
| unknown |
Contacted IPs |
---|
General Information |
---|
Joe Sandbox Version: | 34.0.0 Boulder Opal |
Analysis ID: | 553335 |
Start date: | 14.01.2022 |
Start time: | 17:27:10 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 5m 45s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | Cotizaci#U00f3npdf.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 24 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.troj.spyw.evad.winEXE@3/6@59/2 |
EGA Information: |
|
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
17:28:16 | API Interceptor |
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
104.223.93.105 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Domains |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
slimpackage.com | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
ASN-QUADRANET-GLOBALUS | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
No context |
---|
Dropped Files |
---|
No context |
---|
Created / dropped Files |
---|
Process: | C:\Users\user\Desktop\Cotizaci#U00f3npdf.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 250917 |
Entropy (8bit): | 7.742545601504465 |
Encrypted: | false |
SSDEEP: | 6144:YhLBgpumJXJnGuUAN+eNkzPqEUvqhfKuLYq:gunJXJGbxGEUvAK1q |
MD5: | 5DFC9959804DDC0C5314ECD87BA862FC |
SHA1: | 3446B84156E3A47134F92557A40E630762E025F9 |
SHA-256: | 49277821695C781495E081F33A5DFB31295256619BB0B472498108F9F912A1ED |
SHA-512: | 731A82DDD6036ED1C5E34C487F2FD0FF74B192300906E742BE4FC8CF785CEA8A8B5C965BD526F1DDBD6587C15BA686D98CCA8ED33E766C490B62E9D2175FC373 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Users\user\Desktop\Cotizaci#U00f3npdf.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4096 |
Entropy (8bit): | 3.8339776551191647 |
Encrypted: | false |
SSDEEP: | 24:e1GSb0JDlXEcQA3ax/+XIfG7xkFsQZo+NTyYX73rNTytk8q6I1HPnRuV4MPgics:SgZyhQ4fG7xwbT9f6IvRuqSt |
MD5: | EED28D9A6DF23D102EB1E7DB08E9B8A8 |
SHA1: | B1EA3474DA51812F436C0D65178AAEE00C916628 |
SHA-256: | 2107EF7267EAD9ADD2CBD586F121A505DCC92DB08F9E61D6E2CCCA056D4DEED5 |
SHA-512: | 8B133190AF32CF0B5C0C5E1B93D84C3AE1A9494EBD0419CD911784804E74232FA15AD4F6D787E897AF05E90DD2801772C03DEA1282DED7921AF25EB0FBE353AB |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Users\user\Desktop\Cotizaci#U00f3npdf.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 217882 |
Entropy (8bit): | 7.989727494503245 |
Encrypted: | false |
SSDEEP: | 6144:dLBgpumJXJnGuUAN+eNkzPqEUvqhfKuLYq3:xunJXJGbxGEUvAK1q3 |
MD5: | 6D5DAFE120D6D1DD61199A4F38F20619 |
SHA1: | 493D1BD761B2E417FDFF7C1BFC3D68CCAB01460B |
SHA-256: | 378B7FE283382B7E1F0E67C41C4CAA451B6AB44E546796BA622692224E67C9A9 |
SHA-512: | F51B719361C96B2D638E35C489ABEA9F752B3B4E1DC432709C3A4687C30FA3A04DE6061FE0A0E097103F9E6D0E918D5EB4B8FD36B7C574131A49C3805740600B |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Users\user\Desktop\Cotizaci#U00f3npdf.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4976 |
Entropy (8bit): | 6.161968435503816 |
Encrypted: | false |
SSDEEP: | 96:dz0p9Vb7mSf8rAzp/mFJjRaXeHxKzQDwgim9Nv1SC0ip1/zIE449tUUlGT7c571N:dz0pDDD4yeHxK0Dym9/tE8U3Tw571SUT |
MD5: | D83B3DB2850820DCF18D511826E05844 |
SHA1: | 8FEF008C0EEA3C1BCFF29446455C9FFF1F79D9A6 |
SHA-256: | AD07B4AA8FBB3811E21582695F487F4A5A8E4908F28C7A2127698AF298A607AD |
SHA-512: | 31D4FE9453BAEF8F72070384CB69985C267A5A0B530576EA270A628DDDD69406732FC782ED63868A5AB0F39E7ADFD1C2449FBD3FBFE30B9CBB6056A81B87AAAD |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Users\user\Desktop\Cotizaci#U00f3npdf.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:U:U |
MD5: | C4CA4238A0B923820DCC509A6F75849B |
SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
|
Process: | C:\Users\user\Desktop\Cotizaci#U00f3npdf.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 47 |
Entropy (8bit): | 1.168829563685559 |
Encrypted: | false |
SSDEEP: | 3:/lSll2DQi:AoMi |
MD5: | DAB633BEBCCE13575989DCFA4E2203D6 |
SHA1: | 33186D50F04C5B5196C1FCC1FAD17894B35AC6C7 |
SHA-256: | 1C00FBA1B82CD386E866547F33E1526B03F59E577449792D99C882DEF05A1D17 |
SHA-512: | EDDBB22D9FC6065B8F5376EC95E316E7569530EFAA9EA9BC641881D763B91084DCCC05BC793E8E29131D20946392A31BD943E8FC632D91EE13ABA7B0CD1C626F |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 7.863769051552967 |
TrID: |
|
File name: | Cotizaci#U00f3npdf.exe |
File size: | 251901 |
MD5: | 3fe29e21698212a70e03144bb4979632 |
SHA1: | b400de247096542b778aa7ed7584f6829b5bbf4e |
SHA256: | c42005e0a00c3ecbaff6c1189ca8b6f1298a818878ceaebb623585c399c8ba81 |
SHA512: | a37080b42f317bcaf288acc2ede4fd178bf8227a6f0650b61378e829458fb26808f6fb64250e32bb737f583ddb75264c1fde488e31ceb57d7890005f04ab723d |
SSDEEP: | 6144:/wCNuC+dh+Q6PTM9599ohs4o358eJr6NxGD:ruN+QMTMVpP80AA |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........uJ...$...$...$./.{...$...%.:.$.".y...$..7....$.f."...$.Rich..$.................PE..L......H.................Z..........%2..... |
File Icon |
---|
Icon Hash: | 1c188bca1b2d565b |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x403225 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
DLL Characteristics: | |
Time Stamp: | 0x48EFCDC9 [Fri Oct 10 21:48:57 2008 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | 099c0646ea7282d232219f8807883be0 |
Entrypoint Preview |
---|
Instruction |
---|
sub esp, 00000180h |
push ebx |
push ebp |
push esi |
xor ebx, ebx |
push edi |
mov dword ptr [esp+18h], ebx |
mov dword ptr [esp+10h], 00409128h |
xor esi, esi |
mov byte ptr [esp+14h], 00000020h |
call dword ptr [00407030h] |
push 00008001h |
call dword ptr [004070B4h] |
push ebx |
call dword ptr [0040727Ch] |
push 00000008h |
mov dword ptr [00423F58h], eax |
call 00007FE928B0F4F0h |
mov dword ptr [00423EA4h], eax |
push ebx |
lea eax, dword ptr [esp+34h] |
push 00000160h |
push eax |
push ebx |
push 0041F450h |
call dword ptr [00407158h] |
push 004091B0h |
push 004236A0h |
call 00007FE928B0F1A7h |
call dword ptr [004070B0h] |
mov edi, 00429000h |
push eax |
push edi |
call 00007FE928B0F195h |
push ebx |
call dword ptr [0040710Ch] |
cmp byte ptr [00429000h], 00000022h |
mov dword ptr [00423EA0h], eax |
mov eax, edi |
jne 00007FE928B0C9BCh |
mov byte ptr [esp+14h], 00000022h |
mov eax, 00429001h |
push dword ptr [esp+14h] |
push eax |
call 00007FE928B0EC88h |
push eax |
call dword ptr [0040721Ch] |
mov dword ptr [esp+1Ch], eax |
jmp 00007FE928B0CA15h |
cmp cl, 00000020h |
jne 00007FE928B0C9B8h |
inc eax |
cmp byte ptr [eax], 00000020h |
je 00007FE928B0C9ACh |
cmp byte ptr [eax], 00000022h |
mov byte ptr [eax+eax+00h], 00000000h |
Rich Headers |
---|
Programming Language: |
|
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x73a4 | 0xb4 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x2c000 | 0x4148 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x7000 | 0x28c | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x5976 | 0x5a00 | False | 0.668619791667 | data | 6.46680044621 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rdata | 0x7000 | 0x1190 | 0x1200 | False | 0.444878472222 | data | 5.17796812871 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x9000 | 0x1af98 | 0x400 | False | 0.55078125 | data | 4.68983486809 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.ndata | 0x24000 | 0x8000 | 0x0 | False | 0 | empty | 0.0 | IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.rsrc | 0x2c000 | 0x4148 | 0x4200 | False | 0.441169507576 | data | 5.0955746829 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_ICON | 0x2c1f0 | 0x25a8 | dBase IV DBT of `.DBF, block length 9216, next free block index 40, next free block 4294967295, next used block 4294967295 | English | United States |
RT_ICON | 0x2e798 | 0x10a8 | dBase IV DBT of @.DBF, block length 4096, next free block index 40, next free block 4294374645, next used block 4294967295 | English | United States |
RT_ICON | 0x2f840 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_DIALOG | 0x2fca8 | 0x100 | data | English | United States |
RT_DIALOG | 0x2fda8 | 0x11c | data | English | United States |
RT_DIALOG | 0x2fec8 | 0x60 | data | English | United States |
RT_GROUP_ICON | 0x2ff28 | 0x30 | data | English | United States |
RT_MANIFEST | 0x2ff58 | 0x1eb | XML 1.0 document, ASCII text, with very long lines, with no line terminators | English | United States |
Imports |
---|
DLL | Import |
---|---|
KERNEL32.dll | CompareFileTime, SearchPathA, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CreateDirectoryA, SetFileAttributesA, Sleep, GetTickCount, CreateFileA, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, SetFileTime, GetTempPathA, GetCommandLineA, SetErrorMode, LoadLibraryA, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, GetTempFileNameA, lstrlenA, lstrcatA, GetSystemDirectoryA, GetVersion, CloseHandle, lstrcmpiA, lstrcmpA, ExpandEnvironmentStringsA, GlobalFree, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GetModuleHandleA, LoadLibraryExA, GetProcAddress, FreeLibrary, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, WriteFile, ReadFile, MulDiv, SetFilePointer, FindClose, FindNextFileA, FindFirstFileA, DeleteFileA, GetWindowsDirectoryA |
USER32.dll | EndDialog, ScreenToClient, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, DestroyWindow, CreateDialogParamA, SetTimer, SetWindowTextA, PostQuitMessage, SetForegroundWindow, wsprintfA, SendMessageTimeoutA, FindWindowExA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, OpenClipboard, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongA, LoadImageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, ShowWindow |
GDI32.dll | SetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectA, SetBkMode, SetTextColor, SelectObject |
SHELL32.dll | SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA, SHGetSpecialFolderLocation |
ADVAPI32.dll | RegQueryValueExA, RegSetValueExA, RegEnumKeyA, RegEnumValueA, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA |
COMCTL32.dll | ImageList_AddMasked, ImageList_Destroy, ImageList_Create |
ole32.dll | CoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance |
VERSION.dll | GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA |
Possible Origin |
---|
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Network Behavior |
---|
Snort IDS Alerts |
---|
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
01/14/22-17:28:13.315745 | TCP | 2024312 | ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 | 49754 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:28:13.315745 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49754 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:28:13.315745 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49754 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:28:14.966908 | TCP | 2024312 | ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 | 49755 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:28:14.966908 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49755 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:28:14.966908 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49755 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:28:16.603027 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49757 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:28:16.603027 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49757 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:28:16.603027 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49757 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:28:18.954071 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49761 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:28:18.954071 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49761 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:28:18.954071 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49761 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:28:21.450628 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49762 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:28:21.450628 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49762 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:28:21.450628 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49762 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:28:23.258656 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49763 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:28:23.258656 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49763 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:28:23.258656 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49763 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:28:24.754730 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49764 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:28:24.754730 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49764 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:28:24.754730 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49764 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:28:26.095199 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49765 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:28:26.095199 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49765 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:28:26.095199 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49765 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:28:27.825343 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49766 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:28:27.825343 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49766 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:28:27.825343 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49766 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:28:29.267836 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49767 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:28:29.267836 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49767 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:28:29.267836 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49767 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:28:30.598055 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49768 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:28:30.598055 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49768 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:28:30.598055 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49768 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:28:31.998392 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49769 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:28:31.998392 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49769 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:28:31.998392 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49769 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:28:35.257565 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49772 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:28:35.257565 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49772 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:28:35.257565 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49772 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:28:37.734698 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49773 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:28:37.734698 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49773 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:28:37.734698 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49773 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:28:44.091710 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49774 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:28:44.091710 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49774 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:28:44.091710 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49774 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:28:45.667839 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49775 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:28:45.667839 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49775 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:28:45.667839 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49775 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:28:47.384707 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49776 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:28:47.384707 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49776 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:28:47.384707 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49776 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:28:48.947783 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49777 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:28:48.947783 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49777 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:28:48.947783 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49777 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:28:50.801699 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49778 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:28:50.801699 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49778 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:28:50.801699 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49778 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:28:52.454047 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49780 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:28:52.454047 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49780 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:28:52.454047 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49780 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:28:54.036242 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49781 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:28:54.036242 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49781 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:28:54.036242 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49781 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:28:55.470161 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49782 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:28:55.470161 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49782 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:28:55.470161 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49782 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:28:57.622553 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49784 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:28:57.622553 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49784 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:28:57.622553 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49784 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:28:59.015617 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49791 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:28:59.015617 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49791 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:28:59.015617 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49791 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:29:00.450387 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49799 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:29:00.450387 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49799 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:29:00.450387 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49799 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:29:01.829359 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49806 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:29:01.829359 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49806 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:29:01.829359 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49806 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:29:03.362296 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49812 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:29:03.362296 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49812 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:29:03.362296 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49812 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:29:05.461336 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49813 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:29:05.461336 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49813 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:29:05.461336 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49813 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:29:07.046101 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49814 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:29:07.046101 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49814 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:29:07.046101 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49814 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:29:08.406847 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49815 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:29:08.406847 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49815 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:29:08.406847 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49815 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:29:11.296373 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49818 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:29:11.296373 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49818 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:29:11.296373 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49818 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:29:14.185843 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49819 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:29:14.185843 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49819 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:29:14.185843 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49819 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:29:16.911808 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49820 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:29:16.911808 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49820 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:29:16.911808 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49820 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:29:18.692195 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49821 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:29:18.692195 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49821 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:29:18.692195 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49821 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:29:23.575058 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49827 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:29:23.575058 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49827 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:29:23.575058 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49827 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:29:25.832127 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49828 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:29:25.832127 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49828 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:29:25.832127 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49828 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:29:27.728216 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49830 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:29:27.728216 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49830 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:29:27.728216 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49830 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:29:30.416868 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49831 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:29:30.416868 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49831 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:29:30.416868 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49831 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:29:33.215695 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49832 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:29:33.215695 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49832 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:29:33.215695 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49832 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:29:34.891024 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49833 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:29:34.891024 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49833 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:29:34.891024 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49833 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:29:36.420886 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49834 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:29:36.420886 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49834 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:29:36.420886 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49834 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:29:37.798759 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49835 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:29:37.798759 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49835 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:29:37.798759 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49835 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:29:39.184764 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49836 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:29:39.184764 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49836 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:29:39.184764 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49836 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:29:40.528047 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49837 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:29:40.528047 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49837 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:29:40.528047 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49837 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:29:41.926430 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49838 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:29:41.926430 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49838 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:29:41.926430 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49838 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:29:43.436919 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49839 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:29:43.436919 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49839 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:29:43.436919 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49839 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:29:44.869754 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49840 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:29:44.869754 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49840 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:29:44.869754 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49840 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:29:46.912808 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49841 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:29:46.912808 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49841 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:29:46.912808 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49841 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:29:51.162188 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49843 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:29:51.162188 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49843 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:29:51.162188 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49843 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:29:53.715308 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49844 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:29:53.715308 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49844 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:29:53.715308 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49844 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:29:55.732334 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49845 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:29:55.732334 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49845 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:29:55.732334 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49845 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:29:57.571676 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49848 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:29:57.571676 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49848 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:29:57.571676 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49848 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:30:00.627163 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49850 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:30:00.627163 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49850 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:30:00.627163 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49850 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:30:02.041046 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49851 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:30:02.041046 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49851 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:30:02.041046 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49851 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:30:03.405898 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49852 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:30:03.405898 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49852 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:30:03.405898 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49852 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:30:04.852682 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49853 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:30:04.852682 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49853 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:30:04.852682 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49853 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:30:06.441232 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49854 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:30:06.441232 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49854 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:30:06.441232 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49854 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:30:08.079184 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49855 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:30:08.079184 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49855 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:30:08.079184 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49855 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:30:10.025451 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49856 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:30:10.025451 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49856 | 80 | 192.168.2.5 | 104.223.93.105 |
01/14/22-17:30:10.025451 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49856 | 80 | 192.168.2.5 | 104.223.93.105 |
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jan 14, 2022 17:28:13.127573013 CET | 49754 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:13.312362909 CET | 80 | 49754 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:13.312468052 CET | 49754 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:13.315745115 CET | 49754 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:13.446369886 CET | 80 | 49754 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:13.446605921 CET | 49754 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:13.579961061 CET | 80 | 49754 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:13.586972952 CET | 80 | 49754 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:13.587043047 CET | 80 | 49754 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:13.587162971 CET | 49754 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:13.587328911 CET | 49754 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:13.716434002 CET | 80 | 49754 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:14.832711935 CET | 49755 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:14.963875055 CET | 80 | 49755 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:14.964056015 CET | 49755 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:14.966907978 CET | 49755 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:15.097893000 CET | 80 | 49755 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:15.098073006 CET | 49755 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:15.229207039 CET | 80 | 49755 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:15.236922026 CET | 80 | 49755 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:15.236974001 CET | 80 | 49755 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:15.237075090 CET | 49755 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:15.237221956 CET | 49755 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:15.368714094 CET | 80 | 49755 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:16.468199968 CET | 49757 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:16.599865913 CET | 80 | 49757 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:16.599967003 CET | 49757 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:16.603027105 CET | 49757 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:16.734165907 CET | 80 | 49757 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:16.734231949 CET | 49757 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:16.865334034 CET | 80 | 49757 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:16.872795105 CET | 80 | 49757 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:16.872894049 CET | 80 | 49757 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:16.872925997 CET | 49757 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:16.872937918 CET | 49757 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:17.004089117 CET | 80 | 49757 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:18.786120892 CET | 49761 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:18.946105957 CET | 80 | 49761 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:18.946300030 CET | 49761 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:18.954071045 CET | 49761 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:19.083564043 CET | 80 | 49761 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:19.083688021 CET | 49761 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:19.213036060 CET | 80 | 49761 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:19.221434116 CET | 80 | 49761 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:19.221496105 CET | 80 | 49761 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:19.221610069 CET | 49761 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:19.221667051 CET | 49761 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:19.369648933 CET | 80 | 49761 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:21.083108902 CET | 49762 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:21.213958979 CET | 80 | 49762 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:21.214113951 CET | 49762 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:21.450628042 CET | 49762 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:21.580496073 CET | 80 | 49762 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:21.580569983 CET | 49762 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:21.710346937 CET | 80 | 49762 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:21.723001003 CET | 80 | 49762 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:21.723030090 CET | 80 | 49762 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:21.723149061 CET | 49762 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:21.932380915 CET | 49762 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:22.062105894 CET | 80 | 49762 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:23.124599934 CET | 49763 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:23.255527973 CET | 80 | 49763 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:23.255724907 CET | 49763 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:23.258656025 CET | 49763 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:23.389377117 CET | 80 | 49763 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:23.389926910 CET | 49763 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:23.521075010 CET | 80 | 49763 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:23.530498028 CET | 80 | 49763 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:23.530517101 CET | 80 | 49763 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:23.530709982 CET | 49763 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:23.530833960 CET | 49763 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:23.662244081 CET | 80 | 49763 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:24.607203960 CET | 49764 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:24.747642994 CET | 80 | 49764 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:24.747761011 CET | 49764 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:24.754729986 CET | 49764 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:24.882570982 CET | 80 | 49764 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:24.882812977 CET | 49764 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:25.010787964 CET | 80 | 49764 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:25.029998064 CET | 80 | 49764 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:25.030052900 CET | 80 | 49764 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:25.030206919 CET | 49764 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:25.031017065 CET | 49764 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:25.172168970 CET | 80 | 49764 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:25.957454920 CET | 49765 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:26.088448048 CET | 80 | 49765 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:26.092111111 CET | 49765 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:26.095199108 CET | 49765 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:26.226052999 CET | 80 | 49765 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:26.226634026 CET | 49765 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:26.357539892 CET | 80 | 49765 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:26.366882086 CET | 80 | 49765 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:26.366926908 CET | 80 | 49765 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:26.367008924 CET | 49765 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:26.367063999 CET | 49765 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:26.498384953 CET | 80 | 49765 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:27.686556101 CET | 49766 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:27.818377018 CET | 80 | 49766 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:27.818569899 CET | 49766 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:27.825342894 CET | 49766 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:27.956516981 CET | 80 | 49766 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:27.956700087 CET | 49766 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:28.087883949 CET | 80 | 49766 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:28.095748901 CET | 80 | 49766 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:28.095788956 CET | 80 | 49766 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:28.095879078 CET | 49766 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:28.095926046 CET | 49766 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:28.227577925 CET | 80 | 49766 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:29.128317118 CET | 49767 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:29.257941961 CET | 80 | 49767 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:29.258078098 CET | 49767 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:29.267836094 CET | 49767 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:29.398068905 CET | 80 | 49767 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:29.398169041 CET | 49767 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:29.528426886 CET | 80 | 49767 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:29.534789085 CET | 80 | 49767 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:29.534826040 CET | 80 | 49767 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:29.534970045 CET | 49767 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:29.535058975 CET | 49767 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:29.665158033 CET | 80 | 49767 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:30.459661961 CET | 49768 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:30.590562105 CET | 80 | 49768 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:30.590693951 CET | 49768 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:30.598054886 CET | 49768 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:30.729619026 CET | 80 | 49768 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:30.729804993 CET | 49768 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:30.862215996 CET | 80 | 49768 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:30.869498968 CET | 80 | 49768 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:30.869611025 CET | 80 | 49768 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:30.869617939 CET | 49768 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:30.869656086 CET | 49768 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:31.002516985 CET | 80 | 49768 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:31.828584909 CET | 49769 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:31.989689112 CET | 80 | 49769 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:31.990731001 CET | 49769 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:31.998392105 CET | 49769 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:32.126502037 CET | 80 | 49769 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:32.126750946 CET | 49769 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:32.333718061 CET | 80 | 49769 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:32.371730089 CET | 80 | 49769 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:32.371753931 CET | 80 | 49769 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:32.371829987 CET | 49769 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:32.372024059 CET | 49769 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:32.502043962 CET | 80 | 49769 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:35.073112965 CET | 49772 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:35.245409012 CET | 80 | 49772 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:35.246406078 CET | 49772 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:35.257565022 CET | 49772 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:35.388725996 CET | 80 | 49772 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:35.388864040 CET | 49772 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:35.556468964 CET | 80 | 49772 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:35.598879099 CET | 80 | 49772 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:35.598925114 CET | 80 | 49772 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:35.599009991 CET | 49772 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:35.599092960 CET | 49772 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:35.737840891 CET | 80 | 49772 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:37.549031973 CET | 49773 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:37.680258989 CET | 80 | 49773 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:37.680428028 CET | 49773 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:37.734698057 CET | 49773 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:37.887053013 CET | 80 | 49773 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:37.887132883 CET | 49773 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:38.018210888 CET | 80 | 49773 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:38.027388096 CET | 80 | 49773 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:38.027532101 CET | 49773 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:38.027653933 CET | 80 | 49773 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:38.027867079 CET | 49773 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:38.159147978 CET | 80 | 49773 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:40.898469925 CET | 49774 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:43.901073933 CET | 49774 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:44.066476107 CET | 80 | 49774 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:44.066651106 CET | 49774 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:44.091710091 CET | 49774 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:44.222840071 CET | 80 | 49774 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:44.225761890 CET | 49774 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:44.357975006 CET | 80 | 49774 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:44.368436098 CET | 80 | 49774 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:44.368874073 CET | 80 | 49774 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:44.368998051 CET | 49774 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:44.369070053 CET | 49774 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:44.500535011 CET | 80 | 49774 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:45.533834934 CET | 49775 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:45.664894104 CET | 80 | 49775 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:45.665002108 CET | 49775 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:45.667839050 CET | 49775 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:45.798810959 CET | 80 | 49775 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:45.798913002 CET | 49775 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:46.151256084 CET | 49775 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:46.282247066 CET | 80 | 49775 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:46.295262098 CET | 80 | 49775 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:46.295341015 CET | 80 | 49775 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:46.295485973 CET | 49775 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:46.295536995 CET | 49775 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:46.427148104 CET | 80 | 49775 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:47.251642942 CET | 49776 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:47.380161047 CET | 80 | 49776 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:47.381987095 CET | 49776 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:47.384706974 CET | 49776 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:47.514822006 CET | 80 | 49776 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:47.514906883 CET | 49776 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:47.643086910 CET | 80 | 49776 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:47.653799057 CET | 80 | 49776 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:47.653892040 CET | 80 | 49776 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:47.653954983 CET | 49776 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:47.655205011 CET | 49776 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:47.782355070 CET | 80 | 49776 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:48.812675953 CET | 49777 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:48.944943905 CET | 80 | 49777 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:48.945048094 CET | 49777 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:48.947782993 CET | 49777 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:49.082179070 CET | 80 | 49777 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:49.085401058 CET | 49777 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:49.217022896 CET | 80 | 49777 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:49.225759983 CET | 80 | 49777 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:49.225908041 CET | 49777 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:49.226149082 CET | 80 | 49777 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:49.226227999 CET | 49777 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:49.357409000 CET | 80 | 49777 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:50.670454025 CET | 49778 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:50.798480034 CET | 80 | 49778 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:50.798644066 CET | 49778 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:50.801698923 CET | 49778 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:50.978573084 CET | 80 | 49778 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:50.978789091 CET | 49778 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:51.107304096 CET | 80 | 49778 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:51.116813898 CET | 80 | 49778 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:51.116847992 CET | 80 | 49778 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:51.117145061 CET | 49778 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:51.117199898 CET | 49778 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:51.245961905 CET | 80 | 49778 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:52.316239119 CET | 49780 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:52.450566053 CET | 80 | 49780 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:52.450705051 CET | 49780 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:52.454046965 CET | 49780 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:52.585603952 CET | 80 | 49780 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:52.586828947 CET | 49780 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:52.718008041 CET | 80 | 49780 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:52.726126909 CET | 80 | 49780 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:52.726289034 CET | 80 | 49780 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:52.726356030 CET | 49780 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:52.726402998 CET | 49780 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:52.857363939 CET | 80 | 49780 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:53.905137062 CET | 49781 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:54.033015966 CET | 80 | 49781 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:54.033145905 CET | 49781 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:54.036242008 CET | 49781 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:54.164078951 CET | 80 | 49781 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:54.165677071 CET | 49781 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:54.297138929 CET | 80 | 49781 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:54.306258917 CET | 80 | 49781 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:54.306274891 CET | 80 | 49781 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:54.306515932 CET | 49781 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:54.306545019 CET | 49781 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:54.436880112 CET | 80 | 49781 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:55.335737944 CET | 49782 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:55.467268944 CET | 80 | 49782 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:55.467441082 CET | 49782 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:55.470160961 CET | 49782 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:55.678710938 CET | 80 | 49782 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:55.678987980 CET | 49782 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:55.987972021 CET | 80 | 49782 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:55.988012075 CET | 80 | 49782 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:55.988030910 CET | 80 | 49782 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:55.988131046 CET | 49782 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:55.988158941 CET | 49782 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:56.180638075 CET | 80 | 49782 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:57.488420010 CET | 49784 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:57.619528055 CET | 80 | 49784 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:57.619621038 CET | 49784 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:57.622553110 CET | 49784 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:57.754616022 CET | 80 | 49784 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:57.754698992 CET | 49784 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:57.885791063 CET | 80 | 49784 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:57.906794071 CET | 80 | 49784 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:57.906833887 CET | 80 | 49784 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:57.906898022 CET | 49784 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:57.906938076 CET | 49784 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:58.038292885 CET | 80 | 49784 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:58.881587982 CET | 49791 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:59.012422085 CET | 80 | 49791 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:59.012537956 CET | 49791 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:59.015616894 CET | 49791 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:59.146652937 CET | 80 | 49791 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:59.146729946 CET | 49791 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:59.277570963 CET | 80 | 49791 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:59.285082102 CET | 80 | 49791 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:59.285120010 CET | 80 | 49791 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:28:59.285311937 CET | 49791 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:59.285377979 CET | 49791 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:28:59.421504021 CET | 80 | 49791 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:00.314524889 CET | 49799 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:00.442375898 CET | 80 | 49799 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:00.442667961 CET | 49799 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:00.450387001 CET | 49799 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:00.578258991 CET | 80 | 49799 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:00.578438044 CET | 49799 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:00.706531048 CET | 80 | 49799 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:00.713493109 CET | 80 | 49799 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:00.713527918 CET | 80 | 49799 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:00.713673115 CET | 49799 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:00.713725090 CET | 49799 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:00.842001915 CET | 80 | 49799 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:01.694536924 CET | 49806 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:01.825788021 CET | 80 | 49806 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:01.825921059 CET | 49806 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:01.829359055 CET | 49806 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:01.960571051 CET | 80 | 49806 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:01.960654974 CET | 49806 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:02.097992897 CET | 80 | 49806 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:02.098814964 CET | 80 | 49806 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:02.098882914 CET | 80 | 49806 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:02.098968983 CET | 49806 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:02.099055052 CET | 49806 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:02.231448889 CET | 80 | 49806 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:03.227760077 CET | 49812 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:03.358958960 CET | 80 | 49812 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:03.359405041 CET | 49812 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:03.362296104 CET | 49812 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:03.494137049 CET | 80 | 49812 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:03.495379925 CET | 49812 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:03.626449108 CET | 80 | 49812 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:03.634512901 CET | 80 | 49812 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:03.634674072 CET | 80 | 49812 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:03.634721041 CET | 49812 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:03.634771109 CET | 49812 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:03.766113043 CET | 80 | 49812 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:05.326889038 CET | 49813 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:05.458482027 CET | 80 | 49813 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:05.458592892 CET | 49813 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:05.461335897 CET | 49813 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:05.592381954 CET | 80 | 49813 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:05.592464924 CET | 49813 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:05.723618984 CET | 80 | 49813 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:05.731496096 CET | 80 | 49813 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:05.731534958 CET | 80 | 49813 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:05.731650114 CET | 49813 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:05.734685898 CET | 49813 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:05.866110086 CET | 80 | 49813 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:06.911814928 CET | 49814 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:07.042866945 CET | 80 | 49814 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:07.042985916 CET | 49814 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:07.046101093 CET | 49814 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:07.177078962 CET | 80 | 49814 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:07.177156925 CET | 49814 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:07.308312893 CET | 80 | 49814 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:07.317964077 CET | 80 | 49814 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:07.318008900 CET | 80 | 49814 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:07.318098068 CET | 49814 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:07.318128109 CET | 49814 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:07.449525118 CET | 80 | 49814 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:08.257332087 CET | 49815 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:08.388482094 CET | 80 | 49815 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:08.388613939 CET | 49815 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:08.406847000 CET | 49815 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:08.563863993 CET | 80 | 49815 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:08.563952923 CET | 49815 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:08.695035934 CET | 80 | 49815 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:08.702689886 CET | 80 | 49815 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:08.702734947 CET | 80 | 49815 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:08.703206062 CET | 49815 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:08.703252077 CET | 49815 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:08.849548101 CET | 80 | 49815 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:11.143611908 CET | 49818 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:11.292938948 CET | 80 | 49818 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:11.293068886 CET | 49818 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:11.296372890 CET | 49818 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:11.436073065 CET | 80 | 49818 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:11.436233997 CET | 49818 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:11.628108025 CET | 80 | 49818 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:11.635201931 CET | 80 | 49818 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:11.635256052 CET | 80 | 49818 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:11.635457993 CET | 49818 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:11.687051058 CET | 49818 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:11.837625027 CET | 80 | 49818 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:14.053426027 CET | 49819 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:14.182974100 CET | 80 | 49819 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:14.183109999 CET | 49819 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:14.185842991 CET | 49819 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:14.315392971 CET | 80 | 49819 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:14.315494061 CET | 49819 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:14.445136070 CET | 80 | 49819 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:14.455641985 CET | 80 | 49819 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:14.455688000 CET | 80 | 49819 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:14.455787897 CET | 49819 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:14.455833912 CET | 49819 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:14.586028099 CET | 80 | 49819 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:16.777295113 CET | 49820 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:16.908338070 CET | 80 | 49820 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:16.908457994 CET | 49820 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:16.911808014 CET | 49820 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:17.043977976 CET | 80 | 49820 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:17.044059038 CET | 49820 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:17.174981117 CET | 80 | 49820 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:17.182404995 CET | 80 | 49820 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:17.182430983 CET | 80 | 49820 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:17.182506084 CET | 49820 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:17.182579994 CET | 49820 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:17.314208984 CET | 80 | 49820 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:18.557315111 CET | 49821 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:18.688576937 CET | 80 | 49821 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:18.688699961 CET | 49821 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:18.692194939 CET | 49821 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:18.824660063 CET | 80 | 49821 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:18.828167915 CET | 49821 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:18.959274054 CET | 80 | 49821 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:18.968348026 CET | 80 | 49821 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:18.968466043 CET | 49821 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:18.968631983 CET | 80 | 49821 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:18.970637083 CET | 49821 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:19.103039026 CET | 80 | 49821 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:23.443322897 CET | 49827 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:23.571463108 CET | 80 | 49827 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:23.571633101 CET | 49827 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:23.575057983 CET | 49827 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:23.703248024 CET | 80 | 49827 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:23.703351974 CET | 49827 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:23.831353903 CET | 80 | 49827 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:23.841211081 CET | 80 | 49827 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:23.841245890 CET | 80 | 49827 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:23.841418028 CET | 49827 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:23.841512918 CET | 49827 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:23.970092058 CET | 80 | 49827 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:25.652314901 CET | 49828 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:25.814377069 CET | 80 | 49828 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:25.814495087 CET | 49828 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:25.832127094 CET | 49828 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:25.991565943 CET | 80 | 49828 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:25.991719007 CET | 49828 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:26.136554003 CET | 80 | 49828 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:26.144282103 CET | 80 | 49828 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:26.144332886 CET | 80 | 49828 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:26.144412041 CET | 49828 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:26.144459963 CET | 49828 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:26.308155060 CET | 80 | 49828 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:27.577704906 CET | 49830 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:27.710798979 CET | 80 | 49830 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:27.712193012 CET | 49830 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:27.728215933 CET | 49830 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:27.859571934 CET | 80 | 49830 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:27.859743118 CET | 49830 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:27.991045952 CET | 80 | 49830 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:27.998682022 CET | 80 | 49830 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:27.998769999 CET | 80 | 49830 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:27.998852015 CET | 49830 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:27.998883009 CET | 49830 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:28.130565882 CET | 80 | 49830 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:29.791400909 CET | 49831 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:30.411508083 CET | 80 | 49831 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:30.411834002 CET | 49831 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:30.416867971 CET | 49831 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:31.113785028 CET | 80 | 49831 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:31.113910913 CET | 49831 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:31.827024937 CET | 80 | 49831 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:31.827066898 CET | 80 | 49831 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:31.827090979 CET | 80 | 49831 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:31.827214003 CET | 49831 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:31.827270985 CET | 49831 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:32.305907965 CET | 80 | 49831 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:32.725241899 CET | 49832 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:33.208076000 CET | 80 | 49832 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:33.208307981 CET | 49832 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:33.215694904 CET | 49832 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:33.467137098 CET | 80 | 49832 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:33.467804909 CET | 49832 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:33.814976931 CET | 80 | 49832 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:33.815031052 CET | 80 | 49832 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:33.815071106 CET | 80 | 49832 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:33.815299988 CET | 49832 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:33.815355062 CET | 49832 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:34.006656885 CET | 80 | 49832 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:34.743413925 CET | 49833 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:34.876569986 CET | 80 | 49833 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:34.876717091 CET | 49833 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:34.891024113 CET | 49833 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:35.032488108 CET | 80 | 49833 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:35.032548904 CET | 49833 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:35.322788954 CET | 80 | 49833 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:35.322861910 CET | 80 | 49833 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:35.322911978 CET | 80 | 49833 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:35.322973967 CET | 49833 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:35.323007107 CET | 49833 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:35.454479933 CET | 80 | 49833 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:36.281523943 CET | 49834 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:36.412668943 CET | 80 | 49834 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:36.412847996 CET | 49834 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:36.420886040 CET | 49834 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:36.626245022 CET | 80 | 49834 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:36.630243063 CET | 49834 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:36.761486053 CET | 80 | 49834 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:36.768083096 CET | 80 | 49834 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:36.768170118 CET | 80 | 49834 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:36.768271923 CET | 49834 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:36.768309116 CET | 49834 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:36.900177956 CET | 80 | 49834 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:37.663517952 CET | 49835 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:37.795056105 CET | 80 | 49835 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:37.795165062 CET | 49835 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:37.798758984 CET | 49835 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:37.929831028 CET | 80 | 49835 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:37.929960012 CET | 49835 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:38.060945034 CET | 80 | 49835 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:38.068783998 CET | 80 | 49835 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:38.068809986 CET | 80 | 49835 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:38.069020987 CET | 49835 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:38.069129944 CET | 49835 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:38.200614929 CET | 80 | 49835 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:39.021749973 CET | 49836 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:39.154042006 CET | 80 | 49836 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:39.154122114 CET | 49836 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:39.184763908 CET | 49836 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:39.325189114 CET | 80 | 49836 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:39.325314999 CET | 49836 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:39.465979099 CET | 80 | 49836 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:39.474395990 CET | 80 | 49836 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:39.474411964 CET | 80 | 49836 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:39.474653006 CET | 49836 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:39.474744081 CET | 49836 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:39.606048107 CET | 80 | 49836 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:40.394260883 CET | 49837 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:40.525208950 CET | 80 | 49837 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:40.525302887 CET | 49837 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:40.528047085 CET | 49837 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:40.659876108 CET | 80 | 49837 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:40.659979105 CET | 49837 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:40.791409016 CET | 80 | 49837 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:40.801172972 CET | 80 | 49837 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:40.801276922 CET | 80 | 49837 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:40.801367044 CET | 49837 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:40.801409960 CET | 49837 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:40.932847977 CET | 80 | 49837 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:41.793672085 CET | 49838 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:41.921430111 CET | 80 | 49838 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:41.921638966 CET | 49838 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:41.926429987 CET | 49838 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:42.054713011 CET | 80 | 49838 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:42.054831028 CET | 49838 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:42.185022116 CET | 80 | 49838 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:42.200709105 CET | 80 | 49838 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:42.200754881 CET | 80 | 49838 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:42.201318026 CET | 49838 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:42.201406956 CET | 49838 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:42.330058098 CET | 80 | 49838 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:43.301310062 CET | 49839 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:43.433999062 CET | 80 | 49839 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:43.434129000 CET | 49839 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:43.436918974 CET | 49839 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:43.567825079 CET | 80 | 49839 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:43.567903996 CET | 49839 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:43.698954105 CET | 80 | 49839 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:43.706233025 CET | 80 | 49839 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:43.706258059 CET | 80 | 49839 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:43.706347942 CET | 49839 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:43.706410885 CET | 49839 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:43.837604046 CET | 80 | 49839 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:44.735109091 CET | 49840 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:44.866266966 CET | 80 | 49840 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:44.866420984 CET | 49840 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:44.869754076 CET | 49840 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:45.000961065 CET | 80 | 49840 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:45.001187086 CET | 49840 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:45.132246971 CET | 80 | 49840 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:45.142271042 CET | 80 | 49840 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:45.142313957 CET | 80 | 49840 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:45.142442942 CET | 49840 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:45.142590046 CET | 49840 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:45.274022102 CET | 80 | 49840 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:46.779309988 CET | 49841 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:46.909118891 CET | 80 | 49841 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:46.909290075 CET | 49841 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:46.912807941 CET | 49841 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:47.042594910 CET | 80 | 49841 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:47.042817116 CET | 49841 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:47.172377110 CET | 80 | 49841 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:47.179666996 CET | 80 | 49841 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:47.179728031 CET | 80 | 49841 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:47.179825068 CET | 49841 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:47.179857016 CET | 49841 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:47.310161114 CET | 80 | 49841 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:50.939913988 CET | 49843 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:51.159269094 CET | 80 | 49843 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:51.159437895 CET | 49843 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:51.162188053 CET | 49843 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:51.378942966 CET | 80 | 49843 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:51.379081011 CET | 49843 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:51.559551001 CET | 80 | 49843 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:51.567084074 CET | 80 | 49843 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:51.567110062 CET | 80 | 49843 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:51.567270041 CET | 49843 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:51.567327023 CET | 49843 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:51.738595963 CET | 80 | 49843 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:53.579495907 CET | 49844 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:53.707483053 CET | 80 | 49844 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:53.707647085 CET | 49844 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:53.715307951 CET | 49844 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:53.843348026 CET | 80 | 49844 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:53.843499899 CET | 49844 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:54.054286003 CET | 80 | 49844 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:54.062087059 CET | 80 | 49844 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:54.062113047 CET | 80 | 49844 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:54.062216997 CET | 49844 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:54.062247038 CET | 49844 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:54.190412045 CET | 80 | 49844 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:55.596123934 CET | 49845 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:55.727226019 CET | 80 | 49845 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:55.727401018 CET | 49845 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:55.732333899 CET | 49845 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:55.863544941 CET | 80 | 49845 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:55.863666058 CET | 49845 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:55.994648933 CET | 80 | 49845 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:56.001481056 CET | 80 | 49845 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:56.001569033 CET | 80 | 49845 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:56.001678944 CET | 49845 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:56.001737118 CET | 49845 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:56.132621050 CET | 80 | 49845 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:57.437242985 CET | 49848 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:57.568937063 CET | 80 | 49848 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:57.569062948 CET | 49848 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:57.571676016 CET | 49848 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:57.702532053 CET | 80 | 49848 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:57.702625990 CET | 49848 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:57.833556890 CET | 80 | 49848 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:57.842660904 CET | 80 | 49848 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:57.842812061 CET | 80 | 49848 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:57.842842102 CET | 49848 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:57.842896938 CET | 49848 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:29:57.974230051 CET | 80 | 49848 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:29:59.991456032 CET | 49850 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:30:00.121311903 CET | 80 | 49850 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:30:00.121561050 CET | 49850 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:30:00.627162933 CET | 49850 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:30:00.795715094 CET | 80 | 49850 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:30:00.795773983 CET | 49850 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:30:00.925806046 CET | 80 | 49850 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:30:00.945791006 CET | 80 | 49850 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:30:00.945838928 CET | 80 | 49850 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:30:00.945888042 CET | 49850 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:30:00.945928097 CET | 49850 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:30:01.101733923 CET | 80 | 49850 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:30:01.902124882 CET | 49851 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:30:02.033386946 CET | 80 | 49851 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:30:02.036441088 CET | 49851 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:30:02.041045904 CET | 49851 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:30:02.204386950 CET | 80 | 49851 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:30:02.205429077 CET | 49851 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:30:02.336788893 CET | 80 | 49851 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:30:02.345097065 CET | 80 | 49851 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:30:02.345124006 CET | 80 | 49851 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:30:02.345972061 CET | 49851 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:30:02.346041918 CET | 49851 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:30:02.477041960 CET | 80 | 49851 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:30:03.266788960 CET | 49852 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:30:03.398585081 CET | 80 | 49852 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:30:03.398768902 CET | 49852 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:30:03.405898094 CET | 49852 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:30:03.536973953 CET | 80 | 49852 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:30:03.537081957 CET | 49852 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:30:03.668066025 CET | 80 | 49852 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:30:03.689683914 CET | 80 | 49852 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:30:03.689716101 CET | 80 | 49852 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:30:03.689862967 CET | 49852 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:30:03.689912081 CET | 49852 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:30:03.821629047 CET | 80 | 49852 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:30:04.713110924 CET | 49853 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:30:04.844341040 CET | 80 | 49853 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:30:04.844585896 CET | 49853 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:30:04.852682114 CET | 49853 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:30:04.983932972 CET | 80 | 49853 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:30:04.985002041 CET | 49853 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:30:05.116051912 CET | 80 | 49853 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:30:05.125155926 CET | 80 | 49853 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:30:05.125205994 CET | 80 | 49853 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:30:05.125437021 CET | 49853 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:30:05.125487089 CET | 49853 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:30:05.257143974 CET | 80 | 49853 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:30:06.307260036 CET | 49854 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:30:06.438306093 CET | 80 | 49854 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:30:06.438412905 CET | 49854 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:30:06.441231966 CET | 49854 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:30:06.623276949 CET | 80 | 49854 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:30:06.623379946 CET | 49854 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:30:06.779055119 CET | 80 | 49854 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:30:06.788499117 CET | 80 | 49854 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:30:06.788573027 CET | 80 | 49854 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:30:06.788675070 CET | 49854 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:30:06.788773060 CET | 49854 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:30:06.920650959 CET | 80 | 49854 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:30:07.940733910 CET | 49855 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:30:08.071841002 CET | 80 | 49855 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:30:08.072000980 CET | 49855 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:30:08.079184055 CET | 49855 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:30:08.386604071 CET | 80 | 49855 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:30:08.386858940 CET | 49855 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:30:08.517844915 CET | 80 | 49855 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:30:08.526288986 CET | 80 | 49855 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:30:08.526335001 CET | 80 | 49855 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:30:08.526524067 CET | 49855 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:30:08.526614904 CET | 49855 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:30:08.662318945 CET | 80 | 49855 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:30:09.847970009 CET | 49856 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:30:10.021980047 CET | 80 | 49856 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:30:10.022083044 CET | 49856 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:30:10.025450945 CET | 49856 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:30:10.165180922 CET | 80 | 49856 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:30:10.165288925 CET | 49856 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:30:10.296250105 CET | 80 | 49856 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:30:10.304357052 CET | 80 | 49856 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:30:10.304399967 CET | 80 | 49856 | 104.223.93.105 | 192.168.2.5 |
Jan 14, 2022 17:30:10.304513931 CET | 49856 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:30:10.305048943 CET | 49856 | 80 | 192.168.2.5 | 104.223.93.105 |
Jan 14, 2022 17:30:10.437370062 CET | 80 | 49856 | 104.223.93.105 | 192.168.2.5 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jan 14, 2022 17:28:12.995415926 CET | 54795 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 14, 2022 17:28:13.115070105 CET | 53 | 54795 | 8.8.8.8 | 192.168.2.5 |
Jan 14, 2022 17:28:14.682817936 CET | 49557 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 14, 2022 17:28:14.831212997 CET | 53 | 49557 | 8.8.8.8 | 192.168.2.5 |
Jan 14, 2022 17:28:16.347955942 CET | 61733 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 14, 2022 17:28:16.466959953 CET | 53 | 61733 | 8.8.8.8 | 192.168.2.5 |
Jan 14, 2022 17:28:18.765908957 CET | 52441 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 14, 2022 17:28:18.784615993 CET | 53 | 52441 | 8.8.8.8 | 192.168.2.5 |
Jan 14, 2022 17:28:21.045820951 CET | 62176 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 14, 2022 17:28:21.063589096 CET | 53 | 62176 | 8.8.8.8 | 192.168.2.5 |
Jan 14, 2022 17:28:22.989414930 CET | 59596 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 14, 2022 17:28:23.122594118 CET | 53 | 59596 | 8.8.8.8 | 192.168.2.5 |
Jan 14, 2022 17:28:24.479134083 CET | 65296 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 14, 2022 17:28:24.605462074 CET | 53 | 65296 | 8.8.8.8 | 192.168.2.5 |
Jan 14, 2022 17:28:25.938558102 CET | 63183 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 14, 2022 17:28:25.956110001 CET | 53 | 63183 | 8.8.8.8 | 192.168.2.5 |
Jan 14, 2022 17:28:27.666655064 CET | 60151 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 14, 2022 17:28:27.683886051 CET | 53 | 60151 | 8.8.8.8 | 192.168.2.5 |
Jan 14, 2022 17:28:29.109404087 CET | 56969 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 14, 2022 17:28:29.126961946 CET | 53 | 56969 | 8.8.8.8 | 192.168.2.5 |
Jan 14, 2022 17:28:30.440949917 CET | 55161 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 14, 2022 17:28:30.458503962 CET | 53 | 55161 | 8.8.8.8 | 192.168.2.5 |
Jan 14, 2022 17:28:31.808276892 CET | 54757 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 14, 2022 17:28:31.827296972 CET | 53 | 54757 | 8.8.8.8 | 192.168.2.5 |
Jan 14, 2022 17:28:35.050508022 CET | 60075 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 14, 2022 17:28:35.069721937 CET | 53 | 60075 | 8.8.8.8 | 192.168.2.5 |
Jan 14, 2022 17:28:37.476960897 CET | 55016 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 14, 2022 17:28:37.494354010 CET | 53 | 55016 | 8.8.8.8 | 192.168.2.5 |
Jan 14, 2022 17:28:40.877268076 CET | 64345 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 14, 2022 17:28:40.894728899 CET | 53 | 64345 | 8.8.8.8 | 192.168.2.5 |
Jan 14, 2022 17:28:45.513106108 CET | 57128 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 14, 2022 17:28:45.531521082 CET | 53 | 57128 | 8.8.8.8 | 192.168.2.5 |
Jan 14, 2022 17:28:47.232352018 CET | 54791 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 14, 2022 17:28:47.250000954 CET | 53 | 54791 | 8.8.8.8 | 192.168.2.5 |
Jan 14, 2022 17:28:48.791320086 CET | 50463 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 14, 2022 17:28:48.810790062 CET | 53 | 50463 | 8.8.8.8 | 192.168.2.5 |
Jan 14, 2022 17:28:50.547035933 CET | 50394 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 14, 2022 17:28:50.667985916 CET | 53 | 50394 | 8.8.8.8 | 192.168.2.5 |
Jan 14, 2022 17:28:52.297509909 CET | 53813 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 14, 2022 17:28:52.315208912 CET | 53 | 53813 | 8.8.8.8 | 192.168.2.5 |
Jan 14, 2022 17:28:53.884567976 CET | 63732 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 14, 2022 17:28:53.903908968 CET | 53 | 63732 | 8.8.8.8 | 192.168.2.5 |
Jan 14, 2022 17:28:55.314445972 CET | 57344 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 14, 2022 17:28:55.332171917 CET | 53 | 57344 | 8.8.8.8 | 192.168.2.5 |
Jan 14, 2022 17:28:57.466471910 CET | 54450 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 14, 2022 17:28:57.485555887 CET | 53 | 54450 | 8.8.8.8 | 192.168.2.5 |
Jan 14, 2022 17:28:58.860917091 CET | 57151 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 14, 2022 17:28:58.880289078 CET | 53 | 57151 | 8.8.8.8 | 192.168.2.5 |
Jan 14, 2022 17:29:00.294476986 CET | 59413 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 14, 2022 17:29:00.313199043 CET | 53 | 59413 | 8.8.8.8 | 192.168.2.5 |
Jan 14, 2022 17:29:01.673733950 CET | 60516 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 14, 2022 17:29:01.693216085 CET | 53 | 60516 | 8.8.8.8 | 192.168.2.5 |
Jan 14, 2022 17:29:03.206645012 CET | 51649 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 14, 2022 17:29:03.226144075 CET | 53 | 51649 | 8.8.8.8 | 192.168.2.5 |
Jan 14, 2022 17:29:05.304295063 CET | 65086 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 14, 2022 17:29:05.325781107 CET | 53 | 65086 | 8.8.8.8 | 192.168.2.5 |
Jan 14, 2022 17:29:06.891650915 CET | 56432 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 14, 2022 17:29:06.909065008 CET | 53 | 56432 | 8.8.8.8 | 192.168.2.5 |
Jan 14, 2022 17:29:08.238142967 CET | 52929 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 14, 2022 17:29:08.256097078 CET | 53 | 52929 | 8.8.8.8 | 192.168.2.5 |
Jan 14, 2022 17:29:11.123244047 CET | 61004 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 14, 2022 17:29:11.142402887 CET | 53 | 61004 | 8.8.8.8 | 192.168.2.5 |
Jan 14, 2022 17:29:14.032655954 CET | 56895 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 14, 2022 17:29:14.052234888 CET | 53 | 56895 | 8.8.8.8 | 192.168.2.5 |
Jan 14, 2022 17:29:16.754798889 CET | 62372 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 14, 2022 17:29:16.775743008 CET | 53 | 62372 | 8.8.8.8 | 192.168.2.5 |
Jan 14, 2022 17:29:18.536864042 CET | 56675 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 14, 2022 17:29:18.556022882 CET | 53 | 56675 | 8.8.8.8 | 192.168.2.5 |
Jan 14, 2022 17:29:23.424036980 CET | 57172 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 14, 2022 17:29:23.441941023 CET | 53 | 57172 | 8.8.8.8 | 192.168.2.5 |
Jan 14, 2022 17:29:25.630590916 CET | 55267 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 14, 2022 17:29:25.648001909 CET | 53 | 55267 | 8.8.8.8 | 192.168.2.5 |
Jan 14, 2022 17:29:27.556257010 CET | 50969 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 14, 2022 17:29:27.575892925 CET | 53 | 50969 | 8.8.8.8 | 192.168.2.5 |
Jan 14, 2022 17:29:29.772454023 CET | 64362 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 14, 2022 17:29:29.789906025 CET | 53 | 64362 | 8.8.8.8 | 192.168.2.5 |
Jan 14, 2022 17:29:32.703675032 CET | 54766 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 14, 2022 17:29:32.720993996 CET | 53 | 54766 | 8.8.8.8 | 192.168.2.5 |
Jan 14, 2022 17:29:34.722784042 CET | 61446 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 14, 2022 17:29:34.742059946 CET | 53 | 61446 | 8.8.8.8 | 192.168.2.5 |
Jan 14, 2022 17:29:36.260248899 CET | 57515 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 14, 2022 17:29:36.279872894 CET | 53 | 57515 | 8.8.8.8 | 192.168.2.5 |
Jan 14, 2022 17:29:37.642805099 CET | 58199 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 14, 2022 17:29:37.662089109 CET | 53 | 58199 | 8.8.8.8 | 192.168.2.5 |
Jan 14, 2022 17:29:38.999887943 CET | 65221 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 14, 2022 17:29:39.019954920 CET | 53 | 65221 | 8.8.8.8 | 192.168.2.5 |
Jan 14, 2022 17:29:40.372648001 CET | 61573 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 14, 2022 17:29:40.392208099 CET | 53 | 61573 | 8.8.8.8 | 192.168.2.5 |
Jan 14, 2022 17:29:41.774826050 CET | 56562 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 14, 2022 17:29:41.792356014 CET | 53 | 56562 | 8.8.8.8 | 192.168.2.5 |
Jan 14, 2022 17:29:43.280211926 CET | 53591 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 14, 2022 17:29:43.299621105 CET | 53 | 53591 | 8.8.8.8 | 192.168.2.5 |
Jan 14, 2022 17:29:44.712246895 CET | 59688 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 14, 2022 17:29:44.731709957 CET | 53 | 59688 | 8.8.8.8 | 192.168.2.5 |
Jan 14, 2022 17:29:46.758122921 CET | 56032 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 14, 2022 17:29:46.777492046 CET | 53 | 56032 | 8.8.8.8 | 192.168.2.5 |
Jan 14, 2022 17:29:50.919126987 CET | 63458 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 14, 2022 17:29:50.937889099 CET | 53 | 63458 | 8.8.8.8 | 192.168.2.5 |
Jan 14, 2022 17:29:53.559356928 CET | 50422 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 14, 2022 17:29:53.576899052 CET | 53 | 50422 | 8.8.8.8 | 192.168.2.5 |
Jan 14, 2022 17:29:55.574177027 CET | 53247 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 14, 2022 17:29:55.593589067 CET | 53 | 53247 | 8.8.8.8 | 192.168.2.5 |
Jan 14, 2022 17:29:57.418695927 CET | 53814 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 14, 2022 17:29:57.436048031 CET | 53 | 53814 | 8.8.8.8 | 192.168.2.5 |
Jan 14, 2022 17:29:59.970988035 CET | 51305 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 14, 2022 17:29:59.990144014 CET | 53 | 51305 | 8.8.8.8 | 192.168.2.5 |
Jan 14, 2022 17:30:01.880326033 CET | 53670 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 14, 2022 17:30:01.900036097 CET | 53 | 53670 | 8.8.8.8 | 192.168.2.5 |
Jan 14, 2022 17:30:03.246323109 CET | 55160 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 14, 2022 17:30:03.264153004 CET | 53 | 55160 | 8.8.8.8 | 192.168.2.5 |
Jan 14, 2022 17:30:04.588593960 CET | 61414 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 14, 2022 17:30:04.710212946 CET | 53 | 61414 | 8.8.8.8 | 192.168.2.5 |
Jan 14, 2022 17:30:06.287013054 CET | 63847 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 14, 2022 17:30:06.306135893 CET | 53 | 63847 | 8.8.8.8 | 192.168.2.5 |
Jan 14, 2022 17:30:07.919339895 CET | 61523 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 14, 2022 17:30:07.938632011 CET | 53 | 61523 | 8.8.8.8 | 192.168.2.5 |
Jan 14, 2022 17:30:09.826633930 CET | 50551 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 14, 2022 17:30:09.846517086 CET | 53 | 50551 | 8.8.8.8 | 192.168.2.5 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Jan 14, 2022 17:28:12.995415926 CET | 192.168.2.5 | 8.8.8.8 | 0xcc77 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 17:28:14.682817936 CET | 192.168.2.5 | 8.8.8.8 | 0x2fa2 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 17:28:16.347955942 CET | 192.168.2.5 | 8.8.8.8 | 0xefad | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 17:28:18.765908957 CET | 192.168.2.5 | 8.8.8.8 | 0x3ce6 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 17:28:21.045820951 CET | 192.168.2.5 | 8.8.8.8 | 0x8000 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 17:28:22.989414930 CET | 192.168.2.5 | 8.8.8.8 | 0x4772 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 17:28:24.479134083 CET | 192.168.2.5 | 8.8.8.8 | 0x76d2 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 17:28:25.938558102 CET | 192.168.2.5 | 8.8.8.8 | 0x1ce3 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 17:28:27.666655064 CET | 192.168.2.5 | 8.8.8.8 | 0x2531 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 17:28:29.109404087 CET | 192.168.2.5 | 8.8.8.8 | 0xdc7f | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 17:28:30.440949917 CET | 192.168.2.5 | 8.8.8.8 | 0x29b6 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 17:28:31.808276892 CET | 192.168.2.5 | 8.8.8.8 | 0xd171 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 17:28:35.050508022 CET | 192.168.2.5 | 8.8.8.8 | 0xbf81 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 17:28:37.476960897 CET | 192.168.2.5 | 8.8.8.8 | 0xd37b | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 17:28:40.877268076 CET | 192.168.2.5 | 8.8.8.8 | 0xef55 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 17:28:45.513106108 CET | 192.168.2.5 | 8.8.8.8 | 0x734c | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 17:28:47.232352018 CET | 192.168.2.5 | 8.8.8.8 | 0x84bc | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 17:28:48.791320086 CET | 192.168.2.5 | 8.8.8.8 | 0x2c2b | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 17:28:50.547035933 CET | 192.168.2.5 | 8.8.8.8 | 0x1ed1 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 17:28:52.297509909 CET | 192.168.2.5 | 8.8.8.8 | 0xbf51 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 17:28:53.884567976 CET | 192.168.2.5 | 8.8.8.8 | 0xf1f7 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 17:28:55.314445972 CET | 192.168.2.5 | 8.8.8.8 | 0x3666 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 17:28:57.466471910 CET | 192.168.2.5 | 8.8.8.8 | 0x34a | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 17:28:58.860917091 CET | 192.168.2.5 | 8.8.8.8 | 0x1206 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 17:29:00.294476986 CET | 192.168.2.5 | 8.8.8.8 | 0xbb58 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 17:29:01.673733950 CET | 192.168.2.5 | 8.8.8.8 | 0x7fba | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 17:29:03.206645012 CET | 192.168.2.5 | 8.8.8.8 | 0x34ba | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 17:29:05.304295063 CET | 192.168.2.5 | 8.8.8.8 | 0xd94f | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 17:29:06.891650915 CET | 192.168.2.5 | 8.8.8.8 | 0x5a1b | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 17:29:08.238142967 CET | 192.168.2.5 | 8.8.8.8 | 0x2f60 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 17:29:11.123244047 CET | 192.168.2.5 | 8.8.8.8 | 0x8dfb | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 17:29:14.032655954 CET | 192.168.2.5 | 8.8.8.8 | 0xd123 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 17:29:16.754798889 CET | 192.168.2.5 | 8.8.8.8 | 0xc2dc | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 17:29:18.536864042 CET | 192.168.2.5 | 8.8.8.8 | 0xc671 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 17:29:23.424036980 CET | 192.168.2.5 | 8.8.8.8 | 0x2830 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 17:29:25.630590916 CET | 192.168.2.5 | 8.8.8.8 | 0x511b | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 17:29:27.556257010 CET | 192.168.2.5 | 8.8.8.8 | 0x561b | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 17:29:29.772454023 CET | 192.168.2.5 | 8.8.8.8 | 0x46ba | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 17:29:32.703675032 CET | 192.168.2.5 | 8.8.8.8 | 0xe1d0 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 17:29:34.722784042 CET | 192.168.2.5 | 8.8.8.8 | 0xf4ac | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 17:29:36.260248899 CET | 192.168.2.5 | 8.8.8.8 | 0xd601 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 17:29:37.642805099 CET | 192.168.2.5 | 8.8.8.8 | 0xf120 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 17:29:38.999887943 CET | 192.168.2.5 | 8.8.8.8 | 0x4137 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 17:29:40.372648001 CET | 192.168.2.5 | 8.8.8.8 | 0xe792 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 17:29:41.774826050 CET | 192.168.2.5 | 8.8.8.8 | 0x5997 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 17:29:43.280211926 CET | 192.168.2.5 | 8.8.8.8 | 0x38e4 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 17:29:44.712246895 CET | 192.168.2.5 | 8.8.8.8 | 0x8267 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 17:29:46.758122921 CET | 192.168.2.5 | 8.8.8.8 | 0xd0ae | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 17:29:50.919126987 CET | 192.168.2.5 | 8.8.8.8 | 0xf5d9 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 17:29:53.559356928 CET | 192.168.2.5 | 8.8.8.8 | 0x2566 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 17:29:55.574177027 CET | 192.168.2.5 | 8.8.8.8 | 0xf2bf | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 17:29:57.418695927 CET | 192.168.2.5 | 8.8.8.8 | 0xac0e | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 17:29:59.970988035 CET | 192.168.2.5 | 8.8.8.8 | 0xcc3a | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 17:30:01.880326033 CET | 192.168.2.5 | 8.8.8.8 | 0x2c7d | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 17:30:03.246323109 CET | 192.168.2.5 | 8.8.8.8 | 0xf940 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 17:30:04.588593960 CET | 192.168.2.5 | 8.8.8.8 | 0xc907 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 17:30:06.287013054 CET | 192.168.2.5 | 8.8.8.8 | 0x402c | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 17:30:07.919339895 CET | 192.168.2.5 | 8.8.8.8 | 0x6262 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 14, 2022 17:30:09.826633930 CET | 192.168.2.5 | 8.8.8.8 | 0xfc4b | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Jan 14, 2022 17:28:13.115070105 CET | 8.8.8.8 | 192.168.2.5 | 0xcc77 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 17:28:14.831212997 CET | 8.8.8.8 | 192.168.2.5 | 0x2fa2 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 17:28:16.466959953 CET | 8.8.8.8 | 192.168.2.5 | 0xefad | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 17:28:18.784615993 CET | 8.8.8.8 | 192.168.2.5 | 0x3ce6 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 17:28:21.063589096 CET | 8.8.8.8 | 192.168.2.5 | 0x8000 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 17:28:23.122594118 CET | 8.8.8.8 | 192.168.2.5 | 0x4772 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 17:28:24.605462074 CET | 8.8.8.8 | 192.168.2.5 | 0x76d2 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 17:28:25.956110001 CET | 8.8.8.8 | 192.168.2.5 | 0x1ce3 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 17:28:27.683886051 CET | 8.8.8.8 | 192.168.2.5 | 0x2531 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 17:28:29.126961946 CET | 8.8.8.8 | 192.168.2.5 | 0xdc7f | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 17:28:30.458503962 CET | 8.8.8.8 | 192.168.2.5 | 0x29b6 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 17:28:31.827296972 CET | 8.8.8.8 | 192.168.2.5 | 0xd171 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 17:28:35.069721937 CET | 8.8.8.8 | 192.168.2.5 | 0xbf81 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 17:28:37.494354010 CET | 8.8.8.8 | 192.168.2.5 | 0xd37b | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 17:28:40.894728899 CET | 8.8.8.8 | 192.168.2.5 | 0xef55 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 17:28:45.531521082 CET | 8.8.8.8 | 192.168.2.5 | 0x734c | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 17:28:47.250000954 CET | 8.8.8.8 | 192.168.2.5 | 0x84bc | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 17:28:48.810790062 CET | 8.8.8.8 | 192.168.2.5 | 0x2c2b | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 17:28:50.667985916 CET | 8.8.8.8 | 192.168.2.5 | 0x1ed1 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 17:28:52.315208912 CET | 8.8.8.8 | 192.168.2.5 | 0xbf51 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 17:28:53.903908968 CET | 8.8.8.8 | 192.168.2.5 | 0xf1f7 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 17:28:55.332171917 CET | 8.8.8.8 | 192.168.2.5 | 0x3666 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 17:28:57.485555887 CET | 8.8.8.8 | 192.168.2.5 | 0x34a | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 17:28:58.880289078 CET | 8.8.8.8 | 192.168.2.5 | 0x1206 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 17:29:00.313199043 CET | 8.8.8.8 | 192.168.2.5 | 0xbb58 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 17:29:01.693216085 CET | 8.8.8.8 | 192.168.2.5 | 0x7fba | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 17:29:03.226144075 CET | 8.8.8.8 | 192.168.2.5 | 0x34ba | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 17:29:05.325781107 CET | 8.8.8.8 | 192.168.2.5 | 0xd94f | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 17:29:06.909065008 CET | 8.8.8.8 | 192.168.2.5 | 0x5a1b | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 17:29:08.256097078 CET | 8.8.8.8 | 192.168.2.5 | 0x2f60 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 17:29:11.142402887 CET | 8.8.8.8 | 192.168.2.5 | 0x8dfb | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 17:29:14.052234888 CET | 8.8.8.8 | 192.168.2.5 | 0xd123 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 17:29:16.775743008 CET | 8.8.8.8 | 192.168.2.5 | 0xc2dc | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 17:29:18.556022882 CET | 8.8.8.8 | 192.168.2.5 | 0xc671 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 17:29:23.441941023 CET | 8.8.8.8 | 192.168.2.5 | 0x2830 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 17:29:25.648001909 CET | 8.8.8.8 | 192.168.2.5 | 0x511b | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 17:29:27.575892925 CET | 8.8.8.8 | 192.168.2.5 | 0x561b | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 17:29:29.789906025 CET | 8.8.8.8 | 192.168.2.5 | 0x46ba | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 17:29:32.720993996 CET | 8.8.8.8 | 192.168.2.5 | 0xe1d0 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 17:29:34.742059946 CET | 8.8.8.8 | 192.168.2.5 | 0xf4ac | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 17:29:36.279872894 CET | 8.8.8.8 | 192.168.2.5 | 0xd601 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 17:29:37.662089109 CET | 8.8.8.8 | 192.168.2.5 | 0xf120 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 17:29:39.019954920 CET | 8.8.8.8 | 192.168.2.5 | 0x4137 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 17:29:40.392208099 CET | 8.8.8.8 | 192.168.2.5 | 0xe792 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 17:29:41.792356014 CET | 8.8.8.8 | 192.168.2.5 | 0x5997 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 17:29:43.299621105 CET | 8.8.8.8 | 192.168.2.5 | 0x38e4 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 17:29:44.731709957 CET | 8.8.8.8 | 192.168.2.5 | 0x8267 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 17:29:46.777492046 CET | 8.8.8.8 | 192.168.2.5 | 0xd0ae | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 17:29:50.937889099 CET | 8.8.8.8 | 192.168.2.5 | 0xf5d9 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 17:29:53.576899052 CET | 8.8.8.8 | 192.168.2.5 | 0x2566 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 17:29:55.593589067 CET | 8.8.8.8 | 192.168.2.5 | 0xf2bf | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 17:29:57.436048031 CET | 8.8.8.8 | 192.168.2.5 | 0xac0e | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 17:29:59.990144014 CET | 8.8.8.8 | 192.168.2.5 | 0xcc3a | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 17:30:01.900036097 CET | 8.8.8.8 | 192.168.2.5 | 0x2c7d | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 17:30:03.264153004 CET | 8.8.8.8 | 192.168.2.5 | 0xf940 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 17:30:04.710212946 CET | 8.8.8.8 | 192.168.2.5 | 0xc907 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 17:30:06.306135893 CET | 8.8.8.8 | 192.168.2.5 | 0x402c | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 17:30:07.938632011 CET | 8.8.8.8 | 192.168.2.5 | 0x6262 | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) | ||
Jan 14, 2022 17:30:09.846517086 CET | 8.8.8.8 | 192.168.2.5 | 0xfc4b | No error (0) | 104.223.93.105 | A (IP address) | IN (0x0001) |
HTTP Request Dependency Graph |
---|
|
HTTP Packets |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.5 | 49754 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Cotizaci#U00f3npdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 17:28:13.315745115 CET | 1223 | OUT | |
Jan 14, 2022 17:28:13.446605921 CET | 1223 | OUT | |
Jan 14, 2022 17:28:13.586972952 CET | 1223 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.2.5 | 49755 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Cotizaci#U00f3npdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 17:28:14.966907978 CET | 1224 | OUT | |
Jan 14, 2022 17:28:15.098073006 CET | 1224 | OUT | |
Jan 14, 2022 17:28:15.236922026 CET | 1225 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
10 | 192.168.2.5 | 49768 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Cotizaci#U00f3npdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 17:28:30.598054886 CET | 1245 | OUT | |
Jan 14, 2022 17:28:30.729804993 CET | 1245 | OUT | |
Jan 14, 2022 17:28:30.869498968 CET | 1245 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
11 | 192.168.2.5 | 49769 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Cotizaci#U00f3npdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 17:28:31.998392105 CET | 1246 | OUT | |
Jan 14, 2022 17:28:32.126750946 CET | 1246 | OUT | |
Jan 14, 2022 17:28:32.371730089 CET | 1247 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
12 | 192.168.2.5 | 49772 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Cotizaci#U00f3npdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 17:28:35.257565022 CET | 1270 | OUT | |
Jan 14, 2022 17:28:35.388864040 CET | 1270 | OUT | |
Jan 14, 2022 17:28:35.598879099 CET | 1270 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
13 | 192.168.2.5 | 49773 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Cotizaci#U00f3npdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 17:28:37.734698057 CET | 1271 | OUT | |
Jan 14, 2022 17:28:37.887132883 CET | 1272 | OUT | |
Jan 14, 2022 17:28:38.027388096 CET | 1272 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
14 | 192.168.2.5 | 49774 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Cotizaci#U00f3npdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 17:28:44.091710091 CET | 1273 | OUT | |
Jan 14, 2022 17:28:44.225761890 CET | 1273 | OUT | |
Jan 14, 2022 17:28:44.368436098 CET | 1273 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
15 | 192.168.2.5 | 49775 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Cotizaci#U00f3npdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 17:28:45.667839050 CET | 1274 | OUT | |
Jan 14, 2022 17:28:45.798913002 CET | 1274 | OUT | |
Jan 14, 2022 17:28:46.151256084 CET | 1275 | OUT | |
Jan 14, 2022 17:28:46.295262098 CET | 1275 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
16 | 192.168.2.5 | 49776 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Cotizaci#U00f3npdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 17:28:47.384706974 CET | 1276 | OUT | |
Jan 14, 2022 17:28:47.514906883 CET | 1276 | OUT | |
Jan 14, 2022 17:28:47.653799057 CET | 1276 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
17 | 192.168.2.5 | 49777 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Cotizaci#U00f3npdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 17:28:48.947782993 CET | 1277 | OUT | |
Jan 14, 2022 17:28:49.085401058 CET | 1277 | OUT | |
Jan 14, 2022 17:28:49.225759983 CET | 1278 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
18 | 192.168.2.5 | 49778 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Cotizaci#U00f3npdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 17:28:50.801698923 CET | 1279 | OUT | |
Jan 14, 2022 17:28:50.978789091 CET | 1279 | OUT | |
Jan 14, 2022 17:28:51.116813898 CET | 1279 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
19 | 192.168.2.5 | 49780 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Cotizaci#U00f3npdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 17:28:52.454046965 CET | 1290 | OUT | |
Jan 14, 2022 17:28:52.586828947 CET | 1290 | OUT | |
Jan 14, 2022 17:28:52.726126909 CET | 1290 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
2 | 192.168.2.5 | 49757 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Cotizaci#U00f3npdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 17:28:16.603027105 CET | 1225 | OUT | |
Jan 14, 2022 17:28:16.734231949 CET | 1226 | OUT | |
Jan 14, 2022 17:28:16.872795105 CET | 1226 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
20 | 192.168.2.5 | 49781 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Cotizaci#U00f3npdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 17:28:54.036242008 CET | 1291 | OUT | |
Jan 14, 2022 17:28:54.165677071 CET | 1291 | OUT | |
Jan 14, 2022 17:28:54.306258917 CET | 1292 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
21 | 192.168.2.5 | 49782 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Cotizaci#U00f3npdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 17:28:55.470160961 CET | 1293 | OUT | |
Jan 14, 2022 17:28:55.678987980 CET | 1293 | OUT | |
Jan 14, 2022 17:28:55.988012075 CET | 1293 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
22 | 192.168.2.5 | 49784 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Cotizaci#U00f3npdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 17:28:57.622553110 CET | 1299 | OUT | |
Jan 14, 2022 17:28:57.754698992 CET | 1300 | OUT | |
Jan 14, 2022 17:28:57.906794071 CET | 1306 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
23 | 192.168.2.5 | 49791 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Cotizaci#U00f3npdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 17:28:59.015616894 CET | 1319 | OUT | |
Jan 14, 2022 17:28:59.146729946 CET | 1320 | OUT | |
Jan 14, 2022 17:28:59.285082102 CET | 1322 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
24 | 192.168.2.5 | 49799 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Cotizaci#U00f3npdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 17:29:00.450387001 CET | 1335 | OUT | |
Jan 14, 2022 17:29:00.578438044 CET | 1337 | OUT | |
Jan 14, 2022 17:29:00.713493109 CET | 1340 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
25 | 192.168.2.5 | 49806 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Cotizaci#U00f3npdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 17:29:01.829359055 CET | 1352 | OUT | |
Jan 14, 2022 17:29:01.960654974 CET | 1355 | OUT | |
Jan 14, 2022 17:29:02.098814964 CET | 1356 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
26 | 192.168.2.5 | 49812 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Cotizaci#U00f3npdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 17:29:03.362296104 CET | 1365 | OUT | |
Jan 14, 2022 17:29:03.495379925 CET | 1365 | OUT | |
Jan 14, 2022 17:29:03.634512901 CET | 1365 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
27 | 192.168.2.5 | 49813 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Cotizaci#U00f3npdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 17:29:05.461335897 CET | 1366 | OUT | |
Jan 14, 2022 17:29:05.592464924 CET | 1367 | OUT | |
Jan 14, 2022 17:29:05.731496096 CET | 1367 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
28 | 192.168.2.5 | 49814 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Cotizaci#U00f3npdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 17:29:07.046101093 CET | 1368 | OUT | |
Jan 14, 2022 17:29:07.177156925 CET | 1368 | OUT | |
Jan 14, 2022 17:29:07.317964077 CET | 1368 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
29 | 192.168.2.5 | 49815 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Cotizaci#U00f3npdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 17:29:08.406847000 CET | 1369 | OUT | |
Jan 14, 2022 17:29:08.563952923 CET | 1369 | OUT | |
Jan 14, 2022 17:29:08.702689886 CET | 1370 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
3 | 192.168.2.5 | 49761 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Cotizaci#U00f3npdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 17:28:18.954071045 CET | 1235 | OUT | |
Jan 14, 2022 17:28:19.083688021 CET | 1235 | OUT | |
Jan 14, 2022 17:28:19.221434116 CET | 1235 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
30 | 192.168.2.5 | 49818 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Cotizaci#U00f3npdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 17:29:11.296372890 CET | 1416 | OUT | |
Jan 14, 2022 17:29:11.436233997 CET | 1416 | OUT | |
Jan 14, 2022 17:29:11.635201931 CET | 1417 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
31 | 192.168.2.5 | 49819 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Cotizaci#U00f3npdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 17:29:14.185842991 CET | 1418 | OUT | |
Jan 14, 2022 17:29:14.315494061 CET | 1418 | OUT | |
Jan 14, 2022 17:29:14.455641985 CET | 1418 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
32 | 192.168.2.5 | 49820 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Cotizaci#U00f3npdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 17:29:16.911808014 CET | 1419 | OUT | |
Jan 14, 2022 17:29:17.044059038 CET | 1419 | OUT | |
Jan 14, 2022 17:29:17.182404995 CET | 1419 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
33 | 192.168.2.5 | 49821 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Cotizaci#U00f3npdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 17:29:18.692194939 CET | 1441 | OUT | |
Jan 14, 2022 17:29:18.828167915 CET | 1441 | OUT | |
Jan 14, 2022 17:29:18.968348026 CET | 1601 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
34 | 192.168.2.5 | 49827 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Cotizaci#U00f3npdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 17:29:23.575057983 CET | 9163 | OUT | |
Jan 14, 2022 17:29:23.703351974 CET | 9164 | OUT | |
Jan 14, 2022 17:29:23.841211081 CET | 9164 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
35 | 192.168.2.5 | 49828 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Cotizaci#U00f3npdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 17:29:25.832127094 CET | 9165 | OUT | |
Jan 14, 2022 17:29:25.991719007 CET | 9165 | OUT | |
Jan 14, 2022 17:29:26.144282103 CET | 9165 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
36 | 192.168.2.5 | 49830 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Cotizaci#U00f3npdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 17:29:27.728215933 CET | 9929 | OUT | |
Jan 14, 2022 17:29:27.859743118 CET | 9930 | OUT | |
Jan 14, 2022 17:29:27.998682022 CET | 9930 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
37 | 192.168.2.5 | 49831 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Cotizaci#U00f3npdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 17:29:30.416867971 CET | 9931 | OUT | |
Jan 14, 2022 17:29:31.113910913 CET | 9931 | OUT | |
Jan 14, 2022 17:29:31.827066898 CET | 9931 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
38 | 192.168.2.5 | 49832 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Cotizaci#U00f3npdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 17:29:33.215694904 CET | 9932 | OUT | |
Jan 14, 2022 17:29:33.467804909 CET | 9932 | OUT | |
Jan 14, 2022 17:29:33.815031052 CET | 9933 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
39 | 192.168.2.5 | 49833 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Cotizaci#U00f3npdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 17:29:34.891024113 CET | 9934 | OUT | |
Jan 14, 2022 17:29:35.032548904 CET | 9934 | OUT | |
Jan 14, 2022 17:29:35.322861910 CET | 9934 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
4 | 192.168.2.5 | 49762 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Cotizaci#U00f3npdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 17:28:21.450628042 CET | 1236 | OUT | |
Jan 14, 2022 17:28:21.580569983 CET | 1237 | OUT | |
Jan 14, 2022 17:28:21.723001003 CET | 1237 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
40 | 192.168.2.5 | 49834 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Cotizaci#U00f3npdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 17:29:36.420886040 CET | 9935 | OUT | |
Jan 14, 2022 17:29:36.630243063 CET | 9935 | OUT | |
Jan 14, 2022 17:29:36.768083096 CET | 9935 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
41 | 192.168.2.5 | 49835 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Cotizaci#U00f3npdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 17:29:37.798758984 CET | 9936 | OUT | |
Jan 14, 2022 17:29:37.929960012 CET | 9937 | OUT | |
Jan 14, 2022 17:29:38.068783998 CET | 9937 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
42 | 192.168.2.5 | 49836 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Cotizaci#U00f3npdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 17:29:39.184763908 CET | 9938 | OUT | |
Jan 14, 2022 17:29:39.325314999 CET | 9938 | OUT | |
Jan 14, 2022 17:29:39.474395990 CET | 9938 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
43 | 192.168.2.5 | 49837 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Cotizaci#U00f3npdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 17:29:40.528047085 CET | 9939 | OUT | |
Jan 14, 2022 17:29:40.659979105 CET | 9939 | OUT | |
Jan 14, 2022 17:29:40.801172972 CET | 9940 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
44 | 192.168.2.5 | 49838 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Cotizaci#U00f3npdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 17:29:41.926429987 CET | 9941 | OUT | |
Jan 14, 2022 17:29:42.054831028 CET | 9941 | OUT | |
Jan 14, 2022 17:29:42.200709105 CET | 9941 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
45 | 192.168.2.5 | 49839 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Cotizaci#U00f3npdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 17:29:43.436918974 CET | 9942 | OUT | |
Jan 14, 2022 17:29:43.567903996 CET | 9942 | OUT | |
Jan 14, 2022 17:29:43.706233025 CET | 9943 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
46 | 192.168.2.5 | 49840 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Cotizaci#U00f3npdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 17:29:44.869754076 CET | 9943 | OUT | |
Jan 14, 2022 17:29:45.001187086 CET | 9944 | OUT | |
Jan 14, 2022 17:29:45.142271042 CET | 9944 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
47 | 192.168.2.5 | 49841 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Cotizaci#U00f3npdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 17:29:46.912807941 CET | 9945 | OUT | |
Jan 14, 2022 17:29:47.042817116 CET | 9945 | OUT | |
Jan 14, 2022 17:29:47.179666996 CET | 9945 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
48 | 192.168.2.5 | 49843 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Cotizaci#U00f3npdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 17:29:51.162188053 CET | 9955 | OUT | |
Jan 14, 2022 17:29:51.379081011 CET | 9955 | OUT | |
Jan 14, 2022 17:29:51.567084074 CET | 9955 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
49 | 192.168.2.5 | 49844 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Cotizaci#U00f3npdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 17:29:53.715307951 CET | 9956 | OUT | |
Jan 14, 2022 17:29:53.843499899 CET | 9956 | OUT | |
Jan 14, 2022 17:29:54.062087059 CET | 9957 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
5 | 192.168.2.5 | 49763 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Cotizaci#U00f3npdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 17:28:23.258656025 CET | 1238 | OUT | |
Jan 14, 2022 17:28:23.389926910 CET | 1238 | OUT | |
Jan 14, 2022 17:28:23.530498028 CET | 1238 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
50 | 192.168.2.5 | 49845 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Cotizaci#U00f3npdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 17:29:55.732333899 CET | 9958 | OUT | |
Jan 14, 2022 17:29:55.863666058 CET | 9958 | OUT | |
Jan 14, 2022 17:29:56.001481056 CET | 9958 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
51 | 192.168.2.5 | 49848 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Cotizaci#U00f3npdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 17:29:57.571676016 CET | 9969 | OUT | |
Jan 14, 2022 17:29:57.702625990 CET | 9971 | OUT | |
Jan 14, 2022 17:29:57.842660904 CET | 9972 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
52 | 192.168.2.5 | 49850 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Cotizaci#U00f3npdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 17:30:00.627162933 CET | 9973 | OUT | |
Jan 14, 2022 17:30:00.795773983 CET | 9973 | OUT | |
Jan 14, 2022 17:30:00.945791006 CET | 9973 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
53 | 192.168.2.5 | 49851 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Cotizaci#U00f3npdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 17:30:02.041045904 CET | 9974 | OUT | |
Jan 14, 2022 17:30:02.205429077 CET | 9974 | OUT | |
Jan 14, 2022 17:30:02.345097065 CET | 9975 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
54 | 192.168.2.5 | 49852 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Cotizaci#U00f3npdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 17:30:03.405898094 CET | 9975 | OUT | |
Jan 14, 2022 17:30:03.537081957 CET | 9976 | OUT | |
Jan 14, 2022 17:30:03.689683914 CET | 9976 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
55 | 192.168.2.5 | 49853 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Cotizaci#U00f3npdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 17:30:04.852682114 CET | 9977 | OUT | |
Jan 14, 2022 17:30:04.985002041 CET | 9977 | OUT | |
Jan 14, 2022 17:30:05.125155926 CET | 9977 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
56 | 192.168.2.5 | 49854 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Cotizaci#U00f3npdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 17:30:06.441231966 CET | 9978 | OUT | |
Jan 14, 2022 17:30:06.623379946 CET | 9979 | OUT | |
Jan 14, 2022 17:30:06.788499117 CET | 9979 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
57 | 192.168.2.5 | 49855 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Cotizaci#U00f3npdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 17:30:08.079184055 CET | 9980 | OUT | |
Jan 14, 2022 17:30:08.386858940 CET | 9980 | OUT | |
Jan 14, 2022 17:30:08.526288986 CET | 9980 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
58 | 192.168.2.5 | 49856 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Cotizaci#U00f3npdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 17:30:10.025450945 CET | 9981 | OUT | |
Jan 14, 2022 17:30:10.165288925 CET | 9981 | OUT | |
Jan 14, 2022 17:30:10.304357052 CET | 9982 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
6 | 192.168.2.5 | 49764 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Cotizaci#U00f3npdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 17:28:24.754729986 CET | 1239 | OUT | |
Jan 14, 2022 17:28:24.882812977 CET | 1239 | OUT | |
Jan 14, 2022 17:28:25.029998064 CET | 1240 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
7 | 192.168.2.5 | 49765 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Cotizaci#U00f3npdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 17:28:26.095199108 CET | 1241 | OUT | |
Jan 14, 2022 17:28:26.226634026 CET | 1241 | OUT | |
Jan 14, 2022 17:28:26.366882086 CET | 1241 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
8 | 192.168.2.5 | 49766 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Cotizaci#U00f3npdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 17:28:27.825342894 CET | 1242 | OUT | |
Jan 14, 2022 17:28:27.956700087 CET | 1242 | OUT | |
Jan 14, 2022 17:28:28.095748901 CET | 1242 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
9 | 192.168.2.5 | 49767 | 104.223.93.105 | 80 | C:\Users\user\Desktop\Cotizaci#U00f3npdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 14, 2022 17:28:29.267836094 CET | 1243 | OUT | |
Jan 14, 2022 17:28:29.398169041 CET | 1244 | OUT | |
Jan 14, 2022 17:28:29.534789085 CET | 1244 | IN |
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
High Level Behavior Distribution |
---|
back
Click to dive into process behavior distribution
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 17:28:04 |
Start date: | 14/01/2022 |
Path: | C:\Users\user\Desktop\Cotizaci#U00f3npdf.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 251901 bytes |
MD5 hash: | 3FE29E21698212A70E03144BB4979632 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
General |
---|
Start time: | 17:28:05 |
Start date: | 14/01/2022 |
Path: | C:\Users\user\Desktop\Cotizaci#U00f3npdf.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 251901 bytes |
MD5 hash: | 3FE29E21698212A70E03144BB4979632 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Disassembly |
---|
Code Analysis |
---|
Execution Graph |
---|
Execution Coverage: | 12% |
Dynamic/Decrypted Code Coverage: | 6.2% |
Signature Coverage: | 22.4% |
Total number of Nodes: | 1328 |
Total number of Limit Nodes: | 25 |
Graph
Executed Functions |
---|
Function 00403225, Relevance: 70.3, APIs: 23, Strings: 17, Instructions: 270filestringcomCOMMON
Control-flow Graph |
---|
C-Code - Quality: 82% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004053AA, Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 156filestringCOMMON
Control-flow Graph |
---|
C-Code - Quality: 94% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
C-Code - Quality: 98% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405D7C, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
Control-flow Graph |
---|
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004035E3, Relevance: 51.0, APIs: 15, Strings: 14, Instructions: 213stringregistrylibraryCOMMON
Control-flow Graph |
---|
C-Code - Quality: 96% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402C5B, Relevance: 26.5, APIs: 5, Strings: 10, Instructions: 203memoryCOMMON
Control-flow Graph |
---|
C-Code - Quality: 96% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401734, Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 147stringtimeCOMMON
Control-flow Graph |
---|
C-Code - Quality: 75% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402F01, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 109fileCOMMON
Control-flow Graph |
---|
C-Code - Quality: 93% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040302C, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 108fileCOMMON
Control-flow Graph |
---|
C-Code - Quality: 94% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401F51, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 69libraryloaderCOMMON
Control-flow Graph |
---|
C-Code - Quality: 57% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
C-Code - Quality: 85% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
C-Code - Quality: 76% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
C-Code - Quality: 84% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406481, Relevance: 5.2, APIs: 4, Instructions: 236COMMON
Control-flow Graph |
---|
C-Code - Quality: 99% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406682, Relevance: 5.2, APIs: 4, Instructions: 208COMMON
C-Code - Quality: 98% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406398, Relevance: 5.2, APIs: 4, Instructions: 205COMMON
C-Code - Quality: 98% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405E9D, Relevance: 5.2, APIs: 4, Instructions: 198COMMON
C-Code - Quality: 98% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004062EB, Relevance: 5.2, APIs: 4, Instructions: 180COMMON
C-Code - Quality: 98% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406409, Relevance: 5.2, APIs: 4, Instructions: 170COMMON
C-Code - Quality: 98% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406355, Relevance: 5.2, APIs: 4, Instructions: 168COMMON
C-Code - Quality: 98% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401389, Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
C-Code - Quality: 69% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040575C, Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
C-Code - Quality: 68% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040573D, Relevance: 3.0, APIs: 2, Instructions: 9COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004031A8, Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004031DA, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004055A3, Relevance: 1.3, APIs: 1, Instructions: 10COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 00404F61, Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 278windowclipboardmemoryCOMMON
C-Code - Quality: 95% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404772, Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 478windowmemoryCOMMONCrypto
C-Code - Quality: 97% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404275, Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 266stringCOMMON
C-Code - Quality: 78% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405AA7, Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 195stringCOMMON
C-Code - Quality: 74% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402012, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 134comCOMMON
C-Code - Quality: 74% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402630, Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
C-Code - Quality: 39% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0019E83A, Relevance: .2, Instructions: 196COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0019EA4E, Relevance: .1, Instructions: 61COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0019EB3E, Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0019EB7C, Relevance: .0, Instructions: 23COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0019EAFF, Relevance: .0, Instructions: 7COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 83% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403F7F, Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 204windowstringCOMMON
C-Code - Quality: 93% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 90% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004057D3, Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 144filememoryCOMMON
C-Code - Quality: 93% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403E9E, Relevance: 12.1, APIs: 8, Instructions: 61COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 93% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004046F2, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402B2D, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004022F5, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71registrystringCOMMON
C-Code - Quality: 90% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 84% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401CC1, Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404610, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78stringCOMMON
C-Code - Quality: 51% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401BAD, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
C-Code - Quality: 51% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004052E5, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 24processCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405578, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401EC5, Relevance: 6.1, APIs: 4, Instructions: 54memoryCOMMON
C-Code - Quality: 85% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401D1B, Relevance: 6.0, APIs: 4, Instructions: 34COMMON
C-Code - Quality: 67% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404D73, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004024B0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34filestringCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004055BF, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004056D1, Relevance: 5.0, APIs: 4, Instructions: 30stringCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph |
---|
Execution Coverage: | 31.3% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 2.3% |
Total number of Nodes: | 1846 |
Total number of Limit Nodes: | 92 |
Graph
Executed Functions |
---|
Function 00403D74, Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 200fileCOMMON
Control-flow Graph |
---|
C-Code - Quality: 85% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 78% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402B7C, Relevance: 3.0, APIs: 2, Instructions: 20memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406069, Relevance: 1.5, APIs: 1, Instructions: 12COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404ED4, Relevance: 1.5, APIs: 1, Instructions: 9networkCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
C-Code - Quality: 75% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
C-Code - Quality: 37% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004040BB, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 129filememoryCOMMON
Control-flow Graph |
---|
C-Code - Quality: 74% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00413866, Relevance: 4.6, APIs: 3, Instructions: 147synchronizationCOMMON
C-Code - Quality: 79% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004042CF, Relevance: 4.6, APIs: 3, Instructions: 60fileCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00412D31, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 178threadCOMMON
C-Code - Quality: 34% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402C03, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 13libraryloaderCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 92% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402BAB, Relevance: 3.0, APIs: 2, Instructions: 11memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004060BD, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
C-Code - Quality: 40% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403C62, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040642C, Relevance: 1.5, APIs: 1, Instructions: 18COMMON
C-Code - Quality: 37% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 37% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403BD0, Relevance: 1.5, APIs: 1, Instructions: 14COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040427D, Relevance: 1.5, APIs: 1, Instructions: 13COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403C40, Relevance: 1.5, APIs: 1, Instructions: 12COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403C08, Relevance: 1.5, APIs: 1, Instructions: 12fileCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403BEF, Relevance: 1.5, APIs: 1, Instructions: 12COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403BB7, Relevance: 1.5, APIs: 1, Instructions: 12COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403B64, Relevance: 1.5, APIs: 1, Instructions: 11COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404DE5, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403F9E, Relevance: 1.3, APIs: 1, Instructions: 16COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406472, Relevance: 1.3, APIs: 1, Instructions: 12sleepCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004058EA, Relevance: 1.3, APIs: 1, Instructions: 12COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405924, Relevance: 1.3, APIs: 1, Instructions: 12COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 0040D069, Relevance: 12.6, Strings: 10, Instructions: 138COMMON
C-Code - Quality: 88% |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |