Windows
Analysis Report
ypdTgfE0o8
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- ypdTgfE0o8.exe (PID: 7152 cmdline:
"C:\Users\ user\Deskt op\ypdTgfE 0o8.exe" MD5: D2CE3B2A5F3EFB1FCEDE96304E57A531) - cbgsujmwws.exe (PID: 6240 cmdline:
C:\Users\u ser\AppDat a\Local\Te mp\cbgsujm wws.exe C: \Users\use r\AppData\ Local\Temp \jplmbcuny MD5: F9E42C92E371CEDC22C78E2900418651) - cbgsujmwws.exe (PID: 492 cmdline:
C:\Users\u ser\AppDat a\Local\Te mp\cbgsujm wws.exe C: \Users\use r\AppData\ Local\Temp \jplmbcuny MD5: F9E42C92E371CEDC22C78E2900418651)
- cleanup
{"C2 list": ["http://kbfvzoboss.bid/alien/fre.php", "http://alphastand.trade/alien/fre.php", "http://alphastand.win/alien/fre.php", "http://alphastand.top/alien/fre.php", "45.133.1.20/oluwa/five/fre.php"]}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_aPLib_compressed_binary | Yara detected aPLib compressed binary | Joe Security | ||
JoeSecurity_Lokibot | Yara detected Lokibot | Joe Security | ||
INDICATOR_SUSPICIOUS_GENInfoStealer | Detects executables containing common artifcats observed in infostealers | ditekSHen |
| |
Loki_1 | Loki Payload | kevoreilly |
| |
Click to see the 35 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_aPLib_compressed_binary | Yara detected aPLib compressed binary | Joe Security | ||
JoeSecurity_Lokibot | Yara detected Lokibot | Joe Security | ||
INDICATOR_SUSPICIOUS_GENInfoStealer | Detects executables containing common artifcats observed in infostealers | ditekSHen |
| |
Loki_1 | Loki Payload | kevoreilly |
| |
Click to see the 76 entries |
Click to jump to signature section
AV Detection |
---|
Source: | Malware Configuration Extractor: |
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: |
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link |
Source: | Joe Sandbox ML: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 0_2_00405C13 | |
Source: | Code function: | 0_2_0040683D | |
Source: | Code function: | 0_2_0040290B | |
Source: | Code function: | 2_2_00403D74 |
Networking |
---|
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: |
Source: | ASN Name: |
Source: | IP Address: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | HTTP traffic detected: |
Source: | Code function: | 2_2_00404ED4 |
Source: | Code function: | 0_2_004056A8 |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Code function: | 0_2_004034F7 |
Source: | Code function: | 0_2_00406BFE | |
Source: | Code function: | 1_2_009E0A48 | |
Source: | Code function: | 2_2_0040549C | |
Source: | Code function: | 2_2_004029D4 |
Source: | Dropped File: |
Source: | Virustotal: | ||
Source: | ReversingLabs: |
Source: | File read: | Jump to behavior |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Code function: | 0_2_004034F7 | |
Source: | Code function: | 2_2_0040650A |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | Code function: | 0_2_004021AA |
Source: | File read: | Jump to behavior |
Source: | Code function: | 0_2_00404954 |
Source: | Mutant created: |
Source: | Key opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Data Obfuscation |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Code function: | 2_2_00402AD4 | |
Source: | Code function: | 2_2_00402AFC |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | Evasive API call chain: | graph_1-490 |
Source: | Thread sleep time: | Jump to behavior |
Source: | Code function: | 0_2_00405C13 | |
Source: | Code function: | 0_2_0040683D | |
Source: | Code function: | 0_2_0040290B | |
Source: | Code function: | 2_2_00403D74 |
Source: | Thread delayed: | Jump to behavior |
Source: | API call chain: | graph_0-3759 |
Source: | Binary or memory string: |
Source: | Code function: | 2_2_00402B7C |
Source: | Process token adjusted: | Jump to behavior |
Source: | Code function: | 1_2_009E03F8 | |
Source: | Code function: | 1_2_009E061D | |
Source: | Code function: | 1_2_009E0736 | |
Source: | Code function: | 1_2_009E06F7 | |
Source: | Code function: | 1_2_009E0772 | |
Source: | Code function: | 2_2_0040317B |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Code function: | 0_2_004034F7 |
Source: | Code function: | 2_2_00406069 |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Code function: | 2_2_0040D069 | |
Source: | Code function: | 2_2_0040D069 |
Source: | File opened: | Jump to behavior |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | 1 Native API | Path Interception | 1 Access Token Manipulation | 1 Masquerading | 2 OS Credential Dumping | 11 Security Software Discovery | Remote Services | 1 Email Collection | Exfiltration Over Other Network Medium | 1 Encrypted Channel | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | 1 System Shutdown/Reboot |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 111 Process Injection | 11 Virtualization/Sandbox Evasion | 2 Credentials in Registry | 11 Virtualization/Sandbox Evasion | Remote Desktop Protocol | 1 Archive Collected Data | Exfiltration Over Bluetooth | 1 Ingress Tool Transfer | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | 1 Access Token Manipulation | Security Account Manager | 1 Account Discovery | SMB/Windows Admin Shares | 2 Data from Local System | Automated Exfiltration | 1 Non-Application Layer Protocol | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | 111 Process Injection | NTDS | 1 System Owner/User Discovery | Distributed Component Object Model | 1 Clipboard Data | Scheduled Transfer | 111 Application Layer Protocol | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | 1 Deobfuscate/Decode Files or Information | LSA Secrets | 2 File and Directory Discovery | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | 2 Obfuscated Files or Information | Cached Domain Credentials | 5 System Information Discovery | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
42% | Virustotal | Browse | ||
11% | Metadefender | Browse | ||
48% | ReversingLabs | Win32.Trojan.LokiBot | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
7% | ReversingLabs | |||
7% | ReversingLabs |
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
16% | Virustotal | Browse | ||
100% | Avira URL Cloud | malware | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
16% | Virustotal | Browse | ||
100% | Avira URL Cloud | malware | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| low | |
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
45.133.1.20 | unknown | Netherlands | 35913 | DEDIPATH-LLCUS | true |
Joe Sandbox Version: | 34.0.0 Boulder Opal |
Analysis ID: | 620790 |
Start date and time: 05/05/202208:44:39 | 2022-05-05 08:44:39 +02:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 6m 2s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | ypdTgfE0o8 (renamed file extension from none to exe) |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 21 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.troj.spyw.evad.winEXE@5/6@0/1 |
EGA Information: |
|
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, wuapihost.exe
- Excluded domains from analysis (whitelisted): www.bing.com, ris.api.iris.microsoft.com, client.wns.windows.com, fs.microsoft.com, store-images.s-microsoft.com, login.live.com, sls.update.microsoft.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, arc.msn.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtQueryValueKey calls found.
Time | Type | Description |
---|---|---|
08:46:04 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
45.133.1.20 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
DEDIPATH-LLCUS | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Process: | C:\Users\user\Desktop\ypdTgfE0o8.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 5632 |
Entropy (8bit): | 4.504221834875508 |
Encrypted: | false |
SSDEEP: | 96:X5xoZGYXbECrq+M4Ix+MeBZtXIpXSdOWPmoynsx:X5xogYXN24geBZVIpidPPmoyn |
MD5: | F9E42C92E371CEDC22C78E2900418651 |
SHA1: | 3E99BA4A4A007D2AD1CFA6E3FDA91B01A710839D |
SHA-256: | F340BF91627787A2770C897AA9555BB82382CDCC2232904B5707238AB0A85E39 |
SHA-512: | 7CA0A18F7AE83F0D11D8B33DDCA579FB5E5629B5255EEBF28B2E256A0B4449F4DEE5BDFF2EF6F9E1AF323A04111A688D9251629DDECB046746978F94D469DE05 |
Malicious: | true |
Antivirus: |
|
Joe Sandbox View: |
|
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\ypdTgfE0o8.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4875 |
Entropy (8bit): | 6.186807480747828 |
Encrypted: | false |
SSDEEP: | 96:mZgnifiA8jYSIHGhUgwmthwwNAPnzoUJKAf:jAiq2UJmteRJ5f |
MD5: | 0DBCEB0FC7BCB589C214A5CBDF34B95B |
SHA1: | E7F948A31C2CE8AC25CCE1169654435CEC455BEF |
SHA-256: | 7A5C8835A40792321F57502A295E3972D2B1B1288AE9BD2E8899169A67941097 |
SHA-512: | 7BE085588931F5CA5FE9622E6B758EB5DA6DBD683732814E1C570E113B0D144088DBFE52F3C5116619A4DF97B45B8D5804581BB807E0725B353520CC4B2432DA |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\ypdTgfE0o8.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 106495 |
Entropy (8bit): | 7.955352895008678 |
Encrypted: | false |
SSDEEP: | 1536:DqjPKwwio2fyBOo0vlv/RR53SfpU1FzziiEoDMFZDwgPgLJ68a34ou:Dqz02fOR09XT5CIzziTogbjkJ68aS |
MD5: | D36BFA103F3793806490CC1E20CEB429 |
SHA1: | 9FFC447F3FAF0BD6047AF095650237C6BE04CC5E |
SHA-256: | 098B0F7A8E149F3F30525C7D956324BDEF23F43648AD136ED21B393F21E64F99 |
SHA-512: | 7662F73F06600360F83AF60BDF9B8BE37E8ECA9702B804161DF59697F26C3F14679DCE7C9C0F24A49AADCED618A1885B690DF8477768068B5F4F2182FDE4C7CB |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\cbgsujmwws.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 5632 |
Entropy (8bit): | 4.504221834875508 |
Encrypted: | false |
SSDEEP: | 96:X5xoZGYXbECrq+M4Ix+MeBZtXIpXSdOWPmoynsx:X5xogYXN24geBZVIpidPPmoyn |
MD5: | F9E42C92E371CEDC22C78E2900418651 |
SHA1: | 3E99BA4A4A007D2AD1CFA6E3FDA91B01A710839D |
SHA-256: | F340BF91627787A2770C897AA9555BB82382CDCC2232904B5707238AB0A85E39 |
SHA-512: | 7CA0A18F7AE83F0D11D8B33DDCA579FB5E5629B5255EEBF28B2E256A0B4449F4DEE5BDFF2EF6F9E1AF323A04111A688D9251629DDECB046746978F94D469DE05 |
Malicious: | false |
Antivirus: |
|
Joe Sandbox View: |
|
Reputation: | low |
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\cbgsujmwws.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:U:U |
MD5: | C4CA4238A0B923820DCC509A6F75849B |
SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3853321935-2125563209-4053062332-1002\21c8026919fd094ab07ec3c180a9f210_d06ed635-68f6-4e9a-955c-4899f5f57b9a
Download File
Process: | C:\Users\user\AppData\Local\Temp\cbgsujmwws.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 49 |
Entropy (8bit): | 1.2701062923235522 |
Encrypted: | false |
SSDEEP: | 3:/l1PL3n:fPL3 |
MD5: | CD8FA61AD2906643348EEF98A988B873 |
SHA1: | 0B10E2F323B5C73F3A6EA348633B62AE522DDF39 |
SHA-256: | 49A11A24821F2504B8C91BA9D8A6BD6F421ED2F0212C1C771BF1CAC9DE32AD75 |
SHA-512: | 1E6F44AB3231232221CF0F4268E96A13C82E3F96249D7963B78805B693B52D3EBDABF873DB240813DF606D8C207BD2859338D67BA94F33ECBA43EA9A4FEFA086 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.738733424317965 |
TrID: |
|
File name: | ypdTgfE0o8.exe |
File size: | 126706 |
MD5: | d2ce3b2a5f3efb1fcede96304e57a531 |
SHA1: | d74be8fe0be4ec13340dad9c0fdeb653c9c8b90e |
SHA256: | e0a4948a58829f4ecd9e6fb9b28e127a6827bd8761ded085d2069a248f6f5462 |
SHA512: | fd0d0b51000b146049db24ecac27885ff4f688b4e40b42061972d21aaa45f8657437db8f56880f5414f00b5e35febce8a339b1d30bd387f8f11a179b222e828b |
SSDEEP: | 3072:l1NjcVVnLpPunbrclqvVjW/GAk+dOH6yzqwr1O+5ZFy:HNeZmrc+/AkDBzqwwqi |
TLSH: | 83C3F1157AE0C467C8631A712E3A5BA75FF2D5331234538F5320AF9C7E36A91990E743 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf..sV..Pf..V`..Pf.Rich.Pf.........................PE..L.....Oa.................f...*..... |
Icon Hash: | b2a88c96b2ca6a72 |
Entrypoint: | 0x4034f7 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
DLL Characteristics: | NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT |
Time Stamp: | 0x614F9AE5 [Sat Sep 25 21:55:49 2021 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | 56a78d55f3f7af51443e58e0ce2fb5f6 |
Instruction |
---|
push ebp |
mov ebp, esp |
sub esp, 000003F4h |
push ebx |
push esi |
push edi |
push 00000020h |
pop edi |
xor ebx, ebx |
push 00008001h |
mov dword ptr [ebp-14h], ebx |
mov dword ptr [ebp-04h], 0040A2E0h |
mov dword ptr [ebp-10h], ebx |
call dword ptr [004080CCh] |
mov esi, dword ptr [004080D0h] |
lea eax, dword ptr [ebp-00000140h] |
push eax |
mov dword ptr [ebp-0000012Ch], ebx |
mov dword ptr [ebp-2Ch], ebx |
mov dword ptr [ebp-28h], ebx |
mov dword ptr [ebp-00000140h], 0000011Ch |
call esi |
test eax, eax |
jne 00007FC9BC3D692Ah |
lea eax, dword ptr [ebp-00000140h] |
mov dword ptr [ebp-00000140h], 00000114h |
push eax |
call esi |
mov ax, word ptr [ebp-0000012Ch] |
mov ecx, dword ptr [ebp-00000112h] |
sub ax, 00000053h |
add ecx, FFFFFFD0h |
neg ax |
sbb eax, eax |
mov byte ptr [ebp-26h], 00000004h |
not eax |
and eax, ecx |
mov word ptr [ebp-2Ch], ax |
cmp dword ptr [ebp-0000013Ch], 0Ah |
jnc 00007FC9BC3D68FAh |
and word ptr [ebp-00000132h], 0000h |
mov eax, dword ptr [ebp-00000134h] |
movzx ecx, byte ptr [ebp-00000138h] |
mov dword ptr [0042A2D8h], eax |
xor eax, eax |
mov ah, byte ptr [ebp-0000013Ch] |
movzx eax, ax |
or eax, ecx |
xor ecx, ecx |
mov ch, byte ptr [ebp-2Ch] |
movzx ecx, cx |
shl eax, 10h |
or eax, ecx |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x8504 | 0xa0 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x3b000 | 0xa50 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x8000 | 0x2b0 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x6515 | 0x6600 | False | 0.661534926471 | data | 6.43970794855 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rdata | 0x8000 | 0x139a | 0x1400 | False | 0.45 | data | 5.14577456407 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0xa000 | 0x20338 | 0x600 | False | 0.499348958333 | data | 4.01369865045 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.ndata | 0x2b000 | 0x10000 | 0x0 | False | 0 | empty | 0.0 | IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.rsrc | 0x3b000 | 0xa50 | 0xc00 | False | 0.402018229167 | data | 4.18462166815 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_ICON | 0x3b190 | 0x2e8 | data | English | United States |
RT_DIALOG | 0x3b478 | 0x100 | data | English | United States |
RT_DIALOG | 0x3b578 | 0x11c | data | English | United States |
RT_DIALOG | 0x3b698 | 0x60 | data | English | United States |
RT_GROUP_ICON | 0x3b6f8 | 0x14 | data | English | United States |
RT_MANIFEST | 0x3b710 | 0x33e | XML 1.0 document, ASCII text, with very long lines, with no line terminators | English | United States |
DLL | Import |
---|---|
ADVAPI32.dll | RegCreateKeyExW, RegEnumKeyW, RegQueryValueExW, RegSetValueExW, RegCloseKey, RegDeleteValueW, RegDeleteKeyW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, SetFileSecurityW, RegOpenKeyExW, RegEnumValueW |
SHELL32.dll | SHGetSpecialFolderLocation, SHFileOperationW, SHBrowseForFolderW, SHGetPathFromIDListW, ShellExecuteExW, SHGetFileInfoW |
ole32.dll | OleInitialize, OleUninitialize, CoCreateInstance, IIDFromString, CoTaskMemFree |
COMCTL32.dll | ImageList_Create, ImageList_Destroy, ImageList_AddMasked |
USER32.dll | GetClientRect, EndPaint, DrawTextW, IsWindowEnabled, DispatchMessageW, wsprintfA, CharNextA, CharPrevW, MessageBoxIndirectW, GetDlgItemTextW, SetDlgItemTextW, GetSystemMetrics, FillRect, AppendMenuW, TrackPopupMenu, OpenClipboard, SetClipboardData, CloseClipboard, IsWindowVisible, CallWindowProcW, GetMessagePos, CheckDlgButton, LoadCursorW, SetCursor, GetSysColor, SetWindowPos, GetWindowLongW, PeekMessageW, SetClassLongW, GetSystemMenu, EnableMenuItem, GetWindowRect, ScreenToClient, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, FindWindowExW, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, EmptyClipboard, CreatePopupMenu |
GDI32.dll | SetBkMode, SetBkColor, GetDeviceCaps, CreateFontIndirectW, CreateBrushIndirect, DeleteObject, SetTextColor, SelectObject |
KERNEL32.dll | GetExitCodeProcess, WaitForSingleObject, GetModuleHandleA, GetProcAddress, GetSystemDirectoryW, lstrcatW, Sleep, lstrcpyA, WriteFile, GetTempFileNameW, CreateFileW, lstrcmpiA, RemoveDirectoryW, CreateProcessW, CreateDirectoryW, GetLastError, CreateThread, GlobalLock, GlobalUnlock, GetDiskFreeSpaceW, WideCharToMultiByte, lstrcpynW, lstrlenW, SetErrorMode, GetVersionExW, GetCommandLineW, GetTempPathW, GetWindowsDirectoryW, SetEnvironmentVariableW, CopyFileW, ExitProcess, GetCurrentProcess, GetModuleFileNameW, GetFileSize, GetTickCount, MulDiv, SetFileAttributesW, GetFileAttributesW, SetCurrentDirectoryW, MoveFileW, GetFullPathNameW, GetShortPathNameW, SearchPathW, CompareFileTime, SetFileTime, CloseHandle, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalFree, GlobalAlloc, GetModuleHandleW, LoadLibraryExW, MoveFileExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, lstrlenA, MultiByteToWideChar, ReadFile, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 5, 2022 08:46:01.466833115 CEST | 49771 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:01.492583990 CEST | 80 | 49771 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:01.492726088 CEST | 49771 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:01.499744892 CEST | 49771 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:01.525523901 CEST | 80 | 49771 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:01.525635004 CEST | 49771 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:01.551342964 CEST | 80 | 49771 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:01.580796957 CEST | 80 | 49771 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:01.580830097 CEST | 80 | 49771 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:01.580961943 CEST | 49771 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:01.581115007 CEST | 49771 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:01.607146978 CEST | 80 | 49771 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:03.092267990 CEST | 49772 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:03.118486881 CEST | 80 | 49772 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:03.118626118 CEST | 49772 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:03.132381916 CEST | 49772 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:03.158200026 CEST | 80 | 49772 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:03.158319950 CEST | 49772 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:03.184111118 CEST | 80 | 49772 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:03.221048117 CEST | 80 | 49772 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:03.221069098 CEST | 80 | 49772 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:03.221163034 CEST | 49772 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:03.221235037 CEST | 49772 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:03.246866941 CEST | 80 | 49772 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:04.167363882 CEST | 49773 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:04.193100929 CEST | 80 | 49773 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:04.193236113 CEST | 49773 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:04.197166920 CEST | 49773 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:04.222893000 CEST | 80 | 49773 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:04.222978115 CEST | 49773 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:04.248573065 CEST | 80 | 49773 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:04.298516035 CEST | 80 | 49773 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:04.298542023 CEST | 80 | 49773 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:04.298629045 CEST | 49773 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:04.298717022 CEST | 49773 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:04.324295998 CEST | 80 | 49773 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:07.444600105 CEST | 49774 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:07.471069098 CEST | 80 | 49774 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:07.471250057 CEST | 49774 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:07.670756102 CEST | 49774 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:07.696760893 CEST | 80 | 49774 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:07.696929932 CEST | 49774 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:07.725140095 CEST | 80 | 49774 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:07.746820927 CEST | 80 | 49774 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:07.746857882 CEST | 80 | 49774 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:07.746978998 CEST | 49774 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:07.778664112 CEST | 49774 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:07.805520058 CEST | 80 | 49774 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:10.427409887 CEST | 49776 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:10.453461885 CEST | 80 | 49776 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:10.453638077 CEST | 49776 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:10.458256960 CEST | 49776 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:10.484729052 CEST | 80 | 49776 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:10.484827995 CEST | 49776 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:10.510766029 CEST | 80 | 49776 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:10.540349960 CEST | 80 | 49776 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:10.540378094 CEST | 80 | 49776 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:10.540584087 CEST | 49776 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:10.548280001 CEST | 49776 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:10.574561119 CEST | 80 | 49776 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:11.757216930 CEST | 49777 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:11.783070087 CEST | 80 | 49777 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:11.783195972 CEST | 49777 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:11.786866903 CEST | 49777 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:11.812761068 CEST | 80 | 49777 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:11.812916994 CEST | 49777 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:11.838656902 CEST | 80 | 49777 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:11.871474981 CEST | 80 | 49777 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:11.871562958 CEST | 80 | 49777 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:11.871704102 CEST | 49777 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:11.929109097 CEST | 80 | 49777 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:11.929279089 CEST | 49777 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:12.282473087 CEST | 49777 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:12.309139967 CEST | 80 | 49777 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:12.958784103 CEST | 49778 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:12.985939026 CEST | 80 | 49778 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:12.986049891 CEST | 49778 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:12.988894939 CEST | 49778 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:13.016204119 CEST | 80 | 49778 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:13.016323090 CEST | 49778 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:13.041870117 CEST | 80 | 49778 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:13.084786892 CEST | 80 | 49778 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:13.084810019 CEST | 80 | 49778 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:13.084903002 CEST | 49778 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:13.084984064 CEST | 49778 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:13.111167908 CEST | 80 | 49778 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:13.993448973 CEST | 49779 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:14.019017935 CEST | 80 | 49779 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:14.019249916 CEST | 49779 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:14.046129942 CEST | 49779 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:14.071762085 CEST | 80 | 49779 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:14.071837902 CEST | 49779 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:14.097388983 CEST | 80 | 49779 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:14.137701988 CEST | 80 | 49779 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:14.137794018 CEST | 80 | 49779 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:14.137877941 CEST | 49779 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:14.154405117 CEST | 49779 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:14.180064917 CEST | 80 | 49779 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:15.154742002 CEST | 49780 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:15.181096077 CEST | 80 | 49780 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:15.181377888 CEST | 49780 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:15.184581995 CEST | 49780 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:15.210243940 CEST | 80 | 49780 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:15.210380077 CEST | 49780 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:15.236038923 CEST | 80 | 49780 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:15.265968084 CEST | 80 | 49780 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:15.265996933 CEST | 80 | 49780 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:15.266164064 CEST | 49780 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:15.266190052 CEST | 49780 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:15.291933060 CEST | 80 | 49780 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:16.299664021 CEST | 49781 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:16.325510025 CEST | 80 | 49781 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:16.325709105 CEST | 49781 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:16.336569071 CEST | 49781 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:16.362577915 CEST | 80 | 49781 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:16.362673044 CEST | 49781 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:16.388345003 CEST | 80 | 49781 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:16.421443939 CEST | 80 | 49781 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:16.421494961 CEST | 80 | 49781 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:16.421605110 CEST | 49781 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:16.421643019 CEST | 49781 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:16.447292089 CEST | 80 | 49781 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:17.459208012 CEST | 49782 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:17.485095978 CEST | 80 | 49782 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:17.486258030 CEST | 49782 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:17.488993883 CEST | 49782 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:17.514698982 CEST | 80 | 49782 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:17.517147064 CEST | 49782 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:17.542860985 CEST | 80 | 49782 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:17.568052053 CEST | 80 | 49782 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:17.568103075 CEST | 80 | 49782 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:17.568243980 CEST | 49782 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:17.568293095 CEST | 49782 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:17.594041109 CEST | 80 | 49782 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:18.806593895 CEST | 49783 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:18.832165003 CEST | 80 | 49783 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:18.832312107 CEST | 49783 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:18.841994047 CEST | 49783 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:18.867532969 CEST | 80 | 49783 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:18.867662907 CEST | 49783 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:18.893286943 CEST | 80 | 49783 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:18.919632912 CEST | 80 | 49783 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:18.919702053 CEST | 80 | 49783 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:18.919786930 CEST | 49783 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:18.919840097 CEST | 49783 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:18.945512056 CEST | 80 | 49783 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:21.058904886 CEST | 49786 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:21.084845066 CEST | 80 | 49786 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:21.085432053 CEST | 49786 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:21.088184118 CEST | 49786 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:21.114031076 CEST | 80 | 49786 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:21.115345001 CEST | 49786 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:21.141000032 CEST | 80 | 49786 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:21.180464983 CEST | 80 | 49786 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:21.180620909 CEST | 49786 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:21.180644989 CEST | 80 | 49786 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:21.180708885 CEST | 49786 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:21.206311941 CEST | 80 | 49786 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:23.876312017 CEST | 49789 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:23.901952982 CEST | 80 | 49789 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:23.902123928 CEST | 49789 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:23.904851913 CEST | 49789 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:23.930859089 CEST | 80 | 49789 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:23.930970907 CEST | 49789 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:23.956674099 CEST | 80 | 49789 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:23.986737013 CEST | 80 | 49789 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:23.986769915 CEST | 80 | 49789 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:23.986920118 CEST | 49789 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:23.987452030 CEST | 49789 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:24.013135910 CEST | 80 | 49789 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:28.141515017 CEST | 49790 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:28.167458057 CEST | 80 | 49790 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:28.167593002 CEST | 49790 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:28.170344114 CEST | 49790 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:28.196062088 CEST | 80 | 49790 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:28.196135044 CEST | 49790 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:28.221890926 CEST | 80 | 49790 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:28.254359961 CEST | 80 | 49790 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:28.254400015 CEST | 80 | 49790 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:28.254523039 CEST | 49790 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:28.254838943 CEST | 49790 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:28.280379057 CEST | 80 | 49790 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:30.022569895 CEST | 49791 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:30.048295975 CEST | 80 | 49791 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:30.048413038 CEST | 49791 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:30.051409006 CEST | 49791 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:30.077058077 CEST | 80 | 49791 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:30.077204943 CEST | 49791 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:30.102874994 CEST | 80 | 49791 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:30.135314941 CEST | 80 | 49791 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:30.135445118 CEST | 80 | 49791 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:30.135471106 CEST | 49791 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:30.135519981 CEST | 49791 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:30.161175013 CEST | 80 | 49791 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:31.463718891 CEST | 49793 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:31.489507914 CEST | 80 | 49793 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:31.489623070 CEST | 49793 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:31.492450953 CEST | 49793 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:31.518460035 CEST | 80 | 49793 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:31.518572092 CEST | 49793 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:31.544800997 CEST | 80 | 49793 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:31.569453955 CEST | 80 | 49793 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:31.569581032 CEST | 49793 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:31.569807053 CEST | 80 | 49793 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:31.569891930 CEST | 49793 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:31.595300913 CEST | 80 | 49793 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:32.739850044 CEST | 49795 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:32.765528917 CEST | 80 | 49795 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:32.765749931 CEST | 49795 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:32.770695925 CEST | 49795 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:32.796336889 CEST | 80 | 49795 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:32.796432972 CEST | 49795 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:32.822113037 CEST | 80 | 49795 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:32.845130920 CEST | 80 | 49795 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:32.845175982 CEST | 80 | 49795 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:32.845258951 CEST | 49795 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:32.845330954 CEST | 49795 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:32.870966911 CEST | 80 | 49795 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:33.947304964 CEST | 49796 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:36.956399918 CEST | 49796 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:36.982203007 CEST | 80 | 49796 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:36.982301950 CEST | 49796 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:36.985054970 CEST | 49796 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:37.010833979 CEST | 80 | 49796 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:37.010900021 CEST | 49796 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:37.036783934 CEST | 80 | 49796 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:37.077541113 CEST | 80 | 49796 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:37.077655077 CEST | 80 | 49796 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:37.077662945 CEST | 49796 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:37.077723026 CEST | 49796 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:37.103598118 CEST | 80 | 49796 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:39.623234987 CEST | 49801 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:39.649231911 CEST | 80 | 49801 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:39.649482965 CEST | 49801 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:39.663667917 CEST | 49801 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:39.689495087 CEST | 80 | 49801 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:39.689560890 CEST | 49801 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:39.715259075 CEST | 80 | 49801 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:39.747967958 CEST | 80 | 49801 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:39.748009920 CEST | 80 | 49801 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:39.748137951 CEST | 49801 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:39.748214960 CEST | 49801 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:39.773919106 CEST | 80 | 49801 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:41.791201115 CEST | 49803 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:41.816798925 CEST | 80 | 49803 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:41.816925049 CEST | 49803 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:41.821501017 CEST | 49803 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:41.847227097 CEST | 80 | 49803 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:41.847678900 CEST | 49803 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:41.873394966 CEST | 80 | 49803 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:41.905873060 CEST | 80 | 49803 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:41.905889988 CEST | 80 | 49803 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:41.905958891 CEST | 49803 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:41.906069040 CEST | 49803 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:41.931476116 CEST | 80 | 49803 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:47.065920115 CEST | 49806 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:47.092921019 CEST | 80 | 49806 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:47.093015909 CEST | 49806 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:47.095755100 CEST | 49806 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:47.121457100 CEST | 80 | 49806 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:47.121552944 CEST | 49806 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:47.147526979 CEST | 80 | 49806 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:47.184792995 CEST | 80 | 49806 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:47.184845924 CEST | 80 | 49806 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:47.184914112 CEST | 49806 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:47.184950113 CEST | 49806 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:47.210741043 CEST | 80 | 49806 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:49.101778030 CEST | 49807 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:49.127429962 CEST | 80 | 49807 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:49.127535105 CEST | 49807 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:49.130492926 CEST | 49807 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:49.156208992 CEST | 80 | 49807 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:49.156307936 CEST | 49807 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:49.182001114 CEST | 80 | 49807 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:49.213563919 CEST | 80 | 49807 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:49.213733912 CEST | 49807 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:49.213809967 CEST | 80 | 49807 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:49.213891983 CEST | 49807 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:49.239551067 CEST | 80 | 49807 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:50.462841034 CEST | 49813 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:50.489159107 CEST | 80 | 49813 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:50.489265919 CEST | 49813 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:50.492080927 CEST | 49813 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:50.519220114 CEST | 80 | 49813 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:50.520315886 CEST | 49813 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:50.546113968 CEST | 80 | 49813 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:50.568424940 CEST | 80 | 49813 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:50.568454981 CEST | 80 | 49813 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:50.568531990 CEST | 49813 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:50.568578005 CEST | 49813 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:50.595846891 CEST | 80 | 49813 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:51.528772116 CEST | 49814 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:51.555057049 CEST | 80 | 49814 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:51.555176973 CEST | 49814 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:51.558074951 CEST | 49814 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:51.584573030 CEST | 80 | 49814 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:51.584703922 CEST | 49814 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:51.611004114 CEST | 80 | 49814 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:51.641252041 CEST | 80 | 49814 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:51.641309977 CEST | 80 | 49814 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:51.641387939 CEST | 49814 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:51.641417980 CEST | 49814 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:51.667057991 CEST | 80 | 49814 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:55.945395947 CEST | 49816 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:55.971554995 CEST | 80 | 49816 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:55.971698046 CEST | 49816 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:55.974919081 CEST | 49816 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:56.001095057 CEST | 80 | 49816 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:56.001226902 CEST | 49816 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:56.026881933 CEST | 80 | 49816 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:56.063024998 CEST | 80 | 49816 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:56.063097000 CEST | 80 | 49816 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:56.063160896 CEST | 49816 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:56.063203096 CEST | 49816 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:56.088968992 CEST | 80 | 49816 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:57.721995115 CEST | 49818 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:57.748529911 CEST | 80 | 49818 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:57.748684883 CEST | 49818 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:57.751458883 CEST | 49818 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:57.777210951 CEST | 80 | 49818 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:57.777304888 CEST | 49818 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:57.805988073 CEST | 80 | 49818 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:57.840574026 CEST | 80 | 49818 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:57.840643883 CEST | 80 | 49818 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:57.840724945 CEST | 49818 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:57.840867996 CEST | 49818 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:57.866405010 CEST | 80 | 49818 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:59.099565029 CEST | 49819 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:59.125133991 CEST | 80 | 49819 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:59.125224113 CEST | 49819 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:59.128279924 CEST | 49819 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:59.154026985 CEST | 80 | 49819 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:59.154638052 CEST | 49819 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:59.180283070 CEST | 80 | 49819 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:59.219291925 CEST | 80 | 49819 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:59.219329119 CEST | 80 | 49819 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:46:59.219444036 CEST | 49819 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:59.220263004 CEST | 49819 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:46:59.245780945 CEST | 80 | 49819 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:00.506937981 CEST | 49820 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:00.533533096 CEST | 80 | 49820 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:00.533703089 CEST | 49820 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:00.537714005 CEST | 49820 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:00.563373089 CEST | 80 | 49820 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:00.563507080 CEST | 49820 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:00.589421034 CEST | 80 | 49820 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:00.622258902 CEST | 80 | 49820 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:00.622402906 CEST | 49820 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:00.707943916 CEST | 80 | 49820 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:00.708005905 CEST | 49820 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:01.030510902 CEST | 80 | 49820 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:01.030616045 CEST | 49820 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:01.030651093 CEST | 49820 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:01.056718111 CEST | 80 | 49820 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:03.690577030 CEST | 49824 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:03.716223955 CEST | 80 | 49824 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:03.716317892 CEST | 49824 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:03.719001055 CEST | 49824 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:03.744621992 CEST | 80 | 49824 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:03.744713068 CEST | 49824 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:03.770380020 CEST | 80 | 49824 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:03.798513889 CEST | 80 | 49824 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:03.798556089 CEST | 80 | 49824 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:03.798639059 CEST | 49824 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:03.798681021 CEST | 49824 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:03.824698925 CEST | 80 | 49824 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:06.383930922 CEST | 49828 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:06.409638882 CEST | 80 | 49828 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:06.409728050 CEST | 49828 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:06.412861109 CEST | 49828 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:06.438354015 CEST | 80 | 49828 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:06.438435078 CEST | 49828 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:06.463984966 CEST | 80 | 49828 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:06.487222910 CEST | 80 | 49828 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:06.487252951 CEST | 80 | 49828 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:06.487350941 CEST | 49828 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:06.487386942 CEST | 49828 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:06.512834072 CEST | 80 | 49828 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:08.211415052 CEST | 49833 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:08.239159107 CEST | 80 | 49833 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:08.239296913 CEST | 49833 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:08.250713110 CEST | 49833 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:08.276141882 CEST | 80 | 49833 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:08.276225090 CEST | 49833 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:08.301733971 CEST | 80 | 49833 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:08.327680111 CEST | 80 | 49833 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:08.327831984 CEST | 49833 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:08.327848911 CEST | 80 | 49833 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:08.327903986 CEST | 49833 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:08.353351116 CEST | 80 | 49833 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:09.307068110 CEST | 49839 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:09.332969904 CEST | 80 | 49839 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:09.333163977 CEST | 49839 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:09.336080074 CEST | 49839 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:09.362087965 CEST | 80 | 49839 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:09.363354921 CEST | 49839 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:09.389084101 CEST | 80 | 49839 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:09.413443089 CEST | 80 | 49839 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:09.413481951 CEST | 80 | 49839 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:09.413567066 CEST | 49839 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:09.415482998 CEST | 49839 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:09.441237926 CEST | 80 | 49839 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:10.400228024 CEST | 49847 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:10.426275015 CEST | 80 | 49847 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:10.426410913 CEST | 49847 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:10.430170059 CEST | 49847 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:10.455945969 CEST | 80 | 49847 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:10.456146002 CEST | 49847 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:10.481869936 CEST | 80 | 49847 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:10.510929108 CEST | 80 | 49847 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:10.510958910 CEST | 80 | 49847 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:10.511112928 CEST | 49847 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:10.511158943 CEST | 49847 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:10.536814928 CEST | 80 | 49847 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:11.501878977 CEST | 49855 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:11.527569056 CEST | 80 | 49855 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:11.527698040 CEST | 49855 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:11.530445099 CEST | 49855 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:11.556118965 CEST | 80 | 49855 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:11.556226015 CEST | 49855 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:11.581864119 CEST | 80 | 49855 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:11.612447977 CEST | 80 | 49855 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:11.612610102 CEST | 80 | 49855 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:11.612704039 CEST | 49855 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:11.614583015 CEST | 49855 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:11.640259981 CEST | 80 | 49855 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:13.660037041 CEST | 49868 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:13.685731888 CEST | 80 | 49868 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:13.685843945 CEST | 49868 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:13.688633919 CEST | 49868 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:13.714425087 CEST | 80 | 49868 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:13.714560032 CEST | 49868 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:13.740238905 CEST | 80 | 49868 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:13.771070957 CEST | 80 | 49868 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:13.771102905 CEST | 80 | 49868 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:13.771171093 CEST | 49868 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:13.771204948 CEST | 49868 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:13.796912909 CEST | 80 | 49868 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:17.025366068 CEST | 49879 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:17.050980091 CEST | 80 | 49879 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:17.051112890 CEST | 49879 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:17.057698011 CEST | 49879 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:17.083270073 CEST | 80 | 49879 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:17.083367109 CEST | 49879 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:17.108820915 CEST | 80 | 49879 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:17.142337084 CEST | 80 | 49879 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:17.142362118 CEST | 80 | 49879 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:17.142452002 CEST | 49879 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:17.142510891 CEST | 49879 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:17.168212891 CEST | 80 | 49879 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:24.257633924 CEST | 49886 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:24.283416986 CEST | 80 | 49886 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:24.283579111 CEST | 49886 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:24.286217928 CEST | 49886 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:24.311800957 CEST | 80 | 49886 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:24.311959982 CEST | 49886 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:24.337587118 CEST | 80 | 49886 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:24.361577988 CEST | 80 | 49886 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:24.363302946 CEST | 49886 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:24.444921017 CEST | 80 | 49886 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:24.446794033 CEST | 49886 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:24.758858919 CEST | 80 | 49886 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:24.758987904 CEST | 49886 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:24.759005070 CEST | 49886 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:24.784897089 CEST | 80 | 49886 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:28.511306047 CEST | 49887 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:28.537061930 CEST | 80 | 49887 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:28.537213087 CEST | 49887 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:28.539921045 CEST | 49887 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:28.565530062 CEST | 80 | 49887 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:28.565720081 CEST | 49887 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:28.591340065 CEST | 80 | 49887 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:28.615139008 CEST | 80 | 49887 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:28.615156889 CEST | 80 | 49887 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:28.615305901 CEST | 49887 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:28.615361929 CEST | 49887 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:28.641108036 CEST | 80 | 49887 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:30.995107889 CEST | 49888 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:31.020828962 CEST | 80 | 49888 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:31.020981073 CEST | 49888 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:31.023957968 CEST | 49888 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:31.050052881 CEST | 80 | 49888 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:31.050134897 CEST | 49888 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:31.075862885 CEST | 80 | 49888 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:31.104381084 CEST | 80 | 49888 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:31.104415894 CEST | 80 | 49888 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:31.104532957 CEST | 49888 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:31.104590893 CEST | 49888 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:31.130075932 CEST | 80 | 49888 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:32.234580040 CEST | 49889 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:32.260128975 CEST | 80 | 49889 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:32.260339022 CEST | 49889 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:32.263125896 CEST | 49889 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:32.288858891 CEST | 80 | 49889 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:32.289024115 CEST | 49889 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:32.314564943 CEST | 80 | 49889 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:32.340547085 CEST | 80 | 49889 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:32.340564966 CEST | 80 | 49889 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:32.340675116 CEST | 49889 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:32.340719938 CEST | 49889 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:32.367496014 CEST | 80 | 49889 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:33.417562008 CEST | 49891 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:33.443418026 CEST | 80 | 49891 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:33.443561077 CEST | 49891 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:33.446894884 CEST | 49891 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:33.472717047 CEST | 80 | 49891 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:33.472860098 CEST | 49891 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:33.498712063 CEST | 80 | 49891 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:33.523540020 CEST | 80 | 49891 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:33.523596048 CEST | 80 | 49891 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:33.523776054 CEST | 49891 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:33.523827076 CEST | 49891 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:33.550730944 CEST | 80 | 49891 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:34.634751081 CEST | 49892 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:34.660824060 CEST | 80 | 49892 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:34.661043882 CEST | 49892 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:34.664293051 CEST | 49892 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:34.690912008 CEST | 80 | 49892 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:34.691047907 CEST | 49892 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:34.718034029 CEST | 80 | 49892 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:34.749701977 CEST | 80 | 49892 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:34.749730110 CEST | 80 | 49892 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:34.749830008 CEST | 49892 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:34.749871016 CEST | 49892 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:34.776948929 CEST | 80 | 49892 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:35.911021948 CEST | 49893 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:35.937227964 CEST | 80 | 49893 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:35.937793016 CEST | 49893 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:35.940589905 CEST | 49893 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:35.967703104 CEST | 80 | 49893 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:35.967854023 CEST | 49893 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:35.996565104 CEST | 80 | 49893 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:36.032215118 CEST | 80 | 49893 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:36.032263994 CEST | 80 | 49893 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:36.032386065 CEST | 49893 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:36.032428026 CEST | 49893 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:36.058248043 CEST | 80 | 49893 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:37.200330019 CEST | 49895 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:40.202897072 CEST | 49895 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:40.230452061 CEST | 80 | 49895 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:40.230549097 CEST | 49895 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:40.233323097 CEST | 49895 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:40.259469986 CEST | 80 | 49895 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:40.259624958 CEST | 49895 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:40.285490036 CEST | 80 | 49895 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:40.311688900 CEST | 80 | 49895 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:40.311707973 CEST | 80 | 49895 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:40.311781883 CEST | 49895 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:40.311819077 CEST | 49895 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:40.337304115 CEST | 80 | 49895 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:43.419795990 CEST | 49904 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:43.445677996 CEST | 80 | 49904 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:43.445765972 CEST | 49904 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:43.448687077 CEST | 49904 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:43.474549055 CEST | 80 | 49904 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:43.474642992 CEST | 49904 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:43.500396013 CEST | 80 | 49904 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:43.533077955 CEST | 80 | 49904 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:43.533104897 CEST | 80 | 49904 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:43.533193111 CEST | 49904 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:43.533240080 CEST | 49904 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:43.558902979 CEST | 80 | 49904 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:44.480550051 CEST | 49910 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:44.506306887 CEST | 80 | 49910 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:44.506443977 CEST | 49910 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:44.510409117 CEST | 49910 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:44.536051035 CEST | 80 | 49910 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:44.536200047 CEST | 49910 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:44.561769962 CEST | 80 | 49910 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:44.586188078 CEST | 80 | 49910 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:44.586237907 CEST | 80 | 49910 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:44.586371899 CEST | 49910 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:44.586421967 CEST | 49910 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:44.611979008 CEST | 80 | 49910 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:45.557718992 CEST | 49916 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:45.583482981 CEST | 80 | 49916 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:45.583703995 CEST | 49916 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:45.587445021 CEST | 49916 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:45.613042116 CEST | 80 | 49916 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:45.613163948 CEST | 49916 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:45.638751984 CEST | 80 | 49916 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:45.670989037 CEST | 80 | 49916 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:45.671133995 CEST | 49916 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:45.671281099 CEST | 80 | 49916 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:45.671358109 CEST | 49916 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:45.696782112 CEST | 80 | 49916 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:46.694916010 CEST | 49921 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:46.720531940 CEST | 80 | 49921 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:46.720663071 CEST | 49921 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:46.723903894 CEST | 49921 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:46.749489069 CEST | 80 | 49921 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:46.750441074 CEST | 49921 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:46.776109934 CEST | 80 | 49921 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:46.807706118 CEST | 80 | 49921 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:46.807825089 CEST | 80 | 49921 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:46.807851076 CEST | 49921 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:46.809027910 CEST | 49921 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:46.833426952 CEST | 80 | 49921 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:49.087534904 CEST | 49922 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:49.113632917 CEST | 80 | 49922 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:49.114027977 CEST | 49922 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:49.122828960 CEST | 49922 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:49.148468971 CEST | 80 | 49922 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:49.148577929 CEST | 49922 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:49.174340010 CEST | 80 | 49922 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:49.208786011 CEST | 80 | 49922 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:49.208836079 CEST | 80 | 49922 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:49.208903074 CEST | 49922 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:49.208980083 CEST | 49922 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:49.234626055 CEST | 80 | 49922 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:51.702646971 CEST | 49923 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:51.728332996 CEST | 80 | 49923 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:51.728435040 CEST | 49923 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:51.765647888 CEST | 49923 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:51.793119907 CEST | 80 | 49923 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:51.793185949 CEST | 49923 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:51.819107056 CEST | 80 | 49923 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:51.848263025 CEST | 80 | 49923 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:51.848318100 CEST | 80 | 49923 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:51.848431110 CEST | 49923 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:51.853259087 CEST | 49923 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:51.879383087 CEST | 80 | 49923 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:53.573014021 CEST | 49925 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:53.598664999 CEST | 80 | 49925 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:53.598783016 CEST | 49925 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:53.606168985 CEST | 49925 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:53.638566971 CEST | 80 | 49925 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:53.638679028 CEST | 49925 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:53.676873922 CEST | 80 | 49925 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:53.703870058 CEST | 80 | 49925 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:53.703892946 CEST | 80 | 49925 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:53.704015017 CEST | 49925 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:53.704513073 CEST | 49925 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:53.731298923 CEST | 80 | 49925 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:55.226053953 CEST | 49926 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:55.251678944 CEST | 80 | 49926 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:55.251986027 CEST | 49926 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:55.260222912 CEST | 49926 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:55.285716057 CEST | 80 | 49926 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:55.286011934 CEST | 49926 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:55.311479092 CEST | 80 | 49926 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:55.342236996 CEST | 80 | 49926 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:55.342252016 CEST | 80 | 49926 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:55.342389107 CEST | 49926 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:55.342475891 CEST | 49926 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:55.368029118 CEST | 80 | 49926 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:56.144908905 CEST | 49927 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:56.170449018 CEST | 80 | 49927 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:56.170639992 CEST | 49927 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:56.175396919 CEST | 49927 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:56.201045036 CEST | 80 | 49927 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:56.201181889 CEST | 49927 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:56.226572037 CEST | 80 | 49927 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:56.259251118 CEST | 80 | 49927 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:56.259380102 CEST | 80 | 49927 | 45.133.1.20 | 192.168.2.6 |
May 5, 2022 08:47:56.259455919 CEST | 49927 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:56.259505033 CEST | 49927 | 80 | 192.168.2.6 | 45.133.1.20 |
May 5, 2022 08:47:56.284890890 CEST | 80 | 49927 | 45.133.1.20 | 192.168.2.6 |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.6 | 49771 | 45.133.1.20 | 80 | C:\Users\user\AppData\Local\Temp\cbgsujmwws.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
May 5, 2022 08:46:01.499744892 CEST | 1062 | OUT | |
May 5, 2022 08:46:01.525635004 CEST | 1062 | OUT | |
May 5, 2022 08:46:01.580796957 CEST | 1062 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.2.6 | 49772 | 45.133.1.20 | 80 | C:\Users\user\AppData\Local\Temp\cbgsujmwws.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
May 5, 2022 08:46:03.132381916 CEST | 1063 | OUT | |
May 5, 2022 08:46:03.158319950 CEST | 1063 | OUT | |
May 5, 2022 08:46:03.221048117 CEST | 1064 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
10 | 192.168.2.6 | 49782 | 45.133.1.20 | 80 | C:\Users\user\AppData\Local\Temp\cbgsujmwws.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
May 5, 2022 08:46:17.488993883 CEST | 1164 | OUT | |
May 5, 2022 08:46:17.517147064 CEST | 1165 | OUT | |
May 5, 2022 08:46:17.568052053 CEST | 1165 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
11 | 192.168.2.6 | 49783 | 45.133.1.20 | 80 | C:\Users\user\AppData\Local\Temp\cbgsujmwws.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
May 5, 2022 08:46:18.841994047 CEST | 1166 | OUT | |
May 5, 2022 08:46:18.867662907 CEST | 1166 | OUT | |
May 5, 2022 08:46:18.919632912 CEST | 1166 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
12 | 192.168.2.6 | 49786 | 45.133.1.20 | 80 | C:\Users\user\AppData\Local\Temp\cbgsujmwws.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
May 5, 2022 08:46:21.088184118 CEST | 1210 | OUT | |
May 5, 2022 08:46:21.115345001 CEST | 1211 | OUT | |
May 5, 2022 08:46:21.180464983 CEST | 1211 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
13 | 192.168.2.6 | 49789 | 45.133.1.20 | 80 | C:\Users\user\AppData\Local\Temp\cbgsujmwws.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
May 5, 2022 08:46:23.904851913 CEST | 1234 | OUT | |
May 5, 2022 08:46:23.930970907 CEST | 1234 | OUT | |
May 5, 2022 08:46:23.986737013 CEST | 1235 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
14 | 192.168.2.6 | 49790 | 45.133.1.20 | 80 | C:\Users\user\AppData\Local\Temp\cbgsujmwws.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
May 5, 2022 08:46:28.170344114 CEST | 1235 | OUT | |
May 5, 2022 08:46:28.196135044 CEST | 1236 | OUT | |
May 5, 2022 08:46:28.254359961 CEST | 1236 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
15 | 192.168.2.6 | 49791 | 45.133.1.20 | 80 | C:\Users\user\AppData\Local\Temp\cbgsujmwws.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
May 5, 2022 08:46:30.051409006 CEST | 1237 | OUT | |
May 5, 2022 08:46:30.077204943 CEST | 1237 | OUT | |
May 5, 2022 08:46:30.135314941 CEST | 1237 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
16 | 192.168.2.6 | 49793 | 45.133.1.20 | 80 | C:\Users\user\AppData\Local\Temp\cbgsujmwws.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
May 5, 2022 08:46:31.492450953 CEST | 1251 | OUT | |
May 5, 2022 08:46:31.518572092 CEST | 1251 | OUT | |
May 5, 2022 08:46:31.569453955 CEST | 1263 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
17 | 192.168.2.6 | 49795 | 45.133.1.20 | 80 | C:\Users\user\AppData\Local\Temp\cbgsujmwws.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
May 5, 2022 08:46:32.770695925 CEST | 1271 | OUT | |
May 5, 2022 08:46:32.796432972 CEST | 1271 | OUT | |
May 5, 2022 08:46:32.845130920 CEST | 1271 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
18 | 192.168.2.6 | 49796 | 45.133.1.20 | 80 | C:\Users\user\AppData\Local\Temp\cbgsujmwws.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
May 5, 2022 08:46:36.985054970 CEST | 1286 | OUT | |
May 5, 2022 08:46:37.010900021 CEST | 1286 | OUT | |
May 5, 2022 08:46:37.077541113 CEST | 1286 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
19 | 192.168.2.6 | 49801 | 45.133.1.20 | 80 | C:\Users\user\AppData\Local\Temp\cbgsujmwws.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
May 5, 2022 08:46:39.663667917 CEST | 1325 | OUT | |
May 5, 2022 08:46:39.689560890 CEST | 1325 | OUT | |
May 5, 2022 08:46:39.747967958 CEST | 1326 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
2 | 192.168.2.6 | 49773 | 45.133.1.20 | 80 | C:\Users\user\AppData\Local\Temp\cbgsujmwws.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
May 5, 2022 08:46:04.197166920 CEST | 1064 | OUT | |
May 5, 2022 08:46:04.222978115 CEST | 1065 | OUT | |
May 5, 2022 08:46:04.298516035 CEST | 1065 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
20 | 192.168.2.6 | 49803 | 45.133.1.20 | 80 | C:\Users\user\AppData\Local\Temp\cbgsujmwws.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
May 5, 2022 08:46:41.821501017 CEST | 1333 | OUT | |
May 5, 2022 08:46:41.847678900 CEST | 1333 | OUT | |
May 5, 2022 08:46:41.905873060 CEST | 1334 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
21 | 192.168.2.6 | 49806 | 45.133.1.20 | 80 | C:\Users\user\AppData\Local\Temp\cbgsujmwws.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
May 5, 2022 08:46:47.095755100 CEST | 1347 | OUT | |
May 5, 2022 08:46:47.121552944 CEST | 1348 | OUT | |
May 5, 2022 08:46:47.184792995 CEST | 1348 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
22 | 192.168.2.6 | 49807 | 45.133.1.20 | 80 | C:\Users\user\AppData\Local\Temp\cbgsujmwws.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
May 5, 2022 08:46:49.130492926 CEST | 1349 | OUT | |
May 5, 2022 08:46:49.156307936 CEST | 1349 | OUT | |
May 5, 2022 08:46:49.213563919 CEST | 1349 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
23 | 192.168.2.6 | 49813 | 45.133.1.20 | 80 | C:\Users\user\AppData\Local\Temp\cbgsujmwws.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
May 5, 2022 08:46:50.492080927 CEST | 1353 | OUT | |
May 5, 2022 08:46:50.520315886 CEST | 1371 | OUT | |
May 5, 2022 08:46:50.568424940 CEST | 1371 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
24 | 192.168.2.6 | 49814 | 45.133.1.20 | 80 | C:\Users\user\AppData\Local\Temp\cbgsujmwws.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
May 5, 2022 08:46:51.558074951 CEST | 1372 | OUT | |
May 5, 2022 08:46:51.584703922 CEST | 1376 | OUT | |
May 5, 2022 08:46:51.641252041 CEST | 2341 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
25 | 192.168.2.6 | 49816 | 45.133.1.20 | 80 | C:\Users\user\AppData\Local\Temp\cbgsujmwws.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
May 5, 2022 08:46:55.974919081 CEST | 7131 | OUT | |
May 5, 2022 08:46:56.001226902 CEST | 7131 | OUT | |
May 5, 2022 08:46:56.063024998 CEST | 7131 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
26 | 192.168.2.6 | 49818 | 45.133.1.20 | 80 | C:\Users\user\AppData\Local\Temp\cbgsujmwws.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
May 5, 2022 08:46:57.751458883 CEST | 7133 | OUT | |
May 5, 2022 08:46:57.777304888 CEST | 7133 | OUT | |
May 5, 2022 08:46:57.840574026 CEST | 7139 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
27 | 192.168.2.6 | 49819 | 45.133.1.20 | 80 | C:\Users\user\AppData\Local\Temp\cbgsujmwws.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
May 5, 2022 08:46:59.128279924 CEST | 7140 | OUT | |
May 5, 2022 08:46:59.154638052 CEST | 7140 | OUT | |
May 5, 2022 08:46:59.219291925 CEST | 7140 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
28 | 192.168.2.6 | 49820 | 45.133.1.20 | 80 | C:\Users\user\AppData\Local\Temp\cbgsujmwws.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
May 5, 2022 08:47:00.537714005 CEST | 7141 | OUT | |
May 5, 2022 08:47:00.563507080 CEST | 7141 | OUT | |
May 5, 2022 08:47:01.030510902 CEST | 7184 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
29 | 192.168.2.6 | 49824 | 45.133.1.20 | 80 | C:\Users\user\AppData\Local\Temp\cbgsujmwws.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
May 5, 2022 08:47:03.719001055 CEST | 7234 | OUT | |
May 5, 2022 08:47:03.744713068 CEST | 7234 | OUT | |
May 5, 2022 08:47:03.798513889 CEST | 7234 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
3 | 192.168.2.6 | 49774 | 45.133.1.20 | 80 | C:\Users\user\AppData\Local\Temp\cbgsujmwws.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
May 5, 2022 08:46:07.670756102 CEST | 1066 | OUT | |
May 5, 2022 08:46:07.696929932 CEST | 1067 | OUT | |
May 5, 2022 08:46:07.746820927 CEST | 1071 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
30 | 192.168.2.6 | 49828 | 45.133.1.20 | 80 | C:\Users\user\AppData\Local\Temp\cbgsujmwws.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
May 5, 2022 08:47:06.412861109 CEST | 7938 | OUT | |
May 5, 2022 08:47:06.438435078 CEST | 7939 | OUT | |
May 5, 2022 08:47:06.487222910 CEST | 7939 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
31 | 192.168.2.6 | 49833 | 45.133.1.20 | 80 | C:\Users\user\AppData\Local\Temp\cbgsujmwws.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
May 5, 2022 08:47:08.250713110 CEST | 7987 | OUT | |
May 5, 2022 08:47:08.276225090 CEST | 7987 | OUT | |
May 5, 2022 08:47:08.327680111 CEST | 7987 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
32 | 192.168.2.6 | 49839 | 45.133.1.20 | 80 | C:\Users\user\AppData\Local\Temp\cbgsujmwws.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
May 5, 2022 08:47:09.336080074 CEST | 8098 | OUT | |
May 5, 2022 08:47:09.363354921 CEST | 8128 | OUT | |
May 5, 2022 08:47:09.413443089 CEST | 8176 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
33 | 192.168.2.6 | 49847 | 45.133.1.20 | 80 | C:\Users\user\AppData\Local\Temp\cbgsujmwws.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
May 5, 2022 08:47:10.430170059 CEST | 8228 | OUT | |
May 5, 2022 08:47:10.456146002 CEST | 8229 | OUT | |
May 5, 2022 08:47:10.510929108 CEST | 8234 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
34 | 192.168.2.6 | 49855 | 45.133.1.20 | 80 | C:\Users\user\AppData\Local\Temp\cbgsujmwws.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
May 5, 2022 08:47:11.530445099 CEST | 8490 | OUT | |
May 5, 2022 08:47:11.556226015 CEST | 8490 | OUT | |
May 5, 2022 08:47:11.612447977 CEST | 8492 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
35 | 192.168.2.6 | 49868 | 45.133.1.20 | 80 | C:\Users\user\AppData\Local\Temp\cbgsujmwws.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
May 5, 2022 08:47:13.688633919 CEST | 8701 | OUT | |
May 5, 2022 08:47:13.714560032 CEST | 8702 | OUT | |
May 5, 2022 08:47:13.771070957 CEST | 8703 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
36 | 192.168.2.6 | 49879 | 45.133.1.20 | 80 | C:\Users\user\AppData\Local\Temp\cbgsujmwws.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
May 5, 2022 08:47:17.057698011 CEST | 9055 | OUT | |
May 5, 2022 08:47:17.083367109 CEST | 9068 | OUT | |
May 5, 2022 08:47:17.142337084 CEST | 9097 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
37 | 192.168.2.6 | 49886 | 45.133.1.20 | 80 | C:\Users\user\AppData\Local\Temp\cbgsujmwws.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
May 5, 2022 08:47:24.286217928 CEST | 9264 | OUT | |
May 5, 2022 08:47:24.311959982 CEST | 9264 | OUT | |
May 5, 2022 08:47:24.758858919 CEST | 9265 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
38 | 192.168.2.6 | 49887 | 45.133.1.20 | 80 | C:\Users\user\AppData\Local\Temp\cbgsujmwws.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
May 5, 2022 08:47:28.539921045 CEST | 9265 | OUT | |
May 5, 2022 08:47:28.565720081 CEST | 9266 | OUT | |
May 5, 2022 08:47:28.615139008 CEST | 9266 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
39 | 192.168.2.6 | 49888 | 45.133.1.20 | 80 | C:\Users\user\AppData\Local\Temp\cbgsujmwws.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
May 5, 2022 08:47:31.023957968 CEST | 9267 | OUT | |
May 5, 2022 08:47:31.050134897 CEST | 9267 | OUT | |
May 5, 2022 08:47:31.104381084 CEST | 9267 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
4 | 192.168.2.6 | 49776 | 45.133.1.20 | 80 | C:\Users\user\AppData\Local\Temp\cbgsujmwws.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
May 5, 2022 08:46:10.458256960 CEST | 1157 | OUT | |
May 5, 2022 08:46:10.484827995 CEST | 1157 | OUT | |
May 5, 2022 08:46:10.540349960 CEST | 1157 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
40 | 192.168.2.6 | 49889 | 45.133.1.20 | 80 | C:\Users\user\AppData\Local\Temp\cbgsujmwws.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
May 5, 2022 08:47:32.263125896 CEST | 9268 | OUT | |
May 5, 2022 08:47:32.289024115 CEST | 9268 | OUT | |
May 5, 2022 08:47:32.340547085 CEST | 9268 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
41 | 192.168.2.6 | 49891 | 45.133.1.20 | 80 | C:\Users\user\AppData\Local\Temp\cbgsujmwws.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
May 5, 2022 08:47:33.446894884 CEST | 9276 | OUT | |
May 5, 2022 08:47:33.472860098 CEST | 9276 | OUT | |
May 5, 2022 08:47:33.523540020 CEST | 9276 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
42 | 192.168.2.6 | 49892 | 45.133.1.20 | 80 | C:\Users\user\AppData\Local\Temp\cbgsujmwws.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
May 5, 2022 08:47:34.664293051 CEST | 9277 | OUT | |
May 5, 2022 08:47:34.691047907 CEST | 9277 | OUT | |
May 5, 2022 08:47:34.749701977 CEST | 9278 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
43 | 192.168.2.6 | 49893 | 45.133.1.20 | 80 | C:\Users\user\AppData\Local\Temp\cbgsujmwws.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
May 5, 2022 08:47:35.940589905 CEST | 9278 | OUT | |
May 5, 2022 08:47:35.967854023 CEST | 9279 | OUT | |
May 5, 2022 08:47:36.032215118 CEST | 9279 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
44 | 192.168.2.6 | 49895 | 45.133.1.20 | 80 | C:\Users\user\AppData\Local\Temp\cbgsujmwws.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
May 5, 2022 08:47:40.233323097 CEST | 9296 | OUT | |
May 5, 2022 08:47:40.259624958 CEST | 9296 | OUT | |
May 5, 2022 08:47:40.311688900 CEST | 9296 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
45 | 192.168.2.6 | 49904 | 45.133.1.20 | 80 | C:\Users\user\AppData\Local\Temp\cbgsujmwws.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
May 5, 2022 08:47:43.448687077 CEST | 9305 | OUT | |
May 5, 2022 08:47:43.474642992 CEST | 9306 | OUT | |
May 5, 2022 08:47:43.533077955 CEST | 9307 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
46 | 192.168.2.6 | 49910 | 45.133.1.20 | 80 | C:\Users\user\AppData\Local\Temp\cbgsujmwws.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
May 5, 2022 08:47:44.510409117 CEST | 9318 | OUT | |
May 5, 2022 08:47:44.536200047 CEST | 9319 | OUT | |
May 5, 2022 08:47:44.586188078 CEST | 9320 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
47 | 192.168.2.6 | 49916 | 45.133.1.20 | 80 | C:\Users\user\AppData\Local\Temp\cbgsujmwws.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
May 5, 2022 08:47:45.587445021 CEST | 9331 | OUT | |
May 5, 2022 08:47:45.613163948 CEST | 9331 | OUT | |
May 5, 2022 08:47:45.670989037 CEST | 9333 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
48 | 192.168.2.6 | 49921 | 45.133.1.20 | 80 | C:\Users\user\AppData\Local\Temp\cbgsujmwws.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
May 5, 2022 08:47:46.723903894 CEST | 9342 | OUT | |
May 5, 2022 08:47:46.750441074 CEST | 9343 | OUT | |
May 5, 2022 08:47:46.807706118 CEST | 9343 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
49 | 192.168.2.6 | 49922 | 45.133.1.20 | 80 | C:\Users\user\AppData\Local\Temp\cbgsujmwws.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
May 5, 2022 08:47:49.122828960 CEST | 9344 | OUT | |
May 5, 2022 08:47:49.148577929 CEST | 9344 | OUT | |
May 5, 2022 08:47:49.208786011 CEST | 9344 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
5 | 192.168.2.6 | 49777 | 45.133.1.20 | 80 | C:\Users\user\AppData\Local\Temp\cbgsujmwws.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
May 5, 2022 08:46:11.786866903 CEST | 1158 | OUT | |
May 5, 2022 08:46:11.812916994 CEST | 1158 | OUT | |
May 5, 2022 08:46:11.871474981 CEST | 1159 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
50 | 192.168.2.6 | 49923 | 45.133.1.20 | 80 | C:\Users\user\AppData\Local\Temp\cbgsujmwws.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
May 5, 2022 08:47:51.765647888 CEST | 9345 | OUT | |
May 5, 2022 08:47:51.793185949 CEST | 9345 | OUT | |
May 5, 2022 08:47:51.848263025 CEST | 9346 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
51 | 192.168.2.6 | 49925 | 45.133.1.20 | 80 | C:\Users\user\AppData\Local\Temp\cbgsujmwws.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
May 5, 2022 08:47:53.606168985 CEST | 9353 | OUT | |
May 5, 2022 08:47:53.638679028 CEST | 9353 | OUT | |
May 5, 2022 08:47:53.703870058 CEST | 9354 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
52 | 192.168.2.6 | 49926 | 45.133.1.20 | 80 | C:\Users\user\AppData\Local\Temp\cbgsujmwws.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
May 5, 2022 08:47:55.260222912 CEST | 9354 | OUT | |
May 5, 2022 08:47:55.286011934 CEST | 9355 | OUT | |
May 5, 2022 08:47:55.342236996 CEST | 9355 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
53 | 192.168.2.6 | 49927 | 45.133.1.20 | 80 | C:\Users\user\AppData\Local\Temp\cbgsujmwws.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
May 5, 2022 08:47:56.175396919 CEST | 9356 | OUT | |
May 5, 2022 08:47:56.201181889 CEST | 9356 | OUT | |
May 5, 2022 08:47:56.259251118 CEST | 9356 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
6 | 192.168.2.6 | 49778 | 45.133.1.20 | 80 | C:\Users\user\AppData\Local\Temp\cbgsujmwws.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
May 5, 2022 08:46:12.988894939 CEST | 1159 | OUT | |
May 5, 2022 08:46:13.016323090 CEST | 1160 | OUT | |
May 5, 2022 08:46:13.084786892 CEST | 1160 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
7 | 192.168.2.6 | 49779 | 45.133.1.20 | 80 | C:\Users\user\AppData\Local\Temp\cbgsujmwws.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
May 5, 2022 08:46:14.046129942 CEST | 1161 | OUT | |
May 5, 2022 08:46:14.071837902 CEST | 1161 | OUT | |
May 5, 2022 08:46:14.137701988 CEST | 1161 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
8 | 192.168.2.6 | 49780 | 45.133.1.20 | 80 | C:\Users\user\AppData\Local\Temp\cbgsujmwws.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
May 5, 2022 08:46:15.184581995 CEST | 1162 | OUT | |
May 5, 2022 08:46:15.210380077 CEST | 1162 | OUT | |
May 5, 2022 08:46:15.265968084 CEST | 1162 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
9 | 192.168.2.6 | 49781 | 45.133.1.20 | 80 | C:\Users\user\AppData\Local\Temp\cbgsujmwws.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
May 5, 2022 08:46:16.336569071 CEST | 1163 | OUT | |
May 5, 2022 08:46:16.362673044 CEST | 1163 | OUT | |
May 5, 2022 08:46:16.421443939 CEST | 1164 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 08:45:50 |
Start date: | 05/05/2022 |
Path: | C:\Users\user\Desktop\ypdTgfE0o8.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 126706 bytes |
MD5 hash: | D2CE3B2A5F3EFB1FCEDE96304E57A531 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Target ID: | 1 |
Start time: | 08:45:52 |
Start date: | 05/05/2022 |
Path: | C:\Users\user\AppData\Local\Temp\cbgsujmwws.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 5632 bytes |
MD5 hash: | F9E42C92E371CEDC22C78E2900418651 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Antivirus matches: |
|
Reputation: | low |
Target ID: | 2 |
Start time: | 08:45:52 |
Start date: | 05/05/2022 |
Path: | C:\Users\user\AppData\Local\Temp\cbgsujmwws.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 5632 bytes |
MD5 hash: | F9E42C92E371CEDC22C78E2900418651 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Execution Graph
Execution Coverage: | 15.4% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 16.8% |
Total number of Nodes: | 1372 |
Total number of Limit Nodes: | 20 |
Graph
Function 004034F7 Relevance: 86.2, APIs: 34, Strings: 15, Instructions: 450stringfilecomCOMMON
Control-flow Graph
C-Code - Quality: 78% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405C13 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 148filestringCOMMON
Control-flow Graph
C-Code - Quality: 98% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406BFE Relevance: 5.4, APIs: 4, Instructions: 382COMMONCrypto
Control-flow Graph
C-Code - Quality: 98% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 84% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403BB6 Relevance: 45.7, APIs: 14, Strings: 12, Instructions: 215stringregistryCOMMON
Control-flow Graph
C-Code - Quality: 96% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040307D Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 181memoryCOMMON
Control-flow Graph
C-Code - Quality: 78% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040176F Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 145stringtimeCOMMON
Control-flow Graph
C-Code - Quality: 61% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 94% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406864 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405EDE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47stringCOMMON
Control-flow Graph
C-Code - Quality: 53% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00407033 Relevance: 5.2, APIs: 4, Instructions: 236COMMON
Control-flow Graph
C-Code - Quality: 99% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00407234 Relevance: 5.2, APIs: 4, Instructions: 208COMMON
Control-flow Graph
C-Code - Quality: 98% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406F4A Relevance: 5.2, APIs: 4, Instructions: 205COMMON
C-Code - Quality: 98% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406A4F Relevance: 5.2, APIs: 4, Instructions: 198COMMON
C-Code - Quality: 98% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406E9D Relevance: 5.2, APIs: 4, Instructions: 180COMMON
C-Code - Quality: 98% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406FBB Relevance: 5.2, APIs: 4, Instructions: 170COMMON
C-Code - Quality: 98% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406F07 Relevance: 5.2, APIs: 4, Instructions: 168COMMON
C-Code - Quality: 98% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405BCB Relevance: 4.5, APIs: 3, Instructions: 28fileCOMMON
C-Code - Quality: 41% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004015C1 Relevance: 3.1, APIs: 2, Instructions: 65COMMON
C-Code - Quality: 86% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
C-Code - Quality: 69% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405AEA Relevance: 3.0, APIs: 2, Instructions: 24processCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405FF7 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
C-Code - Quality: 68% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405FD2 Relevance: 3.0, APIs: 2, Instructions: 13COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405AB5 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040607A Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004060A9 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004034AF Relevance: 1.5, APIs: 1, Instructions: 6COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401FA4 Relevance: 1.3, APIs: 1, Instructions: 37COMMON
C-Code - Quality: 78% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004056A8 Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 284windowclipboardmemoryCOMMON
C-Code - Quality: 95% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404954 Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 275stringCOMMON
C-Code - Quality: 78% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004021AA Relevance: 1.6, APIs: 1, Instructions: 129comCOMMON
C-Code - Quality: 67% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040290B Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
C-Code - Quality: 39% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404ED0 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 489windowmemoryCOMMON
C-Code - Quality: 96% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404622 Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 204windowstringCOMMON
C-Code - Quality: 91% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 90% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040614D Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 130memorystringCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406544 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 196stringCOMMON
C-Code - Quality: 72% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405569 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72stringwindowCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004044CA Relevance: 12.1, APIs: 8, Instructions: 68COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004026EC Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
C-Code - Quality: 87% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 91% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404E1E Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402F93 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 86% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 48% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401D81 Relevance: 7.6, APIs: 5, Instructions: 75windowCOMMON
C-Code - Quality: 77% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401E4E Relevance: 7.5, APIs: 5, Instructions: 43COMMON
C-Code - Quality: 73% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401C43 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
C-Code - Quality: 59% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404D10 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
C-Code - Quality: 77% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405DD6 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
C-Code - Quality: 58% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403019 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004054DD Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
C-Code - Quality: 89% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004063D5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
C-Code - Quality: 90% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405F5C Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
Execution Coverage: | 56.9% |
Dynamic/Decrypted Code Coverage: | 86.7% |
Signature Coverage: | 21% |
Total number of Nodes: | 105 |
Total number of Limit Nodes: | 10 |
Graph
Callgraph
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401000 Relevance: 16.6, APIs: 11, Instructions: 123COMMON
Control-flow Graph
C-Code - Quality: 72% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009E1042 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 236processthreadCOMMON
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009E0809 Relevance: 7.7, APIs: 5, Instructions: 194fileCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004011A0 Relevance: 6.0, APIs: 4, Instructions: 36memoryCOMMON
Control-flow Graph
C-Code - Quality: 68% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009E061D Relevance: .1, Instructions: 77COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009E0736 Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009E0772 Relevance: .0, Instructions: 23COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009E06F7 Relevance: .0, Instructions: 7COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
Execution Coverage: | 31% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 2.3% |
Total number of Nodes: | 1850 |
Total number of Limit Nodes: | 92 |
Graph
Function 00403D74 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 200fileCOMMON
Control-flow Graph
C-Code - Quality: 85% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 78% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402B7C Relevance: 3.0, APIs: 2, Instructions: 20memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406069 Relevance: 1.5, APIs: 1, Instructions: 12COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404ED4 Relevance: 1.5, APIs: 1, Instructions: 9networkCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 75% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404E17 Relevance: 7.6, APIs: 5, Instructions: 72networkCOMMON
Control-flow Graph
C-Code - Quality: 37% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004040BB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 129filememoryCOMMON
Control-flow Graph
C-Code - Quality: 74% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 79% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004042CF Relevance: 4.6, APIs: 3, Instructions: 60fileCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00412D31 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 178threadCOMMON
C-Code - Quality: 34% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402C03 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 13libraryloaderCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 92% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004060BD Relevance: 1.6, APIs: 1, Instructions: 53COMMON
C-Code - Quality: 40% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403C62 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040642C Relevance: 1.5, APIs: 1, Instructions: 18COMMON
C-Code - Quality: 37% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404EEA Relevance: 1.5, APIs: 1, Instructions: 16networkCOMMON
C-Code - Quality: 37% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403BD0 Relevance: 1.5, APIs: 1, Instructions: 14COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404DF3 Relevance: 1.5, APIs: 1, Instructions: 13networkCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040427D Relevance: 1.5, APIs: 1, Instructions: 13COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403C40 Relevance: 1.5, APIs: 1, Instructions: 12COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403C08 Relevance: 1.5, APIs: 1, Instructions: 12fileCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402C1F Relevance: 1.5, APIs: 1, Instructions: 12libraryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403BEF Relevance: 1.5, APIs: 1, Instructions: 12COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403BB7 Relevance: 1.5, APIs: 1, Instructions: 12COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403B64 Relevance: 1.5, APIs: 1, Instructions: 11COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404DE5 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403F9E Relevance: 1.3, APIs: 1, Instructions: 16COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406472 Relevance: 1.3, APIs: 1, Instructions: 12sleepCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004058EA Relevance: 1.3, APIs: 1, Instructions: 12COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405924 Relevance: 1.3, APIs: 1, Instructions: 12COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040D069 Relevance: 12.6, Strings: 10, Instructions: 138COMMON
C-Code - Quality: 88% |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |