Windows
Analysis Report
kVijllv0Yl
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- kVijllv0Yl.exe (PID: 2312 cmdline:
"C:\Users\ user\Deskt op\kVijllv 0Yl.exe" MD5: 6997DE404FB7E798AECC2C8A14FD2F12) - kVijllv0Yl.exe (PID: 1292 cmdline:
"C:\Users\ user\Deskt op\kVijllv 0Yl.exe" MD5: 6997DE404FB7E798AECC2C8A14FD2F12)
- cleanup
{"C2 list": ["http://kbfvzoboss.bid/alien/fre.php", "http://alphastand.trade/alien/fre.php", "http://alphastand.win/alien/fre.php", "http://alphastand.top/alien/fre.php"]}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_aPLib_compressed_binary | Yara detected aPLib compressed binary | Joe Security | ||
JoeSecurity_Lokibot | Yara detected Lokibot | Joe Security | ||
INDICATOR_SUSPICIOUS_GENInfoStealer | Detects executables containing common artifcats observed in infostealers | ditekSHen |
| |
Loki_1 | Loki Payload | kevoreilly |
| |
Click to see the 37 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
SUSP_XORed_URL_in_EXE | Detects an XORed URL in an executable | Florian Roth |
| |
JoeSecurity_aPLib_compressed_binary | Yara detected aPLib compressed binary | Joe Security | ||
Loki_1 | Loki Payload | kevoreilly |
| |
Lokibot | detect Lokibot in memory | JPCERT/CC Incident Response Group |
| |
SUSP_XORed_URL_in_EXE | Detects an XORed URL in an executable | Florian Roth |
| |
Click to see the 84 entries |
Click to jump to signature section
AV Detection |
---|
Source: | Malware Configuration Extractor: |
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Source: | Avira URL Cloud: |
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link |
Source: | Virustotal: | Perma Link |
Source: | Joe Sandbox ML: |
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 0_2_00405D7C | |
Source: | Code function: | 0_2_004053AA | |
Source: | Code function: | 0_2_00402630 | |
Source: | Code function: | 1_2_00403D74 |
Networking |
---|
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: |
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: |
Source: | ASN Name: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | Code function: | 1_2_00404ED4 |
Source: | Code function: | 0_2_00404F61 |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Code function: | 0_2_00403225 |
Source: | Code function: | 0_2_0040604C | |
Source: | Code function: | 0_2_00404772 | |
Source: | Code function: | 0_2_021B0A17 | |
Source: | Code function: | 1_2_0040549C | |
Source: | Code function: | 1_2_004029D4 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Dropped File: |
Source: | Virustotal: | ||
Source: | ReversingLabs: |
Source: | File read: | Jump to behavior |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Code function: | 1_2_0040650A |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | Code function: | 0_2_00402012 |
Source: | File read: | Jump to behavior |
Source: | Code function: | 0_2_00404275 |
Source: | Mutant created: |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Binary string: | ||
Source: | Binary string: |
Data Obfuscation |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Code function: | 1_2_00402AD4 | |
Source: | Code function: | 1_2_00402AFC |
Source: | Code function: | 0_2_00405DA3 |
Source: | File created: | Jump to dropped file |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | Evasive API call chain: | graph_0-3947 |
Source: | Thread sleep time: | Jump to behavior |
Source: | Code function: | 0_2_00405D7C | |
Source: | Code function: | 0_2_004053AA | |
Source: | Code function: | 0_2_00402630 | |
Source: | Code function: | 1_2_00403D74 |
Source: | Thread delayed: | Jump to behavior |
Source: | API call chain: | graph_0-3601 | ||
Source: | API call chain: | graph_0-3599 |
Source: | Code function: | 0_2_00405DA3 |
Source: | Code function: | 1_2_00402B7C |
Source: | Process token adjusted: | Jump to behavior |
Source: | Code function: | 0_2_021B0402 | |
Source: | Code function: | 0_2_021B0616 | |
Source: | Code function: | 0_2_021B0706 | |
Source: | Code function: | 0_2_021B0744 | |
Source: | Code function: | 0_2_021B06C7 | |
Source: | Code function: | 1_2_0040317B |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Code function: | 0_2_00405AA7 |
Source: | Code function: | 1_2_00406069 |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Code function: | 1_2_0040D069 | |
Source: | Code function: | 1_2_0040D069 |
Source: | File opened: | Jump to behavior |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | 11 Native API | Path Interception | 1 Access Token Manipulation | 1 Deobfuscate/Decode Files or Information | 2 OS Credential Dumping | 1 Account Discovery | Remote Services | 1 Archive Collected Data | Exfiltration Over Other Network Medium | 1 Ingress Tool Transfer | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | 1 System Shutdown/Reboot |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 111 Process Injection | 2 Obfuscated Files or Information | 2 Credentials in Registry | 2 File and Directory Discovery | Remote Desktop Protocol | 2 Data from Local System | Exfiltration Over Bluetooth | 1 Encrypted Channel | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | 1 Software Packing | Security Account Manager | 5 System Information Discovery | SMB/Windows Admin Shares | 1 Email Collection | Automated Exfiltration | 2 Non-Application Layer Protocol | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | 1 Masquerading | NTDS | 11 Security Software Discovery | Distributed Component Object Model | 1 Clipboard Data | Scheduled Transfer | 112 Application Layer Protocol | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | 11 Virtualization/Sandbox Evasion | LSA Secrets | 11 Virtualization/Sandbox Evasion | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | 1 Access Token Manipulation | Cached Domain Credentials | 1 System Owner/User Discovery | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | 111 Process Injection | DCSync | 1 Remote System Discovery | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
40% | Virustotal | Browse | ||
48% | ReversingLabs | Win32.Backdoor.Androm | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
28% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | TR/Patched.Ren.Gen2 | Download File | ||
100% | Avira | TR/Patched.Ren.Gen2 | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen2 | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen2 | Download File |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
22% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
19% | Virustotal | Browse | ||
100% | Avira URL Cloud | malware |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
secure01-redirect.net | 185.185.69.76 | true | true |
| unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
185.185.69.76 | secure01-redirect.net | Russian Federation | 35278 | SPRINTHOSTRU | true |
IP |
---|
192.168.2.1 |
Joe Sandbox Version: | 34.0.0 Boulder Opal |
Analysis ID: | 562515 |
Start date: | 28.01.2022 |
Start time: | 23:36:03 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 5m 58s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | kVijllv0Yl (renamed file extension from none to exe) |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 21 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.troj.spyw.evad.winEXE@3/6@35/2 |
EGA Information: |
|
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, wuapihost.exe
- Excluded IPs from analysis (whitelisted): 204.79.197.200, 13.107.21.200
- Excluded domains from analysis (whitelisted): ris.api.iris.microsoft.com, www.bing.com, client.wns.windows.com, fs.microsoft.com, a-0001.a-afdentry.net.trafficmanager.net, store-images.s-microsoft.com, dual-a-0001.a-msedge.net, www-bing-com.dual-a-0001.a-msedge.net, ctldl.windowsupdate.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, arc.msn.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtDeviceIoControlFile calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
Time | Type | Description |
---|---|---|
23:37:15 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
185.185.69.76 | Get hash | malicious | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
secure01-redirect.net | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
SPRINTHOSTRU | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Process: | C:\Users\user\Desktop\kVijllv0Yl.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 269906 |
Entropy (8bit): | 7.658711659128666 |
Encrypted: | false |
SSDEEP: | 6144:uuOB0r1H5NPCb6yTo0bS2IBEnEwikp46NNVGtf6uGfZghuUYtDw:tr1XaeS0xw5XNVGx0xjH |
MD5: | 3E44A21AFF425B74994D8A28FFF9B23E |
SHA1: | 1654662D1C4F390E994D4C858D8B820FE651605C |
SHA-256: | 8D848BF31B17F081AAFA0AA4535767365C8CC518A8A434776733A06DE10921C9 |
SHA-512: | AFD4358FCA881DE6C7587C407FC66014FD5A6EB1E3DB604CBBA7F53766141C2C0CC170A0D8B7C066169BC14EFA805A9725FE18A89B6C7A4967DE61E80D941E07 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\kVijllv0Yl.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 20992 |
Entropy (8bit): | 5.749135787820481 |
Encrypted: | false |
SSDEEP: | 384:Yb6PUQ1aldbpD3HXY0QmwiEiTIYKopaZUb6xhbotKb:YbG1albrXY0HwinMdZeUhbogb |
MD5: | C91E53F1A792E1F98CAE5FAF1B3324BD |
SHA1: | 4CD46871507173B3B4EAB34A2885E76E4D60E32A |
SHA-256: | 2F51361FFE7DC60A4088469A27E570F22CF655E87720D26626B4E257492739E9 |
SHA-512: | 25AC355D4FB8DD503921B62AA5F869C5805F6909C7079633B5EB4BE9C6094B708D216786AA8D025712558745AEF13A7F3F9FEFA7D5C82BEA44957737E954176C |
Malicious: | true |
Antivirus: |
|
Joe Sandbox View: |
|
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\kVijllv0Yl.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4967 |
Entropy (8bit): | 6.171281725061639 |
Encrypted: | false |
SSDEEP: | 96:NPyed2g5U8YofB+TCC1CTHLBiA5CECh5+AU+P6dOuG3xiuoggvX3K:hyyzPfGVCTHLBiA5Ctf+AU+PI1GwuorK |
MD5: | 6A777038ED583DD539A48B85A672378F |
SHA1: | 2B24614BD0F041619CBEA3AC3DFCE400C0A7A30B |
SHA-256: | D15DA5D9FC537DA388F115A3E951FC44CCD30BB62B0F9131EE1F1B42C8B70413 |
SHA-512: | 48C0BB9A6873B022F561C77BA69C769BB9352CF02B476FFCBB63A14EC8F554FCDA792EFD7203650ABB2877D3E0D4CEF3FA1EF5D46BBD9A5C3ECE002F30257B6E |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\kVijllv0Yl.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 218255 |
Entropy (8bit): | 7.988008060500998 |
Encrypted: | false |
SSDEEP: | 6144:N0r1H5NPCb6yTo0bS2IBEnEwikp46NNVGtf6uGfZghuUe:ur1XaeS0xw5XNVGx0xjV |
MD5: | 4ABFD766D3D71773430A02F9CDDC33B2 |
SHA1: | D623A96E0F04A04CB73F632D89263513AB9EA5E4 |
SHA-256: | 5F335EA5F3D9C2FC3E21CAA50C960EEE648BA5988D99490DA32F9A6A4009EEE6 |
SHA-512: | BD6A540D1884FFCAB7BFE760480474C2BB329F803A413BD143126A66F8184E5566830E4F09BA07F8E24C4476FD5556487519FDC8D73499EE239A1B94E82A0366 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\kVijllv0Yl.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:U:U |
MD5: | C4CA4238A0B923820DCC509A6F75849B |
SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3853321935-2125563209-4053062332-1002\21c8026919fd094ab07ec3c180a9f210_d06ed635-68f6-4e9a-955c-4899f5f57b9a
Download File
Process: | C:\Users\user\Desktop\kVijllv0Yl.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 49 |
Entropy (8bit): | 1.2701062923235522 |
Encrypted: | false |
SSDEEP: | 3:/l1PL3n:fPL3 |
MD5: | CD8FA61AD2906643348EEF98A988B873 |
SHA1: | 0B10E2F323B5C73F3A6EA348633B62AE522DDF39 |
SHA-256: | 49A11A24821F2504B8C91BA9D8A6BD6F421ED2F0212C1C771BF1CAC9DE32AD75 |
SHA-512: | 1E6F44AB3231232221CF0F4268E96A13C82E3F96249D7963B78805B693B52D3EBDABF873DB240813DF606D8C207BD2859338D67BA94F33ECBA43EA9A4FEFA086 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.9269620673373185 |
TrID: |
|
File name: | kVijllv0Yl.exe |
File size: | 247353 |
MD5: | 6997de404fb7e798aecc2c8a14fd2f12 |
SHA1: | 121a437542ba544f975847429dda439719800bb9 |
SHA256: | f36a543cfcddf76b99df925bf70b22d560792d1059387e00bfe782bffd6e8a2b |
SHA512: | bb3fe544bdf9770bbb9864d9e14daa68d8357a91d06f33f90b7165467c608b9a2fd46009b37f4d914112d18acceaaa1cd3e2df92db65ec0f1bc20b41a020faa5 |
SSDEEP: | 3072:oNyah0mJo4m2pkC3Z4FRH8aVAW3dxaj0ubNDHgJiLwYePSCfPrpAfZSQme11lz:owkZN3KRHXA0ajnHXYPbfjKxce1bz |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........uJ...$...$...$./.{...$...%.:.$.".y...$..7....$.f."...$.Rich..$.................PE..L......H.................Z..........%2..... |
Icon Hash: | b2a88c96b2ca6a72 |
Entrypoint: | 0x403225 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
DLL Characteristics: | |
Time Stamp: | 0x48EFCDC9 [Fri Oct 10 21:48:57 2008 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | 099c0646ea7282d232219f8807883be0 |
Instruction |
---|
sub esp, 00000180h |
push ebx |
push ebp |
push esi |
xor ebx, ebx |
push edi |
mov dword ptr [esp+18h], ebx |
mov dword ptr [esp+10h], 00409128h |
xor esi, esi |
mov byte ptr [esp+14h], 00000020h |
call dword ptr [00407030h] |
push 00008001h |
call dword ptr [004070B4h] |
push ebx |
call dword ptr [0040727Ch] |
push 00000008h |
mov dword ptr [00423F58h], eax |
call 00007F4D3C573CD0h |
mov dword ptr [00423EA4h], eax |
push ebx |
lea eax, dword ptr [esp+34h] |
push 00000160h |
push eax |
push ebx |
push 0041F450h |
call dword ptr [00407158h] |
push 004091B0h |
push 004236A0h |
call 00007F4D3C573987h |
call dword ptr [004070B0h] |
mov edi, 00429000h |
push eax |
push edi |
call 00007F4D3C573975h |
push ebx |
call dword ptr [0040710Ch] |
cmp byte ptr [00429000h], 00000022h |
mov dword ptr [00423EA0h], eax |
mov eax, edi |
jne 00007F4D3C57119Ch |
mov byte ptr [esp+14h], 00000022h |
mov eax, 00429001h |
push dword ptr [esp+14h] |
push eax |
call 00007F4D3C573468h |
push eax |
call dword ptr [0040721Ch] |
mov dword ptr [esp+1Ch], eax |
jmp 00007F4D3C5711F5h |
cmp cl, 00000020h |
jne 00007F4D3C571198h |
inc eax |
cmp byte ptr [eax], 00000020h |
je 00007F4D3C57118Ch |
cmp byte ptr [eax], 00000022h |
mov byte ptr [eax+eax+00h], 00000000h |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x73a4 | 0xb4 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x2c000 | 0x900 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x7000 | 0x28c | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x5976 | 0x5a00 | False | 0.668619791667 | data | 6.46680044621 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rdata | 0x7000 | 0x1190 | 0x1200 | False | 0.444878472222 | data | 5.17796812871 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x9000 | 0x1af98 | 0x400 | False | 0.55078125 | data | 4.68983486809 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.ndata | 0x24000 | 0x8000 | 0x0 | False | 0 | empty | 0.0 | IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.rsrc | 0x2c000 | 0x900 | 0xa00 | False | 0.409375 | data | 3.94693169534 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_ICON | 0x2c190 | 0x2e8 | data | English | United States |
RT_DIALOG | 0x2c478 | 0x100 | data | English | United States |
RT_DIALOG | 0x2c578 | 0x11c | data | English | United States |
RT_DIALOG | 0x2c698 | 0x60 | data | English | United States |
RT_GROUP_ICON | 0x2c6f8 | 0x14 | data | English | United States |
RT_MANIFEST | 0x2c710 | 0x1eb | XML 1.0 document, ASCII text, with very long lines, with no line terminators | English | United States |
DLL | Import |
---|---|
KERNEL32.dll | CompareFileTime, SearchPathA, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CreateDirectoryA, SetFileAttributesA, Sleep, GetTickCount, CreateFileA, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, SetFileTime, GetTempPathA, GetCommandLineA, SetErrorMode, LoadLibraryA, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, GetTempFileNameA, lstrlenA, lstrcatA, GetSystemDirectoryA, GetVersion, CloseHandle, lstrcmpiA, lstrcmpA, ExpandEnvironmentStringsA, GlobalFree, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GetModuleHandleA, LoadLibraryExA, GetProcAddress, FreeLibrary, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, WriteFile, ReadFile, MulDiv, SetFilePointer, FindClose, FindNextFileA, FindFirstFileA, DeleteFileA, GetWindowsDirectoryA |
USER32.dll | EndDialog, ScreenToClient, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, DestroyWindow, CreateDialogParamA, SetTimer, SetWindowTextA, PostQuitMessage, SetForegroundWindow, wsprintfA, SendMessageTimeoutA, FindWindowExA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, OpenClipboard, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongA, LoadImageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, ShowWindow |
GDI32.dll | SetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectA, SetBkMode, SetTextColor, SelectObject |
SHELL32.dll | SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA, SHGetSpecialFolderLocation |
ADVAPI32.dll | RegQueryValueExA, RegSetValueExA, RegEnumKeyA, RegEnumValueA, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA |
COMCTL32.dll | ImageList_AddMasked, ImageList_Destroy, ImageList_Create |
ole32.dll | CoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance |
VERSION.dll | GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
01/28/22-23:37:07.260369 | TCP | 2024312 | ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 | 49769 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:37:07.260369 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49769 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:37:07.260369 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49769 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:37:07.260369 | TCP | 2024317 | ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2 | 49769 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:37:10.277966 | TCP | 2024312 | ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 | 49770 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:37:10.277966 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49770 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:37:10.277966 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49770 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:37:10.277966 | TCP | 2024317 | ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2 | 49770 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:37:14.709347 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49771 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:37:14.709347 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49771 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:37:14.709347 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49771 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:37:14.709347 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49771 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:37:16.117797 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49771 | 185.185.69.76 | 192.168.2.6 |
01/28/22-23:37:17.458669 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49773 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:37:17.458669 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49773 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:37:17.458669 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49773 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:37:17.458669 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49773 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:37:18.890584 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49773 | 185.185.69.76 | 192.168.2.6 |
01/28/22-23:37:20.261992 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49774 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:37:20.261992 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49774 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:37:20.261992 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49774 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:37:20.261992 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49774 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:37:21.668707 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49774 | 185.185.69.76 | 192.168.2.6 |
01/28/22-23:37:22.809911 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49775 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:37:22.809911 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49775 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:37:22.809911 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49775 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:37:22.809911 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49775 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:37:24.212196 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49775 | 185.185.69.76 | 192.168.2.6 |
01/28/22-23:37:25.398463 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49776 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:37:25.398463 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49776 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:37:25.398463 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49776 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:37:25.398463 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49776 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:37:26.758080 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49776 | 185.185.69.76 | 192.168.2.6 |
01/28/22-23:37:29.263306 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49779 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:37:29.263306 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49779 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:37:29.263306 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49779 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:37:29.263306 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49779 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:37:30.738582 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49779 | 185.185.69.76 | 192.168.2.6 |
01/28/22-23:37:33.962521 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49780 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:37:33.962521 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49780 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:37:33.962521 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49780 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:37:33.962521 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49780 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:37:35.373624 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49780 | 185.185.69.76 | 192.168.2.6 |
01/28/22-23:37:36.594728 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49782 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:37:36.594728 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49782 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:37:36.594728 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49782 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:37:36.594728 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49782 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:37:37.913035 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49782 | 185.185.69.76 | 192.168.2.6 |
01/28/22-23:37:39.408767 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49783 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:37:39.408767 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49783 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:37:39.408767 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49783 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:37:39.408767 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49783 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:37:40.689153 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49783 | 185.185.69.76 | 192.168.2.6 |
01/28/22-23:37:41.973820 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49784 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:37:41.973820 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49784 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:37:41.973820 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49784 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:37:41.973820 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49784 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:37:43.403239 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49784 | 185.185.69.76 | 192.168.2.6 |
01/28/22-23:37:44.786353 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49787 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:37:44.786353 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49787 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:37:44.786353 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49787 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:37:44.786353 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49787 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:37:46.235905 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49787 | 185.185.69.76 | 192.168.2.6 |
01/28/22-23:37:51.111628 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49793 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:37:51.111628 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49793 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:37:51.111628 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49793 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:37:51.111628 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49793 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:37:52.495630 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49793 | 185.185.69.76 | 192.168.2.6 |
01/28/22-23:37:55.089534 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49795 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:37:55.089534 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49795 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:37:55.089534 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49795 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:37:55.089534 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49795 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:37:56.498845 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49795 | 185.185.69.76 | 192.168.2.6 |
01/28/22-23:37:59.460407 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49797 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:37:59.460407 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49797 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:37:59.460407 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49797 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:37:59.460407 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49797 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:38:00.863838 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49797 | 185.185.69.76 | 192.168.2.6 |
01/28/22-23:38:02.169112 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49802 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:38:02.169112 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49802 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:38:02.169112 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49802 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:38:02.169112 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49802 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:38:03.551551 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49802 | 185.185.69.76 | 192.168.2.6 |
01/28/22-23:38:06.424436 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49818 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:38:06.424436 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49818 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:38:06.424436 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49818 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:38:06.424436 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49818 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:38:07.849755 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49818 | 185.185.69.76 | 192.168.2.6 |
01/28/22-23:38:10.077239 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49830 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:38:10.077239 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49830 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:38:10.077239 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49830 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:38:10.077239 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49830 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:38:11.381909 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49830 | 185.185.69.76 | 192.168.2.6 |
01/28/22-23:38:12.712442 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49840 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:38:12.712442 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49840 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:38:12.712442 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49840 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:38:12.712442 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49840 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:38:14.111048 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49840 | 185.185.69.76 | 192.168.2.6 |
01/28/22-23:38:17.281043 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49841 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:38:17.281043 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49841 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:38:17.281043 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49841 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:38:17.281043 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49841 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:38:18.654023 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49841 | 185.185.69.76 | 192.168.2.6 |
01/28/22-23:38:20.171529 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49842 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:38:20.171529 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49842 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:38:20.171529 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49842 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:38:20.171529 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49842 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:38:21.628648 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49842 | 185.185.69.76 | 192.168.2.6 |
01/28/22-23:38:23.240806 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49845 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:38:23.240806 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49845 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:38:23.240806 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49845 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:38:23.240806 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49845 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:38:24.676434 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49845 | 185.185.69.76 | 192.168.2.6 |
01/28/22-23:38:27.482883 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49850 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:38:27.482883 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49850 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:38:27.482883 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49850 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:38:27.482883 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49850 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:38:28.925374 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49850 | 185.185.69.76 | 192.168.2.6 |
01/28/22-23:38:31.054520 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49851 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:38:31.054520 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49851 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:38:31.054520 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49851 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:38:31.054520 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49851 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:38:32.352724 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49851 | 185.185.69.76 | 192.168.2.6 |
01/28/22-23:38:33.510655 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49852 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:38:33.510655 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49852 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:38:33.510655 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49852 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:38:33.510655 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49852 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:38:35.007775 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49852 | 185.185.69.76 | 192.168.2.6 |
01/28/22-23:38:37.134931 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49854 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:38:37.134931 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49854 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:38:37.134931 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49854 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:38:37.134931 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49854 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:38:38.454947 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49854 | 185.185.69.76 | 192.168.2.6 |
01/28/22-23:38:40.133791 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49855 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:38:40.133791 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49855 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:38:40.133791 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49855 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:38:40.133791 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49855 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:38:41.392922 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49855 | 185.185.69.76 | 192.168.2.6 |
01/28/22-23:38:42.445022 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49862 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:38:42.445022 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49862 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:38:42.445022 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49862 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:38:42.445022 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49862 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:38:43.841937 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49862 | 185.185.69.76 | 192.168.2.6 |
01/28/22-23:38:46.720808 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49870 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:38:46.720808 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49870 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:38:46.720808 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49870 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:38:46.720808 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49870 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:38:48.177226 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49870 | 185.185.69.76 | 192.168.2.6 |
01/28/22-23:38:49.452650 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49881 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:38:49.452650 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49881 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:38:49.452650 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49881 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:38:49.452650 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49881 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:38:50.674109 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49881 | 185.185.69.76 | 192.168.2.6 |
01/28/22-23:38:52.315956 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49882 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:38:52.315956 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49882 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:38:52.315956 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49882 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:38:52.315956 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49882 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:38:53.689454 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49882 | 185.185.69.76 | 192.168.2.6 |
01/28/22-23:38:54.799526 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49883 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:38:54.799526 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49883 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:38:54.799526 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49883 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:38:54.799526 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49883 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:38:56.145381 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49883 | 185.185.69.76 | 192.168.2.6 |
01/28/22-23:38:57.255335 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49885 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:38:57.255335 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49885 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:38:57.255335 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49885 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:38:57.255335 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49885 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:38:58.636997 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49885 | 185.185.69.76 | 192.168.2.6 |
01/28/22-23:39:00.138023 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49886 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:39:00.138023 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49886 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:39:00.138023 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49886 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:39:00.138023 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49886 | 80 | 192.168.2.6 | 185.185.69.76 |
01/28/22-23:39:01.668779 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49886 | 185.185.69.76 | 192.168.2.6 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jan 28, 2022 23:37:07.201168060 CET | 49769 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:37:07.257311106 CET | 80 | 49769 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:37:07.257415056 CET | 49769 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:37:07.260369062 CET | 49769 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:37:07.318835974 CET | 80 | 49769 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:37:07.318934917 CET | 49769 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:37:07.375139952 CET | 80 | 49769 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:37:08.647847891 CET | 80 | 49769 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:37:08.649538040 CET | 49769 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:37:08.649596930 CET | 49769 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:37:08.705777884 CET | 80 | 49769 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:37:10.211724043 CET | 49770 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:37:10.268347979 CET | 80 | 49770 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:37:10.268496990 CET | 49770 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:37:10.277966022 CET | 49770 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:37:10.334707022 CET | 80 | 49770 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:37:10.334817886 CET | 49770 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:37:10.391747952 CET | 80 | 49770 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:37:12.345729113 CET | 80 | 49770 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:37:12.345850945 CET | 49770 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:37:12.345911026 CET | 49770 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:37:12.402575970 CET | 80 | 49770 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:37:14.627826929 CET | 49771 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:37:14.706403017 CET | 80 | 49771 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:37:14.706513882 CET | 49771 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:37:14.709347010 CET | 49771 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:37:14.779093027 CET | 80 | 49771 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:37:14.779185057 CET | 49771 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:37:14.849184036 CET | 80 | 49771 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:37:16.117796898 CET | 80 | 49771 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:37:16.117954969 CET | 49771 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:37:16.118154049 CET | 49771 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:37:16.187680006 CET | 80 | 49771 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:37:17.399497032 CET | 49773 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:37:17.455802917 CET | 80 | 49773 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:37:17.456547022 CET | 49773 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:37:17.458668947 CET | 49773 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:37:17.514766932 CET | 80 | 49773 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:37:17.514823914 CET | 49773 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:37:17.572290897 CET | 80 | 49773 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:37:18.890583992 CET | 80 | 49773 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:37:18.894428968 CET | 49773 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:37:18.894535065 CET | 49773 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:37:18.950567961 CET | 80 | 49773 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:37:20.200753927 CET | 49774 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:37:20.259144068 CET | 80 | 49774 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:37:20.259227991 CET | 49774 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:37:20.261991978 CET | 49774 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:37:20.318341017 CET | 80 | 49774 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:37:20.318430901 CET | 49774 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:37:20.375220060 CET | 80 | 49774 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:37:21.668706894 CET | 80 | 49774 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:37:21.668883085 CET | 49774 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:37:21.668941975 CET | 49774 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:37:21.725199938 CET | 80 | 49774 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:37:22.748919010 CET | 49775 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:37:22.806096077 CET | 80 | 49775 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:37:22.806251049 CET | 49775 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:37:22.809911013 CET | 49775 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:37:22.904851913 CET | 80 | 49775 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:37:22.905011892 CET | 49775 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:37:22.961323977 CET | 80 | 49775 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:37:24.212196112 CET | 80 | 49775 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:37:24.212405920 CET | 49775 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:37:24.212441921 CET | 49775 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:37:24.268726110 CET | 80 | 49775 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:37:25.334419966 CET | 49776 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:37:25.390957117 CET | 80 | 49776 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:37:25.391129017 CET | 49776 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:37:25.398463011 CET | 49776 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:37:25.455079079 CET | 80 | 49776 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:37:25.455180883 CET | 49776 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:37:25.511708021 CET | 80 | 49776 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:37:26.758080006 CET | 80 | 49776 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:37:26.758199930 CET | 49776 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:37:26.758239031 CET | 49776 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:37:26.814860106 CET | 80 | 49776 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:37:29.194413900 CET | 49779 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:37:29.260422945 CET | 80 | 49779 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:37:29.260504961 CET | 49779 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:37:29.263305902 CET | 49779 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:37:29.329282999 CET | 80 | 49779 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:37:29.329364061 CET | 49779 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:37:29.395251036 CET | 80 | 49779 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:37:30.738581896 CET | 80 | 49779 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:37:30.738667965 CET | 49779 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:37:30.738718033 CET | 49779 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:37:30.804800987 CET | 80 | 49779 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:37:33.891877890 CET | 49780 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:37:33.958883047 CET | 80 | 49780 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:37:33.959032059 CET | 49780 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:37:33.962521076 CET | 49780 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:37:34.028996944 CET | 80 | 49780 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:37:34.029126883 CET | 49780 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:37:34.095474958 CET | 80 | 49780 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:37:35.373624086 CET | 80 | 49780 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:37:35.373718977 CET | 49780 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:37:35.373763084 CET | 49780 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:37:35.440495968 CET | 80 | 49780 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:37:36.518332958 CET | 49782 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:37:36.586925983 CET | 80 | 49782 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:37:36.587069988 CET | 49782 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:37:36.594727993 CET | 49782 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:37:36.662831068 CET | 80 | 49782 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:37:36.663120031 CET | 49782 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:37:36.732475996 CET | 80 | 49782 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:37:37.913034916 CET | 80 | 49782 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:37:37.913142920 CET | 49782 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:37:37.913189888 CET | 49782 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:37:37.980871916 CET | 80 | 49782 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:37:39.345082998 CET | 49783 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:37:39.405669928 CET | 80 | 49783 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:37:39.405893087 CET | 49783 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:37:39.408766985 CET | 49783 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:37:39.465625048 CET | 80 | 49783 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:37:39.466222048 CET | 49783 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:37:39.522831917 CET | 80 | 49783 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:37:40.689152956 CET | 80 | 49783 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:37:40.689372063 CET | 49783 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:37:40.689424992 CET | 49783 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:37:40.746046066 CET | 80 | 49783 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:37:41.903774023 CET | 49784 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:37:41.970890999 CET | 80 | 49784 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:37:41.971019983 CET | 49784 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:37:41.973819971 CET | 49784 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:37:42.040855885 CET | 80 | 49784 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:37:42.042471886 CET | 49784 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:37:42.109639883 CET | 80 | 49784 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:37:43.403239012 CET | 80 | 49784 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:37:43.403425932 CET | 49784 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:37:43.403479099 CET | 49784 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:37:43.471338987 CET | 80 | 49784 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:37:44.713737965 CET | 49787 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:37:44.781965017 CET | 80 | 49787 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:37:44.782114983 CET | 49787 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:37:44.786353111 CET | 49787 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:37:44.854301929 CET | 80 | 49787 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:37:44.854403019 CET | 49787 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:37:44.922265053 CET | 80 | 49787 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:37:46.235904932 CET | 80 | 49787 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:37:46.236442089 CET | 49787 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:37:46.236538887 CET | 49787 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:37:46.304579020 CET | 80 | 49787 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:37:50.396802902 CET | 49793 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:37:50.453237057 CET | 80 | 49793 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:37:50.453423977 CET | 49793 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:37:51.111628056 CET | 49793 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:37:51.168287992 CET | 80 | 49793 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:37:51.168366909 CET | 49793 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:37:51.224617958 CET | 80 | 49793 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:37:52.495630026 CET | 80 | 49793 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:37:52.500133038 CET | 49793 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:37:52.500188112 CET | 49793 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:37:52.556773901 CET | 80 | 49793 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:37:55.018079996 CET | 49795 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:37:55.085529089 CET | 80 | 49795 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:37:55.085894108 CET | 49795 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:37:55.089534044 CET | 49795 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:37:55.157022953 CET | 80 | 49795 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:37:55.158164978 CET | 49795 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:37:55.225581884 CET | 80 | 49795 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:37:56.498845100 CET | 80 | 49795 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:37:56.499047995 CET | 49795 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:37:56.499113083 CET | 49795 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:37:56.566693068 CET | 80 | 49795 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:37:59.390140057 CET | 49797 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:37:59.457602978 CET | 80 | 49797 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:37:59.457735062 CET | 49797 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:37:59.460407019 CET | 49797 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:37:59.527903080 CET | 80 | 49797 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:37:59.528026104 CET | 49797 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:37:59.595693111 CET | 80 | 49797 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:38:00.863837957 CET | 80 | 49797 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:38:00.863987923 CET | 49797 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:00.864013910 CET | 49797 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:00.931344986 CET | 80 | 49797 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:38:02.099062920 CET | 49802 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:02.166270971 CET | 80 | 49802 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:38:02.166413069 CET | 49802 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:02.169111967 CET | 49802 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:02.235783100 CET | 80 | 49802 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:38:02.235896111 CET | 49802 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:02.302160025 CET | 80 | 49802 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:38:03.551551104 CET | 80 | 49802 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:38:03.551623106 CET | 49802 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:03.551714897 CET | 49802 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:03.618033886 CET | 80 | 49802 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:38:06.334054947 CET | 49818 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:06.391047001 CET | 80 | 49818 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:38:06.391208887 CET | 49818 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:06.424436092 CET | 49818 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:06.481513023 CET | 80 | 49818 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:38:06.481630087 CET | 49818 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:06.537770987 CET | 80 | 49818 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:38:07.849755049 CET | 80 | 49818 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:38:07.851003885 CET | 49818 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:07.851056099 CET | 49818 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:07.907166958 CET | 80 | 49818 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:38:09.981221914 CET | 49830 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:10.037396908 CET | 80 | 49830 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:38:10.037559032 CET | 49830 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:10.077239037 CET | 49830 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:10.133704901 CET | 80 | 49830 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:38:10.133827925 CET | 49830 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:10.190794945 CET | 80 | 49830 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:38:11.381908894 CET | 80 | 49830 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:38:11.382003069 CET | 49830 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:11.382023096 CET | 49830 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:11.479492903 CET | 80 | 49830 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:38:12.641791105 CET | 49840 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:12.709249973 CET | 80 | 49840 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:38:12.709609032 CET | 49840 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:12.712441921 CET | 49840 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:12.779907942 CET | 80 | 49840 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:38:12.782733917 CET | 49840 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:12.850428104 CET | 80 | 49840 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:38:14.111047983 CET | 80 | 49840 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:38:14.111148119 CET | 49840 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:14.111197948 CET | 49840 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:14.178551912 CET | 80 | 49840 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:38:17.210783958 CET | 49841 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:17.277822971 CET | 80 | 49841 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:38:17.277930021 CET | 49841 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:17.281043053 CET | 49841 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:17.348476887 CET | 80 | 49841 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:38:17.348575115 CET | 49841 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:17.415513039 CET | 80 | 49841 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:38:18.654022932 CET | 80 | 49841 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:38:18.654166937 CET | 49841 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:18.654253006 CET | 49841 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:18.721191883 CET | 80 | 49841 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:38:20.100825071 CET | 49842 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:20.168157101 CET | 80 | 49842 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:38:20.168375969 CET | 49842 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:20.171529055 CET | 49842 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:20.238864899 CET | 80 | 49842 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:38:20.238980055 CET | 49842 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:20.306335926 CET | 80 | 49842 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:38:21.628648043 CET | 80 | 49842 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:38:21.628839970 CET | 49842 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:21.628868103 CET | 49842 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:21.696358919 CET | 80 | 49842 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:38:23.171056032 CET | 49845 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:23.237695932 CET | 80 | 49845 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:38:23.237809896 CET | 49845 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:23.240806103 CET | 49845 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:23.307440042 CET | 80 | 49845 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:38:23.307615995 CET | 49845 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:23.374147892 CET | 80 | 49845 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:38:24.676434040 CET | 80 | 49845 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:38:24.676513910 CET | 49845 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:24.725253105 CET | 49845 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:24.791759968 CET | 80 | 49845 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:38:27.412389040 CET | 49850 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:27.479950905 CET | 80 | 49850 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:38:27.480096102 CET | 49850 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:27.482882977 CET | 49850 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:27.550331116 CET | 80 | 49850 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:38:27.550404072 CET | 49850 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:27.617674112 CET | 80 | 49850 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:38:28.925374031 CET | 80 | 49850 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:38:28.928560019 CET | 49850 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:28.928602934 CET | 49850 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:28.996134996 CET | 80 | 49850 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:38:30.994256020 CET | 49851 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:31.050622940 CET | 80 | 49851 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:38:31.050769091 CET | 49851 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:31.054519892 CET | 49851 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:31.111917019 CET | 80 | 49851 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:38:31.112103939 CET | 49851 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:31.168302059 CET | 80 | 49851 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:38:32.352724075 CET | 80 | 49851 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:38:32.352835894 CET | 49851 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:32.352870941 CET | 49851 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:32.409070015 CET | 80 | 49851 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:38:33.437607050 CET | 49852 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:33.504811049 CET | 80 | 49852 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:38:33.505017042 CET | 49852 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:33.510654926 CET | 49852 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:33.577811956 CET | 80 | 49852 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:38:33.577954054 CET | 49852 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:33.644937992 CET | 80 | 49852 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:38:35.007775068 CET | 80 | 49852 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:38:35.009013891 CET | 49852 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:35.009049892 CET | 49852 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:35.076307058 CET | 80 | 49852 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:38:37.063133955 CET | 49854 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:37.131289005 CET | 80 | 49854 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:38:37.131382942 CET | 49854 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:37.134931087 CET | 49854 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:37.202766895 CET | 80 | 49854 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:38:37.202991009 CET | 49854 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:37.270447969 CET | 80 | 49854 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:38:38.454946995 CET | 80 | 49854 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:38:38.455079079 CET | 49854 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:38.455202103 CET | 49854 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:38.522505045 CET | 80 | 49854 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:38:40.063682079 CET | 49855 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:40.130693913 CET | 80 | 49855 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:38:40.130824089 CET | 49855 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:40.133790970 CET | 49855 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:40.200942039 CET | 80 | 49855 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:38:40.201057911 CET | 49855 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:40.269145012 CET | 80 | 49855 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:38:41.392921925 CET | 80 | 49855 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:38:41.393049955 CET | 49855 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:41.393270016 CET | 49855 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:41.460256100 CET | 80 | 49855 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:38:42.371988058 CET | 49862 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:42.441322088 CET | 80 | 49862 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:38:42.441457987 CET | 49862 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:42.445022106 CET | 49862 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:42.514486074 CET | 80 | 49862 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:38:42.514592886 CET | 49862 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:42.583889961 CET | 80 | 49862 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:38:43.841937065 CET | 80 | 49862 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:38:43.843163967 CET | 49862 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:43.843206882 CET | 49862 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:43.913798094 CET | 80 | 49862 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:38:45.453150988 CET | 49870 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:45.509287119 CET | 80 | 49870 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:38:45.517376900 CET | 49870 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:46.720808029 CET | 49870 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:46.776935101 CET | 80 | 49870 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:38:46.777277946 CET | 49870 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:46.833422899 CET | 80 | 49870 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:38:48.177226067 CET | 80 | 49870 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:38:48.179321051 CET | 49870 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:48.179387093 CET | 49870 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:48.244923115 CET | 80 | 49870 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:38:49.391843081 CET | 49881 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:49.448906898 CET | 80 | 49881 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:38:49.449040890 CET | 49881 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:49.452650070 CET | 49881 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:49.508794069 CET | 80 | 49881 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:38:49.508902073 CET | 49881 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:49.565010071 CET | 80 | 49881 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:38:50.674108982 CET | 80 | 49881 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:38:50.674257994 CET | 49881 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:50.674331903 CET | 49881 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:50.730500937 CET | 80 | 49881 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:38:52.243490934 CET | 49882 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:52.310883045 CET | 80 | 49882 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:38:52.312560081 CET | 49882 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:52.315956116 CET | 49882 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:52.383136988 CET | 80 | 49882 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:38:52.383330107 CET | 49882 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:52.450537920 CET | 80 | 49882 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:38:53.689454079 CET | 80 | 49882 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:38:53.689598083 CET | 49882 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:53.689642906 CET | 49882 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:53.756779909 CET | 80 | 49882 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:38:54.728399038 CET | 49883 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:54.794935942 CET | 80 | 49883 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:38:54.795932055 CET | 49883 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:54.799525976 CET | 49883 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:54.866142988 CET | 80 | 49883 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:38:54.866242886 CET | 49883 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:54.932748079 CET | 80 | 49883 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:38:56.145380974 CET | 80 | 49883 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:38:56.145605087 CET | 49883 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:56.145793915 CET | 49883 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:56.212276936 CET | 80 | 49883 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:38:57.184376001 CET | 49885 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:57.251727104 CET | 80 | 49885 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:38:57.251866102 CET | 49885 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:57.255335093 CET | 49885 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:57.322743893 CET | 80 | 49885 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:38:57.322833061 CET | 49885 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:57.390343904 CET | 80 | 49885 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:38:58.636996984 CET | 80 | 49885 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:38:58.637293100 CET | 49885 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:58.637939930 CET | 49885 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:38:58.705543041 CET | 80 | 49885 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:39:00.067264080 CET | 49886 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:39:00.134578943 CET | 80 | 49886 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:39:00.134684086 CET | 49886 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:39:00.138022900 CET | 49886 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:39:00.206916094 CET | 80 | 49886 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:39:00.207024097 CET | 49886 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:39:00.276201010 CET | 80 | 49886 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:39:01.668778896 CET | 80 | 49886 | 185.185.69.76 | 192.168.2.6 |
Jan 28, 2022 23:39:01.668884039 CET | 49886 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:39:01.668965101 CET | 49886 | 80 | 192.168.2.6 | 185.185.69.76 |
Jan 28, 2022 23:39:01.736831903 CET | 80 | 49886 | 185.185.69.76 | 192.168.2.6 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jan 28, 2022 23:37:06.902832985 CET | 60261 | 53 | 192.168.2.6 | 8.8.8.8 |
Jan 28, 2022 23:37:07.189394951 CET | 53 | 60261 | 8.8.8.8 | 192.168.2.6 |
Jan 28, 2022 23:37:09.895837069 CET | 56061 | 53 | 192.168.2.6 | 8.8.8.8 |
Jan 28, 2022 23:37:10.210237026 CET | 53 | 56061 | 8.8.8.8 | 192.168.2.6 |
Jan 28, 2022 23:37:14.289541960 CET | 58336 | 53 | 192.168.2.6 | 8.8.8.8 |
Jan 28, 2022 23:37:14.308670044 CET | 53 | 58336 | 8.8.8.8 | 192.168.2.6 |
Jan 28, 2022 23:37:17.111224890 CET | 54064 | 53 | 192.168.2.6 | 8.8.8.8 |
Jan 28, 2022 23:37:17.397923946 CET | 53 | 54064 | 8.8.8.8 | 192.168.2.6 |
Jan 28, 2022 23:37:19.890825033 CET | 52811 | 53 | 192.168.2.6 | 8.8.8.8 |
Jan 28, 2022 23:37:20.199086905 CET | 53 | 52811 | 8.8.8.8 | 192.168.2.6 |
Jan 28, 2022 23:37:22.728606939 CET | 55299 | 53 | 192.168.2.6 | 8.8.8.8 |
Jan 28, 2022 23:37:22.747112989 CET | 53 | 55299 | 8.8.8.8 | 192.168.2.6 |
Jan 28, 2022 23:37:25.315891027 CET | 63745 | 53 | 192.168.2.6 | 8.8.8.8 |
Jan 28, 2022 23:37:25.332844019 CET | 53 | 63745 | 8.8.8.8 | 192.168.2.6 |
Jan 28, 2022 23:37:29.174689054 CET | 61374 | 53 | 192.168.2.6 | 8.8.8.8 |
Jan 28, 2022 23:37:29.193221092 CET | 53 | 61374 | 8.8.8.8 | 192.168.2.6 |
Jan 28, 2022 23:37:33.873795986 CET | 50339 | 53 | 192.168.2.6 | 8.8.8.8 |
Jan 28, 2022 23:37:33.890588045 CET | 53 | 50339 | 8.8.8.8 | 192.168.2.6 |
Jan 28, 2022 23:37:36.492325068 CET | 49694 | 53 | 192.168.2.6 | 8.8.8.8 |
Jan 28, 2022 23:37:36.512134075 CET | 53 | 49694 | 8.8.8.8 | 192.168.2.6 |
Jan 28, 2022 23:37:39.327147961 CET | 54982 | 53 | 192.168.2.6 | 8.8.8.8 |
Jan 28, 2022 23:37:39.343832970 CET | 53 | 54982 | 8.8.8.8 | 192.168.2.6 |
Jan 28, 2022 23:37:41.614988089 CET | 50010 | 53 | 192.168.2.6 | 8.8.8.8 |
Jan 28, 2022 23:37:41.901705027 CET | 53 | 50010 | 8.8.8.8 | 192.168.2.6 |
Jan 28, 2022 23:37:44.693382025 CET | 63816 | 53 | 192.168.2.6 | 8.8.8.8 |
Jan 28, 2022 23:37:44.712313890 CET | 53 | 63816 | 8.8.8.8 | 192.168.2.6 |
Jan 28, 2022 23:37:50.316968918 CET | 57574 | 53 | 192.168.2.6 | 8.8.8.8 |
Jan 28, 2022 23:37:50.335726976 CET | 53 | 57574 | 8.8.8.8 | 192.168.2.6 |
Jan 28, 2022 23:37:54.998337984 CET | 56628 | 53 | 192.168.2.6 | 8.8.8.8 |
Jan 28, 2022 23:37:55.016972065 CET | 53 | 56628 | 8.8.8.8 | 192.168.2.6 |
Jan 28, 2022 23:37:59.082956076 CET | 53799 | 53 | 192.168.2.6 | 8.8.8.8 |
Jan 28, 2022 23:37:59.388312101 CET | 53 | 53799 | 8.8.8.8 | 192.168.2.6 |
Jan 28, 2022 23:38:02.078545094 CET | 64021 | 53 | 192.168.2.6 | 8.8.8.8 |
Jan 28, 2022 23:38:02.097598076 CET | 53 | 64021 | 8.8.8.8 | 192.168.2.6 |
Jan 28, 2022 23:38:06.313935041 CET | 56327 | 53 | 192.168.2.6 | 8.8.8.8 |
Jan 28, 2022 23:38:06.332571983 CET | 53 | 56327 | 8.8.8.8 | 192.168.2.6 |
Jan 28, 2022 23:38:09.962450027 CET | 62055 | 53 | 192.168.2.6 | 8.8.8.8 |
Jan 28, 2022 23:38:09.979409933 CET | 53 | 62055 | 8.8.8.8 | 192.168.2.6 |
Jan 28, 2022 23:38:12.312206030 CET | 61249 | 53 | 192.168.2.6 | 8.8.8.8 |
Jan 28, 2022 23:38:12.639857054 CET | 53 | 61249 | 8.8.8.8 | 192.168.2.6 |
Jan 28, 2022 23:38:16.923599005 CET | 65252 | 53 | 192.168.2.6 | 8.8.8.8 |
Jan 28, 2022 23:38:17.208503962 CET | 53 | 65252 | 8.8.8.8 | 192.168.2.6 |
Jan 28, 2022 23:38:20.080570936 CET | 64367 | 53 | 192.168.2.6 | 8.8.8.8 |
Jan 28, 2022 23:38:20.099165916 CET | 53 | 64367 | 8.8.8.8 | 192.168.2.6 |
Jan 28, 2022 23:38:23.150827885 CET | 60211 | 53 | 192.168.2.6 | 8.8.8.8 |
Jan 28, 2022 23:38:23.169887066 CET | 53 | 60211 | 8.8.8.8 | 192.168.2.6 |
Jan 28, 2022 23:38:27.394073009 CET | 55180 | 53 | 192.168.2.6 | 8.8.8.8 |
Jan 28, 2022 23:38:27.411124945 CET | 53 | 55180 | 8.8.8.8 | 192.168.2.6 |
Jan 28, 2022 23:38:30.973910093 CET | 58721 | 53 | 192.168.2.6 | 8.8.8.8 |
Jan 28, 2022 23:38:30.992604017 CET | 53 | 58721 | 8.8.8.8 | 192.168.2.6 |
Jan 28, 2022 23:38:33.417038918 CET | 57691 | 53 | 192.168.2.6 | 8.8.8.8 |
Jan 28, 2022 23:38:33.435640097 CET | 53 | 57691 | 8.8.8.8 | 192.168.2.6 |
Jan 28, 2022 23:38:37.043313980 CET | 59489 | 53 | 192.168.2.6 | 8.8.8.8 |
Jan 28, 2022 23:38:37.061940908 CET | 53 | 59489 | 8.8.8.8 | 192.168.2.6 |
Jan 28, 2022 23:38:40.043288946 CET | 64022 | 53 | 192.168.2.6 | 8.8.8.8 |
Jan 28, 2022 23:38:40.062098980 CET | 53 | 64022 | 8.8.8.8 | 192.168.2.6 |
Jan 28, 2022 23:38:42.351895094 CET | 57193 | 53 | 192.168.2.6 | 8.8.8.8 |
Jan 28, 2022 23:38:42.370554924 CET | 53 | 57193 | 8.8.8.8 | 192.168.2.6 |
Jan 28, 2022 23:38:45.427057981 CET | 50248 | 53 | 192.168.2.6 | 8.8.8.8 |
Jan 28, 2022 23:38:45.444062948 CET | 53 | 50248 | 8.8.8.8 | 192.168.2.6 |
Jan 28, 2022 23:38:49.258750916 CET | 60429 | 53 | 192.168.2.6 | 8.8.8.8 |
Jan 28, 2022 23:38:49.277318954 CET | 53 | 60429 | 8.8.8.8 | 192.168.2.6 |
Jan 28, 2022 23:38:52.224076986 CET | 60345 | 53 | 192.168.2.6 | 8.8.8.8 |
Jan 28, 2022 23:38:52.241295099 CET | 53 | 60345 | 8.8.8.8 | 192.168.2.6 |
Jan 28, 2022 23:38:54.707078934 CET | 58730 | 53 | 192.168.2.6 | 8.8.8.8 |
Jan 28, 2022 23:38:54.726234913 CET | 53 | 58730 | 8.8.8.8 | 192.168.2.6 |
Jan 28, 2022 23:38:57.165729046 CET | 57226 | 53 | 192.168.2.6 | 8.8.8.8 |
Jan 28, 2022 23:38:57.182893038 CET | 53 | 57226 | 8.8.8.8 | 192.168.2.6 |
Jan 28, 2022 23:38:59.576981068 CET | 57880 | 53 | 192.168.2.6 | 8.8.8.8 |
Jan 28, 2022 23:38:59.887764931 CET | 53 | 57880 | 8.8.8.8 | 192.168.2.6 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Jan 28, 2022 23:37:06.902832985 CET | 192.168.2.6 | 8.8.8.8 | 0x1758 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 28, 2022 23:37:09.895837069 CET | 192.168.2.6 | 8.8.8.8 | 0x8e74 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 28, 2022 23:37:14.289541960 CET | 192.168.2.6 | 8.8.8.8 | 0xce34 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 28, 2022 23:37:17.111224890 CET | 192.168.2.6 | 8.8.8.8 | 0xc12f | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 28, 2022 23:37:19.890825033 CET | 192.168.2.6 | 8.8.8.8 | 0x6ed9 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 28, 2022 23:37:22.728606939 CET | 192.168.2.6 | 8.8.8.8 | 0x7b58 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 28, 2022 23:37:25.315891027 CET | 192.168.2.6 | 8.8.8.8 | 0xb9e4 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 28, 2022 23:37:29.174689054 CET | 192.168.2.6 | 8.8.8.8 | 0xb594 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 28, 2022 23:37:33.873795986 CET | 192.168.2.6 | 8.8.8.8 | 0x13c8 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 28, 2022 23:37:36.492325068 CET | 192.168.2.6 | 8.8.8.8 | 0x439f | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 28, 2022 23:37:39.327147961 CET | 192.168.2.6 | 8.8.8.8 | 0x8600 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 28, 2022 23:37:41.614988089 CET | 192.168.2.6 | 8.8.8.8 | 0x5bee | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 28, 2022 23:37:44.693382025 CET | 192.168.2.6 | 8.8.8.8 | 0xf87f | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 28, 2022 23:37:50.316968918 CET | 192.168.2.6 | 8.8.8.8 | 0x112b | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 28, 2022 23:37:54.998337984 CET | 192.168.2.6 | 8.8.8.8 | 0xf5d8 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 28, 2022 23:37:59.082956076 CET | 192.168.2.6 | 8.8.8.8 | 0x4e06 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 28, 2022 23:38:02.078545094 CET | 192.168.2.6 | 8.8.8.8 | 0x7c80 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 28, 2022 23:38:06.313935041 CET | 192.168.2.6 | 8.8.8.8 | 0x35e8 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 28, 2022 23:38:09.962450027 CET | 192.168.2.6 | 8.8.8.8 | 0x557b | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 28, 2022 23:38:12.312206030 CET | 192.168.2.6 | 8.8.8.8 | 0xb6ca | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 28, 2022 23:38:16.923599005 CET | 192.168.2.6 | 8.8.8.8 | 0x4b7b | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 28, 2022 23:38:20.080570936 CET | 192.168.2.6 | 8.8.8.8 | 0x749f | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 28, 2022 23:38:23.150827885 CET | 192.168.2.6 | 8.8.8.8 | 0x5a17 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 28, 2022 23:38:27.394073009 CET | 192.168.2.6 | 8.8.8.8 | 0x6f6c | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 28, 2022 23:38:30.973910093 CET | 192.168.2.6 | 8.8.8.8 | 0x3c33 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 28, 2022 23:38:33.417038918 CET | 192.168.2.6 | 8.8.8.8 | 0xd1b4 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 28, 2022 23:38:37.043313980 CET | 192.168.2.6 | 8.8.8.8 | 0xd0d3 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 28, 2022 23:38:40.043288946 CET | 192.168.2.6 | 8.8.8.8 | 0x1c64 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 28, 2022 23:38:42.351895094 CET | 192.168.2.6 | 8.8.8.8 | 0x4aa3 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 28, 2022 23:38:45.427057981 CET | 192.168.2.6 | 8.8.8.8 | 0x6552 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 28, 2022 23:38:49.258750916 CET | 192.168.2.6 | 8.8.8.8 | 0xae82 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 28, 2022 23:38:52.224076986 CET | 192.168.2.6 | 8.8.8.8 | 0xdd80 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 28, 2022 23:38:54.707078934 CET | 192.168.2.6 | 8.8.8.8 | 0xfd3d | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 28, 2022 23:38:57.165729046 CET | 192.168.2.6 | 8.8.8.8 | 0xab3c | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 28, 2022 23:38:59.576981068 CET | 192.168.2.6 | 8.8.8.8 | 0x719a | Standard query (0) | A (IP address) | IN (0x0001) |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Jan 28, 2022 23:37:07.189394951 CET | 8.8.8.8 | 192.168.2.6 | 0x1758 | No error (0) | 185.185.69.76 | A (IP address) | IN (0x0001) | ||
Jan 28, 2022 23:37:10.210237026 CET | 8.8.8.8 | 192.168.2.6 | 0x8e74 | No error (0) | 185.185.69.76 | A (IP address) | IN (0x0001) | ||
Jan 28, 2022 23:37:14.308670044 CET | 8.8.8.8 | 192.168.2.6 | 0xce34 | No error (0) | 185.185.69.76 | A (IP address) | IN (0x0001) | ||
Jan 28, 2022 23:37:17.397923946 CET | 8.8.8.8 | 192.168.2.6 | 0xc12f | No error (0) | 185.185.69.76 | A (IP address) | IN (0x0001) | ||
Jan 28, 2022 23:37:20.199086905 CET | 8.8.8.8 | 192.168.2.6 | 0x6ed9 | No error (0) | 185.185.69.76 | A (IP address) | IN (0x0001) | ||
Jan 28, 2022 23:37:22.747112989 CET | 8.8.8.8 | 192.168.2.6 | 0x7b58 | No error (0) | 185.185.69.76 | A (IP address) | IN (0x0001) | ||
Jan 28, 2022 23:37:25.332844019 CET | 8.8.8.8 | 192.168.2.6 | 0xb9e4 | No error (0) | 185.185.69.76 | A (IP address) | IN (0x0001) | ||
Jan 28, 2022 23:37:29.193221092 CET | 8.8.8.8 | 192.168.2.6 | 0xb594 | No error (0) | 185.185.69.76 | A (IP address) | IN (0x0001) | ||
Jan 28, 2022 23:37:33.890588045 CET | 8.8.8.8 | 192.168.2.6 | 0x13c8 | No error (0) | 185.185.69.76 | A (IP address) | IN (0x0001) | ||
Jan 28, 2022 23:37:36.512134075 CET | 8.8.8.8 | 192.168.2.6 | 0x439f | No error (0) | 185.185.69.76 | A (IP address) | IN (0x0001) | ||
Jan 28, 2022 23:37:39.343832970 CET | 8.8.8.8 | 192.168.2.6 | 0x8600 | No error (0) | 185.185.69.76 | A (IP address) | IN (0x0001) | ||
Jan 28, 2022 23:37:41.901705027 CET | 8.8.8.8 | 192.168.2.6 | 0x5bee | No error (0) | 185.185.69.76 | A (IP address) | IN (0x0001) | ||
Jan 28, 2022 23:37:44.712313890 CET | 8.8.8.8 | 192.168.2.6 | 0xf87f | No error (0) | 185.185.69.76 | A (IP address) | IN (0x0001) | ||
Jan 28, 2022 23:37:50.335726976 CET | 8.8.8.8 | 192.168.2.6 | 0x112b | No error (0) | 185.185.69.76 | A (IP address) | IN (0x0001) | ||
Jan 28, 2022 23:37:55.016972065 CET | 8.8.8.8 | 192.168.2.6 | 0xf5d8 | No error (0) | 185.185.69.76 | A (IP address) | IN (0x0001) | ||
Jan 28, 2022 23:37:59.388312101 CET | 8.8.8.8 | 192.168.2.6 | 0x4e06 | No error (0) | 185.185.69.76 | A (IP address) | IN (0x0001) | ||
Jan 28, 2022 23:38:02.097598076 CET | 8.8.8.8 | 192.168.2.6 | 0x7c80 | No error (0) | 185.185.69.76 | A (IP address) | IN (0x0001) | ||
Jan 28, 2022 23:38:06.332571983 CET | 8.8.8.8 | 192.168.2.6 | 0x35e8 | No error (0) | 185.185.69.76 | A (IP address) | IN (0x0001) | ||
Jan 28, 2022 23:38:09.979409933 CET | 8.8.8.8 | 192.168.2.6 | 0x557b | No error (0) | 185.185.69.76 | A (IP address) | IN (0x0001) | ||
Jan 28, 2022 23:38:12.639857054 CET | 8.8.8.8 | 192.168.2.6 | 0xb6ca | No error (0) | 185.185.69.76 | A (IP address) | IN (0x0001) | ||
Jan 28, 2022 23:38:17.208503962 CET | 8.8.8.8 | 192.168.2.6 | 0x4b7b | No error (0) | 185.185.69.76 | A (IP address) | IN (0x0001) | ||
Jan 28, 2022 23:38:20.099165916 CET | 8.8.8.8 | 192.168.2.6 | 0x749f | No error (0) | 185.185.69.76 | A (IP address) | IN (0x0001) | ||
Jan 28, 2022 23:38:23.169887066 CET | 8.8.8.8 | 192.168.2.6 | 0x5a17 | No error (0) | 185.185.69.76 | A (IP address) | IN (0x0001) | ||
Jan 28, 2022 23:38:27.411124945 CET | 8.8.8.8 | 192.168.2.6 | 0x6f6c | No error (0) | 185.185.69.76 | A (IP address) | IN (0x0001) | ||
Jan 28, 2022 23:38:30.992604017 CET | 8.8.8.8 | 192.168.2.6 | 0x3c33 | No error (0) | 185.185.69.76 | A (IP address) | IN (0x0001) | ||
Jan 28, 2022 23:38:33.435640097 CET | 8.8.8.8 | 192.168.2.6 | 0xd1b4 | No error (0) | 185.185.69.76 | A (IP address) | IN (0x0001) | ||
Jan 28, 2022 23:38:37.061940908 CET | 8.8.8.8 | 192.168.2.6 | 0xd0d3 | No error (0) | 185.185.69.76 | A (IP address) | IN (0x0001) | ||
Jan 28, 2022 23:38:40.062098980 CET | 8.8.8.8 | 192.168.2.6 | 0x1c64 | No error (0) | 185.185.69.76 | A (IP address) | IN (0x0001) | ||
Jan 28, 2022 23:38:42.370554924 CET | 8.8.8.8 | 192.168.2.6 | 0x4aa3 | No error (0) | 185.185.69.76 | A (IP address) | IN (0x0001) | ||
Jan 28, 2022 23:38:45.444062948 CET | 8.8.8.8 | 192.168.2.6 | 0x6552 | No error (0) | 185.185.69.76 | A (IP address) | IN (0x0001) | ||
Jan 28, 2022 23:38:49.277318954 CET | 8.8.8.8 | 192.168.2.6 | 0xae82 | No error (0) | 185.185.69.76 | A (IP address) | IN (0x0001) | ||
Jan 28, 2022 23:38:52.241295099 CET | 8.8.8.8 | 192.168.2.6 | 0xdd80 | No error (0) | 185.185.69.76 | A (IP address) | IN (0x0001) | ||
Jan 28, 2022 23:38:54.726234913 CET | 8.8.8.8 | 192.168.2.6 | 0xfd3d | No error (0) | 185.185.69.76 | A (IP address) | IN (0x0001) | ||
Jan 28, 2022 23:38:57.182893038 CET | 8.8.8.8 | 192.168.2.6 | 0xab3c | No error (0) | 185.185.69.76 | A (IP address) | IN (0x0001) | ||
Jan 28, 2022 23:38:59.887764931 CET | 8.8.8.8 | 192.168.2.6 | 0x719a | No error (0) | 185.185.69.76 | A (IP address) | IN (0x0001) |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.6 | 49769 | 185.185.69.76 | 80 | C:\Users\user\Desktop\kVijllv0Yl.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 28, 2022 23:37:07.260369062 CET | 1240 | OUT | |
Jan 28, 2022 23:37:07.318934917 CET | 1240 | OUT | |
Jan 28, 2022 23:37:08.647847891 CET | 1240 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.2.6 | 49770 | 185.185.69.76 | 80 | C:\Users\user\Desktop\kVijllv0Yl.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 28, 2022 23:37:10.277966022 CET | 1241 | OUT | |
Jan 28, 2022 23:37:10.334817886 CET | 1241 | OUT | |
Jan 28, 2022 23:37:12.345729113 CET | 1242 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
10 | 192.168.2.6 | 49783 | 185.185.69.76 | 80 | C:\Users\user\Desktop\kVijllv0Yl.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 28, 2022 23:37:39.408766985 CET | 1383 | OUT | |
Jan 28, 2022 23:37:39.466222048 CET | 1383 | OUT | |
Jan 28, 2022 23:37:40.689152956 CET | 1384 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
11 | 192.168.2.6 | 49784 | 185.185.69.76 | 80 | C:\Users\user\Desktop\kVijllv0Yl.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 28, 2022 23:37:41.973819971 CET | 1384 | OUT | |
Jan 28, 2022 23:37:42.042471886 CET | 1385 | OUT | |
Jan 28, 2022 23:37:43.403239012 CET | 1385 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
12 | 192.168.2.6 | 49787 | 185.185.69.76 | 80 | C:\Users\user\Desktop\kVijllv0Yl.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 28, 2022 23:37:44.786353111 CET | 1397 | OUT | |
Jan 28, 2022 23:37:44.854403019 CET | 1397 | OUT | |
Jan 28, 2022 23:37:46.235904932 CET | 1468 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
13 | 192.168.2.6 | 49793 | 185.185.69.76 | 80 | C:\Users\user\Desktop\kVijllv0Yl.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 28, 2022 23:37:51.111628056 CET | 1514 | OUT | |
Jan 28, 2022 23:37:51.168366909 CET | 1514 | OUT | |
Jan 28, 2022 23:37:52.495630026 CET | 1514 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
14 | 192.168.2.6 | 49795 | 185.185.69.76 | 80 | C:\Users\user\Desktop\kVijllv0Yl.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 28, 2022 23:37:55.089534044 CET | 1516 | OUT | |
Jan 28, 2022 23:37:55.158164978 CET | 1520 | OUT | |
Jan 28, 2022 23:37:56.498845100 CET | 1537 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
15 | 192.168.2.6 | 49797 | 185.185.69.76 | 80 | C:\Users\user\Desktop\kVijllv0Yl.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 28, 2022 23:37:59.460407019 CET | 1545 | OUT | |
Jan 28, 2022 23:37:59.528026104 CET | 1545 | OUT | |
Jan 28, 2022 23:38:00.863837957 CET | 1545 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
16 | 192.168.2.6 | 49802 | 185.185.69.76 | 80 | C:\Users\user\Desktop\kVijllv0Yl.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 28, 2022 23:38:02.169111967 CET | 3128 | OUT | |
Jan 28, 2022 23:38:02.235896111 CET | 4307 | OUT | |
Jan 28, 2022 23:38:03.551551104 CET | 10282 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
17 | 192.168.2.6 | 49818 | 185.185.69.76 | 80 | C:\Users\user\Desktop\kVijllv0Yl.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 28, 2022 23:38:06.424436092 CET | 10554 | OUT | |
Jan 28, 2022 23:38:06.481630087 CET | 10561 | OUT | |
Jan 28, 2022 23:38:07.849755049 CET | 10771 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
18 | 192.168.2.6 | 49830 | 185.185.69.76 | 80 | C:\Users\user\Desktop\kVijllv0Yl.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 28, 2022 23:38:10.077239037 CET | 10784 | OUT | |
Jan 28, 2022 23:38:10.133827925 CET | 10786 | OUT | |
Jan 28, 2022 23:38:11.381908894 CET | 12486 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
19 | 192.168.2.6 | 49840 | 185.185.69.76 | 80 | C:\Users\user\Desktop\kVijllv0Yl.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 28, 2022 23:38:12.712441921 CET | 12493 | OUT | |
Jan 28, 2022 23:38:12.782733917 CET | 12493 | OUT | |
Jan 28, 2022 23:38:14.111047983 CET | 12494 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
2 | 192.168.2.6 | 49771 | 185.185.69.76 | 80 | C:\Users\user\Desktop\kVijllv0Yl.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 28, 2022 23:37:14.709347010 CET | 1243 | OUT | |
Jan 28, 2022 23:37:14.779185057 CET | 1244 | OUT | |
Jan 28, 2022 23:37:16.117796898 CET | 1343 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
20 | 192.168.2.6 | 49841 | 185.185.69.76 | 80 | C:\Users\user\Desktop\kVijllv0Yl.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 28, 2022 23:38:17.281043053 CET | 12494 | OUT | |
Jan 28, 2022 23:38:17.348575115 CET | 12495 | OUT | |
Jan 28, 2022 23:38:18.654022932 CET | 12495 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
21 | 192.168.2.6 | 49842 | 185.185.69.76 | 80 | C:\Users\user\Desktop\kVijllv0Yl.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 28, 2022 23:38:20.171529055 CET | 12496 | OUT | |
Jan 28, 2022 23:38:20.238980055 CET | 12496 | OUT | |
Jan 28, 2022 23:38:21.628648043 CET | 12496 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
22 | 192.168.2.6 | 49845 | 185.185.69.76 | 80 | C:\Users\user\Desktop\kVijllv0Yl.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 28, 2022 23:38:23.240806103 CET | 12504 | OUT | |
Jan 28, 2022 23:38:23.307615995 CET | 12504 | OUT | |
Jan 28, 2022 23:38:24.676434040 CET | 12504 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
23 | 192.168.2.6 | 49850 | 185.185.69.76 | 80 | C:\Users\user\Desktop\kVijllv0Yl.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 28, 2022 23:38:27.482882977 CET | 12520 | OUT | |
Jan 28, 2022 23:38:27.550404072 CET | 12520 | OUT | |
Jan 28, 2022 23:38:28.925374031 CET | 12521 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
24 | 192.168.2.6 | 49851 | 185.185.69.76 | 80 | C:\Users\user\Desktop\kVijllv0Yl.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 28, 2022 23:38:31.054519892 CET | 12521 | OUT | |
Jan 28, 2022 23:38:31.112103939 CET | 12522 | OUT | |
Jan 28, 2022 23:38:32.352724075 CET | 12522 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
25 | 192.168.2.6 | 49852 | 185.185.69.76 | 80 | C:\Users\user\Desktop\kVijllv0Yl.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 28, 2022 23:38:33.510654926 CET | 12523 | OUT | |
Jan 28, 2022 23:38:33.577954054 CET | 12523 | OUT | |
Jan 28, 2022 23:38:35.007775068 CET | 12524 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
26 | 192.168.2.6 | 49854 | 185.185.69.76 | 80 | C:\Users\user\Desktop\kVijllv0Yl.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 28, 2022 23:38:37.134931087 CET | 12525 | OUT | |
Jan 28, 2022 23:38:37.202991009 CET | 12530 | OUT | |
Jan 28, 2022 23:38:38.454946995 CET | 12534 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
27 | 192.168.2.6 | 49855 | 185.185.69.76 | 80 | C:\Users\user\Desktop\kVijllv0Yl.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 28, 2022 23:38:40.133790970 CET | 12535 | OUT | |
Jan 28, 2022 23:38:40.201057911 CET | 12535 | OUT | |
Jan 28, 2022 23:38:41.392921925 CET | 12542 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
28 | 192.168.2.6 | 49862 | 185.185.69.76 | 80 | C:\Users\user\Desktop\kVijllv0Yl.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 28, 2022 23:38:42.445022106 CET | 12553 | OUT | |
Jan 28, 2022 23:38:42.514592886 CET | 12555 | OUT | |
Jan 28, 2022 23:38:43.841937065 CET | 12567 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
29 | 192.168.2.6 | 49870 | 185.185.69.76 | 80 | C:\Users\user\Desktop\kVijllv0Yl.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 28, 2022 23:38:46.720808029 CET | 12578 | OUT | |
Jan 28, 2022 23:38:46.777277946 CET | 12579 | OUT | |
Jan 28, 2022 23:38:48.177226067 CET | 12591 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
3 | 192.168.2.6 | 49773 | 185.185.69.76 | 80 | C:\Users\user\Desktop\kVijllv0Yl.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 28, 2022 23:37:17.458668947 CET | 1344 | OUT | |
Jan 28, 2022 23:37:17.514823914 CET | 1344 | OUT | |
Jan 28, 2022 23:37:18.890583992 CET | 1344 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
30 | 192.168.2.6 | 49881 | 185.185.69.76 | 80 | C:\Users\user\Desktop\kVijllv0Yl.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 28, 2022 23:38:49.452650070 CET | 12601 | OUT | |
Jan 28, 2022 23:38:49.508902073 CET | 12601 | OUT | |
Jan 28, 2022 23:38:50.674108982 CET | 12602 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
31 | 192.168.2.6 | 49882 | 185.185.69.76 | 80 | C:\Users\user\Desktop\kVijllv0Yl.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 28, 2022 23:38:52.315956116 CET | 12602 | OUT | |
Jan 28, 2022 23:38:52.383330107 CET | 12603 | OUT | |
Jan 28, 2022 23:38:53.689454079 CET | 12603 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
32 | 192.168.2.6 | 49883 | 185.185.69.76 | 80 | C:\Users\user\Desktop\kVijllv0Yl.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 28, 2022 23:38:54.799525976 CET | 12604 | OUT | |
Jan 28, 2022 23:38:54.866242886 CET | 12604 | OUT | |
Jan 28, 2022 23:38:56.145380974 CET | 12604 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
33 | 192.168.2.6 | 49885 | 185.185.69.76 | 80 | C:\Users\user\Desktop\kVijllv0Yl.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 28, 2022 23:38:57.255335093 CET | 12606 | OUT | |
Jan 28, 2022 23:38:57.322833061 CET | 12612 | OUT | |
Jan 28, 2022 23:38:58.636996984 CET | 12613 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
34 | 192.168.2.6 | 49886 | 185.185.69.76 | 80 | C:\Users\user\Desktop\kVijllv0Yl.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 28, 2022 23:39:00.138022900 CET | 12613 | OUT | |
Jan 28, 2022 23:39:00.207024097 CET | 12614 | OUT | |
Jan 28, 2022 23:39:01.668778896 CET | 12614 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
4 | 192.168.2.6 | 49774 | 185.185.69.76 | 80 | C:\Users\user\Desktop\kVijllv0Yl.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 28, 2022 23:37:20.261991978 CET | 1345 | OUT | |
Jan 28, 2022 23:37:20.318430901 CET | 1345 | OUT | |
Jan 28, 2022 23:37:21.668706894 CET | 1346 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
5 | 192.168.2.6 | 49775 | 185.185.69.76 | 80 | C:\Users\user\Desktop\kVijllv0Yl.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 28, 2022 23:37:22.809911013 CET | 1346 | OUT | |
Jan 28, 2022 23:37:22.905011892 CET | 1347 | OUT | |
Jan 28, 2022 23:37:24.212196112 CET | 1347 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
6 | 192.168.2.6 | 49776 | 185.185.69.76 | 80 | C:\Users\user\Desktop\kVijllv0Yl.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 28, 2022 23:37:25.398463011 CET | 1348 | OUT | |
Jan 28, 2022 23:37:25.455180883 CET | 1348 | OUT | |
Jan 28, 2022 23:37:26.758080006 CET | 1348 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
7 | 192.168.2.6 | 49779 | 185.185.69.76 | 80 | C:\Users\user\Desktop\kVijllv0Yl.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 28, 2022 23:37:29.263305902 CET | 1372 | OUT | |
Jan 28, 2022 23:37:29.329364061 CET | 1372 | OUT | |
Jan 28, 2022 23:37:30.738581896 CET | 1373 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
8 | 192.168.2.6 | 49780 | 185.185.69.76 | 80 | C:\Users\user\Desktop\kVijllv0Yl.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 28, 2022 23:37:33.962521076 CET | 1373 | OUT | |
Jan 28, 2022 23:37:34.029126883 CET | 1374 | OUT | |
Jan 28, 2022 23:37:35.373624086 CET | 1381 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
9 | 192.168.2.6 | 49782 | 185.185.69.76 | 80 | C:\Users\user\Desktop\kVijllv0Yl.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 28, 2022 23:37:36.594727993 CET | 1382 | OUT | |
Jan 28, 2022 23:37:36.663120031 CET | 1382 | OUT | |
Jan 28, 2022 23:37:37.913034916 CET | 1382 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 23:36:56 |
Start date: | 28/01/2022 |
Path: | C:\Users\user\Desktop\kVijllv0Yl.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 247353 bytes |
MD5 hash: | 6997DE404FB7E798AECC2C8A14FD2F12 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Target ID: | 1 |
Start time: | 23:36:58 |
Start date: | 28/01/2022 |
Path: | C:\Users\user\Desktop\kVijllv0Yl.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 247353 bytes |
MD5 hash: | 6997DE404FB7E798AECC2C8A14FD2F12 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Execution Graph
Execution Coverage: | 20.1% |
Dynamic/Decrypted Code Coverage: | 6.8% |
Signature Coverage: | 22.7% |
Total number of Nodes: | 1344 |
Total number of Limit Nodes: | 33 |
Graph
Function 00403225 Relevance: 70.3, APIs: 23, Strings: 17, Instructions: 270filestringcomCOMMON
Control-flow Graph
C-Code - Quality: 82% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004053AA Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 156filestringCOMMON
Control-flow Graph
C-Code - Quality: 94% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040604C Relevance: 5.4, APIs: 4, Instructions: 382COMMONCrypto
Control-flow Graph
C-Code - Quality: 98% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004035E3 Relevance: 51.0, APIs: 15, Strings: 14, Instructions: 213stringregistrylibraryCOMMON
Control-flow Graph
C-Code - Quality: 96% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402C5B Relevance: 26.5, APIs: 5, Strings: 10, Instructions: 203memoryCOMMON
Control-flow Graph
C-Code - Quality: 96% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401734 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 147stringtimeCOMMON
Control-flow Graph
C-Code - Quality: 75% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 021B109C Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 237processthreadCOMMON
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402F01 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 109fileCOMMON
Control-flow Graph
C-Code - Quality: 93% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040302C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 108fileCOMMON
Control-flow Graph
C-Code - Quality: 94% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401F51 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 69libraryloaderCOMMON
Control-flow Graph
C-Code - Quality: 57% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 85% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 021B07DD Relevance: 7.7, APIs: 5, Instructions: 192fileCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 84% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406481 Relevance: 5.2, APIs: 4, Instructions: 236COMMON
C-Code - Quality: 99% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406682 Relevance: 5.2, APIs: 4, Instructions: 208COMMON
C-Code - Quality: 98% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406398 Relevance: 5.2, APIs: 4, Instructions: 205COMMON
C-Code - Quality: 98% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405E9D Relevance: 5.2, APIs: 4, Instructions: 198COMMON
C-Code - Quality: 98% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004062EB Relevance: 5.2, APIs: 4, Instructions: 180COMMON
C-Code - Quality: 98% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406409 Relevance: 5.2, APIs: 4, Instructions: 170COMMON
C-Code - Quality: 98% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406355 Relevance: 5.2, APIs: 4, Instructions: 168COMMON
C-Code - Quality: 98% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
C-Code - Quality: 69% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040575C Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
C-Code - Quality: 68% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040573D Relevance: 3.0, APIs: 2, Instructions: 9COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004031A8 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004031DA Relevance: 1.5, APIs: 1, Instructions: 6COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404F61 Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 278windowclipboardmemoryCOMMON
C-Code - Quality: 95% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404772 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 478windowmemoryCOMMONCrypto
C-Code - Quality: 97% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404275 Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 266stringCOMMON
C-Code - Quality: 78% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405AA7 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 195stringCOMMON
C-Code - Quality: 74% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 74% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402630 Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
C-Code - Quality: 39% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 021B0A17 Relevance: .3, Instructions: 261COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 021B0616 Relevance: .1, Instructions: 61COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 021B0706 Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 021B0744 Relevance: .0, Instructions: 23COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 021B06C7 Relevance: .0, Instructions: 7COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 83% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403F7F Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 204windowstringCOMMON
C-Code - Quality: 93% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 90% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004057D3 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 144filememoryCOMMON
C-Code - Quality: 93% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403E9E Relevance: 12.1, APIs: 8, Instructions: 61COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 93% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004046F2 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402B2D Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004022F5 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71registrystringCOMMON
C-Code - Quality: 90% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 84% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401CC1 Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404610 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78stringCOMMON
C-Code - Quality: 51% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401BAD Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
C-Code - Quality: 51% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004052E5 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 24processCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405578 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401EC5 Relevance: 6.1, APIs: 4, Instructions: 54memoryCOMMON
C-Code - Quality: 85% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401D1B Relevance: 6.0, APIs: 4, Instructions: 34COMMON
C-Code - Quality: 67% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404D73 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004024B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34filestringCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004055BF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004056D1 Relevance: 5.0, APIs: 4, Instructions: 30stringCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
Execution Coverage: | 31.4% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 2.3% |
Total number of Nodes: | 1846 |
Total number of Limit Nodes: | 97 |
Graph
Function 00403D74 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 200fileCOMMON
Control-flow Graph
C-Code - Quality: 85% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 78% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402B7C Relevance: 3.0, APIs: 2, Instructions: 20memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406069 Relevance: 1.5, APIs: 1, Instructions: 12COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404ED4 Relevance: 1.5, APIs: 1, Instructions: 9networkCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 75% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404E17 Relevance: 7.6, APIs: 5, Instructions: 72networkCOMMON
Control-flow Graph
C-Code - Quality: 37% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004040BB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 129filememoryCOMMON
Control-flow Graph
C-Code - Quality: 74% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 79% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004042CF Relevance: 4.6, APIs: 3, Instructions: 60fileCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00412D31 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 178threadCOMMON
C-Code - Quality: 34% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402C03 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 13libraryloaderCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 92% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402BAB Relevance: 3.0, APIs: 2, Instructions: 11memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004060BD Relevance: 1.6, APIs: 1, Instructions: 53COMMON
C-Code - Quality: 40% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403C62 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040642C Relevance: 1.5, APIs: 1, Instructions: 18COMMON
C-Code - Quality: 37% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404EEA Relevance: 1.5, APIs: 1, Instructions: 16networkCOMMON
C-Code - Quality: 37% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403BD0 Relevance: 1.5, APIs: 1, Instructions: 14COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404DF3 Relevance: 1.5, APIs: 1, Instructions: 13networkCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040427D Relevance: 1.5, APIs: 1, Instructions: 13COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403C40 Relevance: 1.5, APIs: 1, Instructions: 12COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403C08 Relevance: 1.5, APIs: 1, Instructions: 12fileCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402C1F Relevance: 1.5, APIs: 1, Instructions: 12libraryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403BEF Relevance: 1.5, APIs: 1, Instructions: 12COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403BB7 Relevance: 1.5, APIs: 1, Instructions: 12COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403B64 Relevance: 1.5, APIs: 1, Instructions: 11COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404DE5 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403F9E Relevance: 1.3, APIs: 1, Instructions: 16COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406472 Relevance: 1.3, APIs: 1, Instructions: 12sleepCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004058EA Relevance: 1.3, APIs: 1, Instructions: 12COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405924 Relevance: 1.3, APIs: 1, Instructions: 12COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040D069 Relevance: 12.6, Strings: 10, Instructions: 138COMMON
C-Code - Quality: 88% |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |