Windows
Analysis Report
VoRTaSs6hl
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- VoRTaSs6hl.exe (PID: 5260 cmdline:
"C:\Users\ user\Deskt op\VoRTaSs 6hl.exe" MD5: 6E2D9824EEEBAD8B1507FA4238892439) - VoRTaSs6hl.exe (PID: 2308 cmdline:
C:\Users\u ser\Deskto p\VoRTaSs6 hl.exe MD5: 6E2D9824EEEBAD8B1507FA4238892439)
- Accyaz.exe (PID: 4684 cmdline:
"C:\Users\ Public\Lib raries\Acc yaz.exe" MD5: 6E2D9824EEEBAD8B1507FA4238892439) - Accyaz.exe (PID: 1284 cmdline:
C:\Users\P ublic\Libr aries\Accy az.exe MD5: 6E2D9824EEEBAD8B1507FA4238892439)
- Accyaz.exe (PID: 3300 cmdline:
"C:\Users\ Public\Lib raries\Acc yaz.exe" MD5: 6E2D9824EEEBAD8B1507FA4238892439) - Accyaz.exe (PID: 5968 cmdline:
C:\Users\P ublic\Libr aries\Accy az.exe MD5: 6E2D9824EEEBAD8B1507FA4238892439)
- cleanup
{"Version": null, "Host:Port:Password": "bestsuccess.ddns.net:2442:0", "Assigned name": "RemoteHost", "Connect interval": "1", "Install flag": "Disable", "Setup HKCU\\Run": "Enable", "Setup HKLM\\Run": "Enable", "Install path": "Application path", "Copy file": "remcos.exe", "Startup value": "Remcos", "Hide file": "Disable", "Mutex": "Remcos-HPUD4T", "Keylog flag": "0", "Keylog path": "Application path", "Keylog file": "logs.dat", "Keylog crypt": "Disable", "Hide keylog file": "Disable", "Screenshot flag": "Disable", "Screenshot time": "10", "Take Screenshot option": "Disable", "Take screenshot title": "", "Take screenshot time": "5", "Screenshot path": "AppData", "Screenshot file": "Screenshots", "Screenshot crypt": "Disable", "Mouse option": "Disable", "Delete file": "Disable", "Audio record time": "5"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_DBatLoader | Yara detected DBatLoader | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
Methodology_Shortcut_HotKey | Detects possible shortcut usage for .URL persistence | @itsreallynick (Nick Carr) |
| |
Methodology_Contains_Shortcut_OtherURIhandlers | Detects possible shortcut usage for .URL persistence | @itsreallynick (Nick Carr) |
| |
JoeSecurity_DBatLoader | Yara detected DBatLoader | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_UACBypassusingComputerDefaults | Yara detected UAC Bypass using ComputerDefaults | Joe Security | ||
JoeSecurity_UACBypassusingComputerDefaults | Yara detected UAC Bypass using ComputerDefaults | Joe Security | ||
Methodology_Contains_Shortcut_OtherURIhandlers | Detects possible shortcut usage for .URL persistence | @itsreallynick (Nick Carr) |
| |
JoeSecurity_UACBypassusingComputerDefaults | Yara detected UAC Bypass using ComputerDefaults | Joe Security | ||
JoeSecurity_UACBypassusingComputerDefaults | Yara detected UAC Bypass using ComputerDefaults | Joe Security | ||
Click to see the 177 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_UACBypassusingComputerDefaults | Yara detected UAC Bypass using ComputerDefaults | Joe Security | ||
JoeSecurity_UACBypassusingComputerDefaults | Yara detected UAC Bypass using ComputerDefaults | Joe Security | ||
JoeSecurity_UACBypassusingComputerDefaults | Yara detected UAC Bypass using ComputerDefaults | Joe Security | ||
JoeSecurity_UACBypassusingComputerDefaults | Yara detected UAC Bypass using ComputerDefaults | Joe Security | ||
JoeSecurity_UACBypassusingComputerDefaults | Yara detected UAC Bypass using ComputerDefaults | Joe Security | ||
Click to see the 218 entries |
Click to jump to signature section
AV Detection |
---|
Source: | Virustotal: | Perma Link | ||
Source: | Metadefender: | Perma Link | ||
Source: | ReversingLabs: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Avira URL Cloud: |
Source: | Metadefender: | Perma Link | ||
Source: | ReversingLabs: |
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: |
Source: | Malware Configuration Extractor: |
Source: | Binary or memory string: |
Exploits |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Static PE information: |
Source: | HTTPS traffic detected: |
Networking |
---|
Source: | URLs: |
Source: | DNS query: |
Source: | ASN Name: |
Source: | JA3 fingerprint: |
Source: | IP Address: | ||
Source: | IP Address: |
Source: | TCP traffic: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | HTTPS traffic detected: |
Source: | Binary or memory string: |
Source: | File source: | ||
Source: | File source: |
E-Banking Fraud |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Code function: | 0_3_03C3088D | |
Source: | Code function: | 0_3_03BDFB5C | |
Source: | Code function: | 0_3_03BD88E3 | |
Source: | Code function: | 0_3_03BDFAE2 | |
Source: | Code function: | 0_3_03BD8214 | |
Source: | Code function: | 0_3_03C3088D | |
Source: | Code function: | 10_3_029D1B8F | |
Source: | Code function: | 10_3_02A208C1 | |
Source: | Code function: | 10_3_029CFB90 | |
Source: | Code function: | 10_3_029CFB16 | |
Source: | Code function: | 10_3_029C8917 | |
Source: | Code function: | 10_3_029C8248 | |
Source: | Code function: | 10_3_029D1B8F | |
Source: | Code function: | 10_3_02A208C1 |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Virustotal: | ||
Source: | Metadefender: | ||
Source: | ReversingLabs: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | Mutant created: |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | Window detected: |
Data Obfuscation |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Code function: | 0_3_03C30122 | |
Source: | Code function: | 0_3_03C32DE3 | |
Source: | Code function: | 0_3_03C32DB1 | |
Source: | Code function: | 0_3_03C309C4 | |
Source: | Code function: | 0_3_03C32D27 | |
Source: | Code function: | 0_3_03C32D6F | |
Source: | Code function: | 0_3_03BDADC5 | |
Source: | Code function: | 0_3_03BD8A1A | |
Source: | Code function: | 0_3_03BDAE07 | |
Source: | Code function: | 0_3_03BDAD7D | |
Source: | Code function: | 0_3_03BDAF48 | |
Source: | Code function: | 0_3_03BDAE39 | |
Source: | Code function: | 0_3_03BD8178 | |
Source: | Code function: | 0_3_03C30122 | |
Source: | Code function: | 0_3_03C32DE3 | |
Source: | Code function: | 0_3_03C32DB1 | |
Source: | Code function: | 0_3_03C309C4 | |
Source: | Code function: | 0_3_03C32D27 | |
Source: | Code function: | 0_3_03C32D6F | |
Source: | Code function: | 0_3_04A5CC6E | |
Source: | Code function: | 10_3_02A20156 | |
Source: | Code function: | 10_3_02A22DE5 | |
Source: | Code function: | 10_3_02A22D5B | |
Source: | Code function: | 10_3_02A22DA3 | |
Source: | Code function: | 10_3_02A22E17 | |
Source: | Code function: | 10_3_02A209F8 | |
Source: | Code function: | 10_3_029CADB1 | |
Source: | Code function: | 10_3_029CADF9 | |
Source: | Code function: | 10_3_029CAE3B | |
Source: | Code function: | 10_3_029C81AC | |
Source: | Code function: | 10_3_029C8A4E |
Source: | File created: | Jump to dropped file |
Source: | Registry value created or modified: | Jump to behavior | ||
Source: | Registry value created or modified: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Binary or memory string: |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation | 1 Registry Run Keys / Startup Folder | 111 Process Injection | 1 Masquerading | 1 Input Capture | 11 Security Software Discovery | Remote Services | 1 Input Capture | Exfiltration Over Other Network Medium | 11 Encrypted Channel | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | 1 DLL Side-Loading | 1 Registry Run Keys / Startup Folder | 111 Process Injection | LSASS Memory | 1 Remote System Discovery | Remote Desktop Protocol | 11 Archive Collected Data | Exfiltration Over Bluetooth | 1 Non-Standard Port | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | 1 DLL Side-Loading | 1 Obfuscated Files or Information | Security Account Manager | 2 System Information Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | 1 Ingress Tool Transfer | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | 1 Software Packing | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | 2 Non-Application Layer Protocol | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | 1 DLL Side-Loading | LSA Secrets | Remote System Discovery | SSH | Keylogging | Data Transfer Size Limits | 23 Application Layer Protocol | Manipulate Device Communication | Manipulate App Store Rankings or Ratings |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
58% | Virustotal | Browse | ||
40% | Metadefender | Browse | ||
81% | ReversingLabs | Win32.Trojan.Remcos |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
40% | Metadefender | Browse | ||
81% | ReversingLabs | Win32.Trojan.Remcos |
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
l-0003.l-dc-msedge.net | 13.107.43.12 | true | false |
| unknown |
bestsuccess.ddns.net | 87.251.79.109 | true | true | unknown | |
qkvera.am.files.1drv.com | unknown | unknown | false | high | |
onedrive.live.com | unknown | unknown | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high | ||
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| low | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
13.107.43.12 | l-0003.l-dc-msedge.net | United States | 8068 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
87.251.79.109 | bestsuccess.ddns.net | Russian Federation | 20803 | RISS-ASRU | true |
IP |
---|
192.168.2.1 |
Joe Sandbox Version: | 35.0.0 Citrine |
Analysis ID: | 679178 |
Start date and time: 05/08/202211:27:07 | 2022-08-05 11:27:07 +02:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 12m 29s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | VoRTaSs6hl (renamed file extension from none to exe) |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 22 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.troj.expl.evad.winEXE@9/6@39/3 |
EGA Information: | Failed |
HDC Information: | Failed |
HCA Information: | Failed |
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 23.211.6.115, 13.107.42.13, 13.107.42.12, 52.152.110.14, 52.242.101.226, 20.223.24.244, 20.54.89.106
- Excluded domains from analysis (whitelisted): www.bing.com, odc-web-brs.onedrive.akadns.net, client.wns.windows.com, fs.microsoft.com, odc-web-geo.onedrive.akadns.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, ctldl.windowsupdate.com, store-images.s-microsoft.com-c.edgekey.net, arc.msn.com, l-0004.l-msedge.net, e12564.dspb.akamaiedge.net, odwebpl.trafficmanager.net.l-0004.dc-msedge.net.l-0004.l-msedge.net, rp-consumer-prod-displaycatalog-geomap.trafficmanager.net, l-0003.l-msedge.net, login.live.com, store-images.s-microsoft.com, odc-am-files-geo.onedrive.akadns.net, sls.update.microsoft.com, am-files.ha.1drv.com.l-0003.dc-msedge.net.l-0003.l-msedge.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, odc-am-files-brs.onedrive.akadns.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net, glb.sls.prod.dcat.dsp.trafficmanager.net
- Execution Graph export aborted for target Accyaz.exe, PID 3300 because there are no executed function
- Execution Graph export aborted for target Accyaz.exe, PID 4684 because there are no executed function
- Execution Graph export aborted for target VoRTaSs6hl.exe, PID 5260 because there are no executed function
- Not all processes where analyzed, report is missing behavior information
- Report creation exceeded maximum time and may have missing disassembly code information.
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
Time | Type | Description |
---|---|---|
11:28:14 | API Interceptor | |
11:29:03 | Autostart | |
11:29:11 | Autostart | |
11:29:14 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
13.107.43.12 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
87.251.79.109 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
bestsuccess.ddns.net | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
l-0003.l-dc-msedge.net | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
MICROSOFT-CORP-MSN-AS-BLOCKUS | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
RISS-ASRU | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
37f463bf4616ecd445d4a1937da06e19 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Process: | C:\Users\user\Desktop\VoRTaSs6hl.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1011712 |
Entropy (8bit): | 6.970245087154208 |
Encrypted: | false |
SSDEEP: | 24576:NDA1mchKTwkH17WtMBhiUDxvHiMYSt8tVSn52pAf2rDNtl2aCHXb:NDhc8ZPbVI9Sn52KNb |
MD5: | 6E2D9824EEEBAD8B1507FA4238892439 |
SHA1: | 03A6497741B9697F9234F85644CD35AA5BF0E42E |
SHA-256: | F10C2BBC2319E72BC4DEE452A2DE176573D88EAFECC30E97748B5DD087F4EA1F |
SHA-512: | 17DBF165300BD6E97C16C1D595A46FA035B0FA3E414E7707EF072404408AE20D48046D59BC651358F45B2DE50A9E9ADF9E52C4DB6DF211F2AE037A8B285B23AB |
Malicious: | true |
Yara Hits: |
|
Antivirus: |
|
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\VoRTaSs6hl.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 26 |
Entropy (8bit): | 3.95006375643621 |
Encrypted: | false |
SSDEEP: | 3:ggPYV:rPYV |
MD5: | 187F488E27DB4AF347237FE461A079AD |
SHA1: | 6693BA299EC1881249D59262276A0D2CB21F8E64 |
SHA-256: | 255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309 |
SHA-512: | 89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E |
Malicious: | true |
Reputation: | high, very likely benign file |
Preview: |
Process: | C:\Users\user\Desktop\VoRTaSs6hl.exe |
File Type: | |
Category: | modified |
Size (bytes): | 97 |
Entropy (8bit): | 4.9671520540949095 |
Encrypted: | false |
SSDEEP: | 3:HRAbABGQYmTWAX+rSF55i0XMeL4AIvsGKd5sPKv:HRYFVmTWDyzBmvsb54Kv |
MD5: | 3C9A5A6C482B7C7255FDB1B14B3A52C2 |
SHA1: | 9525DFA127BB3F55C3614E05CC1E555212B4384F |
SHA-256: | 13303C584783D3060D79EF79C04B0314446D0260209C5FB3F2F7E2E7FBC6EEAE |
SHA-512: | 9EBFF94EA844790431EAEE2175F504179EB62B3D7D5EE653DA6828A50C1D78404FD86A82FDD50C6EF106B2BF982E4B82318219E20B724378D694A91D77D325AB |
Malicious: | false |
Yara Hits: |
|
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\Accyazbvbxqszzrfjnimerlsovywpte[1]
Download File
Process: | C:\Users\user\Desktop\VoRTaSs6hl.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 651776 |
Entropy (8bit): | 7.551975307172377 |
Encrypted: | false |
SSDEEP: | 12288:XfzO0z7ygcMwvZ4lIzZowpi3C/o9njndDckACxjL6NYjj:vaceOwvZYIWV8indDc3Yn |
MD5: | ECD16DEF98C8314CBBFF01DC87DF9471 |
SHA1: | 6986577AA36365136AD7A1C9E9CF565143520630 |
SHA-256: | 28ED385B048DF555C5FEB080262F490DD31A95B787675BBA145B365C92015E30 |
SHA-512: | 4784F9EED12F8B0B592F41C5ADCC63A642E8213CAA01A0D706F79FB1A6BD257F91711EED8059030203384B1C2BC78CBE7F1493048A2794965B04D881A0A73183 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\Accyazbvbxqszzrfjnimerlsovywpte[2]
Download File
Process: | C:\Users\Public\Libraries\Accyaz.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 651776 |
Entropy (8bit): | 7.551975307172377 |
Encrypted: | false |
SSDEEP: | 12288:XfzO0z7ygcMwvZ4lIzZowpi3C/o9njndDckACxjL6NYjj:vaceOwvZYIWV8indDc3Yn |
MD5: | ECD16DEF98C8314CBBFF01DC87DF9471 |
SHA1: | 6986577AA36365136AD7A1C9E9CF565143520630 |
SHA-256: | 28ED385B048DF555C5FEB080262F490DD31A95B787675BBA145B365C92015E30 |
SHA-512: | 4784F9EED12F8B0B592F41C5ADCC63A642E8213CAA01A0D706F79FB1A6BD257F91711EED8059030203384B1C2BC78CBE7F1493048A2794965B04D881A0A73183 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\Accyazbvbxqszzrfjnimerlsovywpte[2]
Download File
Process: | C:\Users\Public\Libraries\Accyaz.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 651776 |
Entropy (8bit): | 7.551975307172377 |
Encrypted: | false |
SSDEEP: | 12288:XfzO0z7ygcMwvZ4lIzZowpi3C/o9njndDckACxjL6NYjj:vaceOwvZYIWV8indDc3Yn |
MD5: | ECD16DEF98C8314CBBFF01DC87DF9471 |
SHA1: | 6986577AA36365136AD7A1C9E9CF565143520630 |
SHA-256: | 28ED385B048DF555C5FEB080262F490DD31A95B787675BBA145B365C92015E30 |
SHA-512: | 4784F9EED12F8B0B592F41C5ADCC63A642E8213CAA01A0D706F79FB1A6BD257F91711EED8059030203384B1C2BC78CBE7F1493048A2794965B04D881A0A73183 |
Malicious: | false |
Reputation: | low |
Preview: |
File type: | |
Entropy (8bit): | 6.970245087154208 |
TrID: |
|
File name: | VoRTaSs6hl.exe |
File size: | 1011712 |
MD5: | 6e2d9824eeebad8b1507fa4238892439 |
SHA1: | 03a6497741b9697f9234f85644cd35aa5bf0e42e |
SHA256: | f10c2bbc2319e72bc4dee452a2de176573d88eafecc30e97748b5dd087f4ea1f |
SHA512: | 17dbf165300bd6e97c16c1d595a46fa035b0fa3e414e7707ef072404408ae20d48046d59bc651358f45b2de50a9e9adf9e52c4db6df211f2ae037a8b285b23ab |
SSDEEP: | 24576:NDA1mchKTwkH17WtMBhiUDxvHiMYSt8tVSn52pAf2rDNtl2aCHXb:NDhc8ZPbVI9Sn52KNb |
TLSH: | EA259E35E7D28433D4732B3D4D1B46A55836BE112E68D88A2BED2D881FF968239353C7 |
File Content Preview: | MZP.....................@...............................................!..L.!..This program must be run under Win32..$7....................................................................................................................................... |
Icon Hash: | c49af2e8ece0e6c8 |
Entrypoint: | 0x4a3b74 |
Entrypoint Section: | CODE |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI |
DLL Characteristics: | |
Time Stamp: | 0x2A425E19 [Fri Jun 19 22:22:17 1992 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | 205f6434858f3f8cc9e8b96d094507a2 |
Instruction |
---|
push ebp |
mov ebp, esp |
add esp, FFFFFFF0h |
mov eax, 004A38D4h |
call 00007FD18CB06DF1h |
mov eax, dword ptr [004A587Ch] |
mov eax, dword ptr [eax] |
call 00007FD18CB67B31h |
mov ecx, dword ptr [004A59E0h] |
mov eax, dword ptr [004A587Ch] |
mov eax, dword ptr [eax] |
mov edx, dword ptr [004A0C1Ch] |
call 00007FD18CB67B31h |
mov eax, dword ptr [004A59E0h] |
mov eax, dword ptr [eax] |
call 00007FD18CB645A5h |
mov eax, dword ptr [004A587Ch] |
mov eax, dword ptr [eax] |
call 00007FD18CB67B99h |
call 00007FD18CB04854h |
lea eax, dword ptr [eax+00h] |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0xa7000 | 0x27a4 | .idata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xb9000 | 0x4375c | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0xac000 | 0xc1ec | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0xab000 | 0x18 | .rdata |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
CODE | 0x1000 | 0xa2bc8 | 0xa2c00 | False | 0.5100101406490015 | data | 6.535344306379752 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
DATA | 0xa4000 | 0x1aa4 | 0x1c00 | False | 0.42703683035714285 | data | 4.101220909917565 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
BSS | 0xa6000 | 0xef5 | 0x0 | False | 0 | empty | 0.0 | IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.idata | 0xa7000 | 0x27a4 | 0x2800 | False | 0.3671875 | data | 5.001062777293974 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.tls | 0xaa000 | 0x40 | 0x0 | False | 0 | empty | 0.0 | IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rdata | 0xab000 | 0x18 | 0x200 | False | 0.05078125 | data | 0.2005819074398449 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ |
.reloc | 0xac000 | 0xc1ec | 0xc200 | False | 0.5179606958762887 | data | 6.616954325025841 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ |
.rsrc | 0xb9000 | 0x4375c | 0x43800 | False | 0.5486762152777778 | data | 7.261354981454627 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
AUDIOES | 0xb9da0 | 0x3697c | RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 44100 Hz | English | United States |
RT_CURSOR | 0xf071c | 0x134 | data | ||
RT_CURSOR | 0xf0850 | 0x134 | data | ||
RT_CURSOR | 0xf0984 | 0x134 | data | ||
RT_CURSOR | 0xf0ab8 | 0x134 | data | ||
RT_CURSOR | 0xf0bec | 0x134 | data | ||
RT_CURSOR | 0xf0d20 | 0x134 | data | ||
RT_CURSOR | 0xf0e54 | 0x134 | data | ||
RT_BITMAP | 0xf0f88 | 0x1d0 | data | ||
RT_BITMAP | 0xf1158 | 0x1e4 | data | ||
RT_BITMAP | 0xf133c | 0x1d0 | data | ||
RT_BITMAP | 0xf150c | 0x1d0 | data | ||
RT_BITMAP | 0xf16dc | 0x1d0 | data | ||
RT_BITMAP | 0xf18ac | 0x1d0 | data | ||
RT_BITMAP | 0xf1a7c | 0x1d0 | data | ||
RT_BITMAP | 0xf1c4c | 0x1d0 | data | ||
RT_BITMAP | 0xf1e1c | 0x1d0 | data | ||
RT_BITMAP | 0xf1fec | 0x1d0 | data | ||
RT_BITMAP | 0xf21bc | 0xe8 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0xf22a4 | 0x25a8 | dBase IV DBT of `.DBF, block length 9216, next free block index 40, next free block 0, next used block 0 | ||
RT_ICON | 0xf484c | 0x988 | data | ||
RT_ICON | 0xf51d4 | 0x468 | GLS_BINARY_LSB_FIRST | ||
RT_DIALOG | 0xf563c | 0x52 | data | ||
RT_STRING | 0xf5690 | 0x114 | data | ||
RT_STRING | 0xf57a4 | 0x3d0 | data | ||
RT_STRING | 0xf5b74 | 0x554 | data | ||
RT_STRING | 0xf60c8 | 0x3cc | data | ||
RT_STRING | 0xf6494 | 0x1d4 | data | ||
RT_STRING | 0xf6668 | 0x180 | data | ||
RT_STRING | 0xf67e8 | 0x314 | COM executable for DOS | ||
RT_STRING | 0xf6afc | 0x4f4 | data | ||
RT_STRING | 0xf6ff0 | 0x1c0 | data | ||
RT_STRING | 0xf71b0 | 0xec | data | ||
RT_STRING | 0xf729c | 0x134 | data | ||
RT_STRING | 0xf73d0 | 0x314 | data | ||
RT_STRING | 0xf76e4 | 0x40c | data | ||
RT_STRING | 0xf7af0 | 0x380 | data | ||
RT_STRING | 0xf7e70 | 0x3d4 | data | ||
RT_STRING | 0xf8244 | 0x250 | data | ||
RT_STRING | 0xf8494 | 0xec | data | ||
RT_STRING | 0xf8580 | 0x1dc | data | ||
RT_STRING | 0xf875c | 0x3ec | data | ||
RT_STRING | 0xf8b48 | 0x3f4 | data | ||
RT_STRING | 0xf8f3c | 0x30c | data | ||
RT_STRING | 0xf9248 | 0x328 | data | ||
RT_RCDATA | 0xf9570 | 0x10 | data | ||
RT_RCDATA | 0xf9580 | 0x370 | data | ||
RT_RCDATA | 0xf98f0 | 0x16ad | Delphi compiled form 'TForm1' | ||
RT_RCDATA | 0xfafa0 | 0x2c3 | Delphi compiled form 'TForm2' | ||
RT_RCDATA | 0xfb264 | 0x39e | Delphi compiled form 'TForm3' | ||
RT_RCDATA | 0xfb604 | 0x2d0 | Delphi compiled form 'TForm4' | ||
RT_GROUP_CURSOR | 0xfb8d4 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | ||
RT_GROUP_CURSOR | 0xfb8e8 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | ||
RT_GROUP_CURSOR | 0xfb8fc | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | ||
RT_GROUP_CURSOR | 0xfb910 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | ||
RT_GROUP_CURSOR | 0xfb924 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | ||
RT_GROUP_CURSOR | 0xfb938 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | ||
RT_GROUP_CURSOR | 0xfb94c | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | ||
RT_GROUP_ICON | 0xfb960 | 0x30 | data | ||
RT_VERSION | 0xfb990 | 0x934 | data | ||
RT_VERSION | 0xfc2c4 | 0x498 | data | German | Germany |
DLL | Import |
---|---|
kernel32.dll | DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, GetVersion, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, WriteFile, UnhandledExceptionFilter, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetFileType, CreateFileA, CloseHandle |
user32.dll | GetKeyboardType, LoadStringA, MessageBoxA, CharNextA |
advapi32.dll | RegQueryValueExA, RegOpenKeyExA, RegCloseKey |
oleaut32.dll | SysFreeString, SysReAllocStringLen, SysAllocStringLen |
kernel32.dll | TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA |
advapi32.dll | RegQueryValueExA, RegOpenKeyExA, RegCloseKey |
kernel32.dll | lstrcpyA, WriteFile, WaitForSingleObject, VirtualQuery, VirtualProtect, VirtualAlloc, Sleep, SizeofResource, SetThreadLocale, SetFilePointer, SetEvent, SetErrorMode, SetEndOfFile, ResetEvent, ReadFile, MultiByteToWideChar, MulDiv, LockResource, LoadResource, LoadLibraryA, LeaveCriticalSection, InitializeCriticalSection, GlobalUnlock, GlobalReAlloc, GlobalHandle, GlobalLock, GlobalFree, GlobalFindAtomA, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomA, GetVersionExA, GetVersion, GetTickCount, GetThreadLocale, GetSystemInfo, GetStringTypeExA, GetStdHandle, GetProfileStringA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLocalTime, GetLastError, GetFullPathNameA, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCurrentProcessId, GetCurrentProcess, GetComputerNameA, GetCPInfo, GetACP, FreeResource, InterlockedExchange, FreeLibrary, FormatMessageA, FlushInstructionCache, FindResourceA, FindFirstFileA, FindClose, FileTimeToLocalFileTime, FileTimeToDosDateTime, EnumCalendarInfoA, EnterCriticalSection, DeleteFileA, DeleteCriticalSection, CreateThread, CreateFileA, CreateEventA, CompareStringA, CloseHandle |
version.dll | VerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA |
gdi32.dll | UnrealizeObject, StretchBlt, StartPage, StartDocA, SetWindowOrgEx, SetWinMetaFileBits, SetViewportOrgEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixel, SetMapMode, SetEnhMetaFileBits, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SetAbortProc, SelectPalette, SelectObject, SelectClipRgn, SaveDC, RestoreDC, Rectangle, RectVisible, RealizePalette, Polyline, Polygon, PlayEnhMetaFile, PatBlt, MoveToEx, MaskBlt, LineTo, IntersectClipRect, GetWindowOrgEx, GetWinMetaFileBits, GetTextMetricsA, GetTextExtentPointA, GetTextExtentPoint32A, GetSystemPaletteEntries, GetStockObject, GetPixel, GetPaletteEntries, GetObjectA, GetEnhMetaFilePaletteEntries, GetEnhMetaFileHeader, GetEnhMetaFileBits, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetDCOrgEx, GetCurrentPositionEx, GetClipBox, GetBrushOrgEx, GetBitmapBits, GdiFlush, ExtTextOutA, ExcludeClipRect, EndPage, EndDoc, DeleteObject, DeleteEnhMetaFile, DeleteDC, CreateSolidBrush, CreatePenIndirect, CreatePalette, CreateICA, CreateHalftonePalette, CreateFontIndirectA, CreateDIBitmap, CreateDIBSection, CreateDCA, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, CopyEnhMetaFileA, CombineRgn, BitBlt |
user32.dll | CreateWindowExA, WindowFromPoint, WinHelpA, WaitMessage, UpdateWindow, UnregisterClassA, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, SystemParametersInfoA, ShowWindow, ShowScrollBar, ShowOwnedPopups, ShowCursor, ShowCaret, SetWindowsHookExA, SetWindowTextA, SetWindowPos, SetWindowPlacement, SetWindowLongA, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRect, SetPropA, SetParent, SetMenuItemInfoA, SetMenu, SetForegroundWindow, SetFocus, SetCursor, SetClipboardData, SetClassLongA, SetCapture, SetActiveWindow, SendMessageA, ScrollWindow, ScreenToClient, RemovePropA, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageA, RegisterClipboardFormatA, RegisterClassA, RedrawWindow, PtInRect, PostQuitMessage, PostMessageA, PeekMessageA, OpenClipboard, OffsetRect, OemToCharA, MessageBoxA, MessageBeep, MapWindowPoints, MapVirtualKeyA, LoadStringA, LoadKeyboardLayoutA, LoadIconA, LoadCursorA, LoadBitmapA, KillTimer, IsZoomed, IsWindowVisible, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageA, IsChild, InvalidateRect, IntersectRect, InsertMenuItemA, InsertMenuA, InflateRect, HideCaret, GetWindowThreadProcessId, GetWindowTextA, GetWindowRect, GetWindowPlacement, GetWindowLongA, GetWindowDC, GetUpdateRect, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColorBrush, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetPropA, GetParent, GetWindow, GetMenuStringA, GetMenuState, GetMenuItemInfoA, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextA, GetIconInfo, GetForegroundWindow, GetFocus, GetDlgItem, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClipboardData, GetClientRect, GetClassNameA, GetClassInfoA, GetCapture, GetActiveWindow, FrameRect, FindWindowA, FillRect, EqualRect, EnumWindows, EnumThreadWindows, EndPaint, EnableWindow, EnableScrollBar, EnableMenuItem, EmptyClipboard, DrawTextA, DrawStateA, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawFocusRect, DrawEdge, DispatchMessageA, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DefWindowProcA, DefMDIChildProcA, DefFrameProcA, CreatePopupMenu, CreateMenu, CreateIcon, CloseClipboard, ClientToScreen, CheckMenuItem, CallWindowProcA, CallNextHookEx, BeginPaint, CharNextA, CharLowerBuffA, CharLowerA, CharUpperBuffA, CharToOemA, AdjustWindowRectEx, ActivateKeyboardLayout |
kernel32.dll | Sleep |
oleaut32.dll | SafeArrayPtrOfIndex, SafeArrayPutElement, SafeArrayGetElement, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopyInd, VariantCopy, VariantClear, VariantInit |
ole32.dll | CoTaskMemFree, ProgIDFromCLSID, StringFromCLSID, CoCreateInstance, CoUninitialize, CoInitialize, IsEqualGUID |
oleaut32.dll | GetErrorInfo, GetActiveObject, SysFreeString |
comctl32.dll | ImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_SetDragCursorImage, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_Remove, ImageList_DrawEx, ImageList_Replace, ImageList_Draw, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_ReplaceIcon, ImageList_Add, ImageList_SetImageCount, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create, InitCommonControls |
winspool.drv | OpenPrinterA, EnumPrintersA, DocumentPropertiesA, ClosePrinter |
shell32.dll | ShellExecuteA |
comdlg32.dll | GetSaveFileNameA, GetOpenFileNameA |
winmm.dll | sndPlaySoundA |
kernel32 | VirtualProtect, GetProcAddress |
URL | AddMIMEFileTypesPS |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States | |
German | Germany |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Aug 5, 2022 11:29:02.215034008 CEST | 49784 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:29:02.310251951 CEST | 2442 | 49784 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:29:02.848417044 CEST | 49784 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:29:02.943662882 CEST | 2442 | 49784 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:29:03.448482990 CEST | 49784 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:29:03.543705940 CEST | 2442 | 49784 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:29:04.573559046 CEST | 49785 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:29:04.671610117 CEST | 2442 | 49785 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:29:05.190604925 CEST | 49785 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:29:05.288259983 CEST | 2442 | 49785 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:29:05.892695904 CEST | 49785 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:29:05.990417957 CEST | 2442 | 49785 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:29:07.038170099 CEST | 49787 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:29:07.132850885 CEST | 2442 | 49787 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:29:07.763283014 CEST | 49787 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:29:07.857615948 CEST | 2442 | 49787 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:29:08.450799942 CEST | 49787 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:29:08.544441938 CEST | 2442 | 49787 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:29:09.677699089 CEST | 49788 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:29:09.771477938 CEST | 2442 | 49788 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:29:10.450978994 CEST | 49788 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:29:10.545030117 CEST | 2442 | 49788 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:29:11.060378075 CEST | 49788 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:29:11.154350996 CEST | 2442 | 49788 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:29:12.200670004 CEST | 49789 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:29:12.295372963 CEST | 2442 | 49789 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:29:12.904258966 CEST | 49789 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:29:12.998805046 CEST | 2442 | 49789 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:29:13.513674021 CEST | 49789 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:29:13.607850075 CEST | 2442 | 49789 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:29:14.636627913 CEST | 49792 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:29:14.730544090 CEST | 2442 | 49792 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:29:15.294990063 CEST | 49792 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:29:15.388828039 CEST | 2442 | 49792 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:29:15.893026114 CEST | 49792 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:29:15.987512112 CEST | 2442 | 49792 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:29:17.066796064 CEST | 49798 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:29:17.162373066 CEST | 2442 | 49798 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:29:17.750139952 CEST | 49798 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:29:17.845583916 CEST | 2442 | 49798 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:29:18.350229979 CEST | 49798 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:29:18.447462082 CEST | 2442 | 49798 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:29:19.492218018 CEST | 49804 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:29:19.589941025 CEST | 2442 | 49804 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:29:20.101403952 CEST | 49804 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:29:20.198950052 CEST | 2442 | 49804 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:29:20.901417017 CEST | 49804 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:29:20.999027014 CEST | 2442 | 49804 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:29:22.129579067 CEST | 49805 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:29:22.226104021 CEST | 2442 | 49805 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:29:22.750619888 CEST | 49805 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:29:22.847090006 CEST | 2442 | 49805 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:29:23.350569963 CEST | 49805 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:29:23.447024107 CEST | 2442 | 49805 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:29:24.478112936 CEST | 49807 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:29:24.574439049 CEST | 2442 | 49807 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:29:24.738317013 CEST | 49808 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:24.738347054 CEST | 443 | 49808 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:24.738432884 CEST | 49808 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:24.738967896 CEST | 49808 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:24.738979101 CEST | 443 | 49808 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:24.858933926 CEST | 443 | 49808 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:24.859107971 CEST | 49808 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:24.860426903 CEST | 443 | 49808 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:24.860555887 CEST | 49808 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:24.943790913 CEST | 49808 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:24.943818092 CEST | 443 | 49808 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:24.944324970 CEST | 443 | 49808 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:24.944384098 CEST | 49808 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:24.945410013 CEST | 49808 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:24.987375021 CEST | 443 | 49808 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:25.107742071 CEST | 49807 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:29:25.141964912 CEST | 443 | 49808 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:25.142021894 CEST | 443 | 49808 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:25.142066002 CEST | 443 | 49808 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:25.142119884 CEST | 49808 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:25.142148972 CEST | 49808 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:25.142158985 CEST | 443 | 49808 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:25.142172098 CEST | 443 | 49808 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:25.142256975 CEST | 49808 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:25.142273903 CEST | 49808 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:25.148289919 CEST | 49808 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:25.148797989 CEST | 443 | 49808 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:25.148832083 CEST | 443 | 49808 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:25.148901939 CEST | 49808 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:25.148941040 CEST | 49808 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:25.202805996 CEST | 2442 | 49807 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:29:25.795777082 CEST | 49807 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:29:25.890801907 CEST | 2442 | 49807 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:29:26.681442022 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:26.681490898 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:26.681591988 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:26.682666063 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:26.682687044 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:26.776566982 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:26.777185917 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:26.780611038 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:26.780649900 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:26.787744045 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:26.787785053 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:26.937491894 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:26.937566042 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:26.937716961 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:26.937728882 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:26.937776089 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:26.937805891 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:26.937836885 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:26.937844038 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:26.937865973 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:26.937916040 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:26.937927008 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:26.937979937 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:26.961997986 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:26.962105989 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:26.962136030 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:26.962182999 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:26.962300062 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:26.962317944 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:26.962430954 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:26.962508917 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:26.962524891 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:26.962572098 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:26.962639093 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:26.962651014 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:26.962701082 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:26.962707996 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:26.962730885 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:26.962780952 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:26.962815046 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:26.962825060 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:26.962867022 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:26.962939024 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:26.962953091 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:26.962970972 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:26.963038921 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:26.963051081 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:26.963109016 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:26.988390923 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:26.988511086 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:26.988549948 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:26.988650084 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:26.988739014 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:26.988759041 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:26.988820076 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:26.988856077 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:26.988940954 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:26.988955021 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:26.989078999 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:26.989161015 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:26.989176035 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:26.989232063 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:26.989294052 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:26.989381075 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:26.989397049 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:26.989447117 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:26.989521980 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:26.989610910 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:26.989628077 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:26.989672899 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:26.989763021 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:26.989842892 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:26.989856958 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:26.989908934 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:26.990000963 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:26.990098953 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:26.990114927 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:26.990164995 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:26.990185976 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:26.990262032 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:26.990263939 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:26.990292072 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:26.990336895 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:26.990359068 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:26.991481066 CEST | 49812 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:29:27.014750957 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:27.014794111 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:27.014908075 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:27.014941931 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:27.014957905 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:27.014992952 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:27.015033007 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:27.015064955 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:27.015109062 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:27.015117884 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:27.015151024 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:27.015163898 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:27.015453100 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:27.015484095 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:27.015588045 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:27.015605927 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:27.015655041 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:27.015934944 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:27.015961885 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:27.015999079 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:27.016011953 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:27.016032934 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:27.016052008 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:27.016413927 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:27.016443014 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:27.016478062 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:27.016490936 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:27.016515017 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:27.016535997 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:27.016848087 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:27.016882896 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:27.016910076 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:27.016921997 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:27.016947031 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:27.016969919 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:27.017298937 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:27.017352104 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:27.017412901 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:27.017426968 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:27.017441034 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:27.017501116 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:27.017786026 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:27.017817974 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:27.017868042 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:27.017879009 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:27.017910957 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:27.017923117 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:27.018258095 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:27.018285990 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:27.018337011 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:27.018351078 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:27.018390894 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:27.018399954 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:27.018690109 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:27.018718958 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:27.018769979 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:27.018780947 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:27.018793106 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:27.018836975 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:27.043704987 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:27.043740988 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:27.043900967 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:27.043927908 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:27.043997049 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:27.044022083 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:27.044054985 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:27.044095039 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:27.044105053 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:27.044142008 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:27.044162989 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:27.044425964 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:27.044454098 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:27.044533014 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:27.044543982 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:27.044585943 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:27.044816017 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:27.044846058 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:27.044918060 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:27.044930935 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:27.044976950 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:27.045202017 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:27.045232058 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:27.045294046 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:27.045305014 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:27.045341015 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:27.045361996 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:27.045685053 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:27.045732021 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:27.045766115 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:27.045783043 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:27.045816898 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:27.045844078 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:27.046063900 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:27.046092987 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:27.046134949 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:27.046152115 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:27.046191931 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:27.046215057 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:27.046596050 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:27.046641111 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:27.046684027 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:27.046698093 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:27.046732903 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:27.046760082 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:27.047017097 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:27.047051907 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:27.047086000 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:27.047100067 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:27.047122955 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:27.047148943 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:27.085009098 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:27.085072994 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:27.085203886 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:27.085230112 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:27.085236073 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:27.085256100 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:27.085297108 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:27.085305929 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:27.085334063 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:27.085355997 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:27.085376024 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:27.085402012 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:27.085438013 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:27.085469961 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:27.085503101 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:27.085511923 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:27.085541010 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:27.085565090 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:27.085607052 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:27.085639000 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:27.085673094 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:27.085681915 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:27.085712910 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:27.085733891 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:27.085757017 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:27.085799932 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:27.085829973 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:27.085866928 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:27.086443901 CEST | 2442 | 49812 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:29:27.164904118 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:27.164931059 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:27.164948940 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:27.165043116 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:27.165055990 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:27.165090084 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:27.165097952 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:27.165111065 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:27.165144920 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:27.165183067 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:27.165240049 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:27.165323019 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:27.165344954 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:27.165410042 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:27.165431976 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:27.165452003 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:27.165499926 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:27.165529966 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:27.165551901 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:27.165561914 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:27.165606022 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:27.165606976 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:27.165640116 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:27.165649891 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:27.165668964 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:27.165699005 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:27.438245058 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:27.438361883 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:27.438393116 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:27.438419104 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:27.601914883 CEST | 49812 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:29:27.697243929 CEST | 2442 | 49812 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:29:28.202007055 CEST | 49812 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:29:28.297141075 CEST | 2442 | 49812 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:29:30.403029919 CEST | 49813 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:29:30.496577024 CEST | 2442 | 49813 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:29:31.051204920 CEST | 49813 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:29:31.146502972 CEST | 2442 | 49813 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:29:31.651190996 CEST | 49813 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:29:31.744761944 CEST | 2442 | 49813 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:29:32.933150053 CEST | 49815 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:29:33.026851892 CEST | 2442 | 49815 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:29:33.693382025 CEST | 49815 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:29:33.787117958 CEST | 2442 | 49815 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:29:34.287400007 CEST | 49815 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:29:34.381431103 CEST | 2442 | 49815 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:29:34.723417997 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:35.438097954 CEST | 49817 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:29:35.535609961 CEST | 2442 | 49817 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:29:35.659323931 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:36.051568031 CEST | 49817 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:29:36.149167061 CEST | 2442 | 49817 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:29:36.651598930 CEST | 49817 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:29:36.749360085 CEST | 2442 | 49817 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:29:37.786983967 CEST | 49818 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:29:37.884315968 CEST | 2442 | 49818 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:29:38.451735973 CEST | 49818 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:29:38.549107075 CEST | 2442 | 49818 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:29:39.051811934 CEST | 49818 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:29:39.149343967 CEST | 2442 | 49818 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:29:40.180624962 CEST | 49819 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:29:40.278574944 CEST | 2442 | 49819 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:29:40.796924114 CEST | 49819 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:29:40.894800901 CEST | 2442 | 49819 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:29:41.496418953 CEST | 49819 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:29:41.595016003 CEST | 2442 | 49819 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:29:42.453412056 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:42.453469992 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:42.640232086 CEST | 49820 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:29:42.734594107 CEST | 2442 | 49820 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:29:43.296091080 CEST | 49820 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:29:43.390270948 CEST | 2442 | 49820 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:29:43.996629953 CEST | 49820 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:29:44.090595961 CEST | 2442 | 49820 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:29:45.527937889 CEST | 49821 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:29:45.624315023 CEST | 2442 | 49821 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:29:46.152343988 CEST | 49821 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:29:46.250047922 CEST | 2442 | 49821 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:29:46.752424955 CEST | 49821 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:29:46.848814011 CEST | 2442 | 49821 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:29:52.145160913 CEST | 49822 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:29:52.241601944 CEST | 2442 | 49822 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:29:52.752984047 CEST | 49822 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:29:52.847621918 CEST | 2442 | 49822 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:29:53.352857113 CEST | 49822 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:29:53.447504044 CEST | 2442 | 49822 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:29:54.505736113 CEST | 49824 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:29:54.603734970 CEST | 2442 | 49824 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:29:55.153036118 CEST | 49824 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:29:55.251105070 CEST | 2442 | 49824 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:29:55.753051043 CEST | 49824 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:29:55.851171017 CEST | 2442 | 49824 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:29:56.881795883 CEST | 49826 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:29:56.977871895 CEST | 2442 | 49826 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:29:57.497297049 CEST | 49826 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:29:57.593338013 CEST | 2442 | 49826 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:29:58.097801924 CEST | 49826 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:29:58.193831921 CEST | 2442 | 49826 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:29:59.231230974 CEST | 49827 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:29:59.327188015 CEST | 2442 | 49827 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:29:59.853450060 CEST | 49827 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:29:59.950264931 CEST | 2442 | 49827 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:30:00.453591108 CEST | 49827 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:30:00.549969912 CEST | 2442 | 49827 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:30:01.582068920 CEST | 49829 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:30:01.675775051 CEST | 2442 | 49829 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:30:02.200858116 CEST | 49829 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:30:02.295196056 CEST | 2442 | 49829 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:30:02.798021078 CEST | 49829 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:30:02.891797066 CEST | 2442 | 49829 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:30:03.954324961 CEST | 49830 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:30:04.048573971 CEST | 2442 | 49830 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:30:04.598453999 CEST | 49830 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:30:04.692207098 CEST | 2442 | 49830 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:30:05.197855949 CEST | 49830 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:30:05.291431904 CEST | 2442 | 49830 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:30:06.406157017 CEST | 49831 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:30:06.502816916 CEST | 2442 | 49831 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:30:07.164632082 CEST | 49831 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:30:07.261236906 CEST | 2442 | 49831 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:30:07.867805958 CEST | 49831 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:30:07.964617014 CEST | 2442 | 49831 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:30:09.960267067 CEST | 49832 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:30:10.055728912 CEST | 2442 | 49832 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:30:10.664932013 CEST | 49832 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:30:10.760387897 CEST | 2442 | 49832 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:30:11.368145943 CEST | 49832 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:30:11.463578939 CEST | 2442 | 49832 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:30:12.506262064 CEST | 49833 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:30:12.601438999 CEST | 2442 | 49833 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:30:13.212066889 CEST | 49833 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:30:13.307151079 CEST | 2442 | 49833 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:30:13.899689913 CEST | 49833 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:30:13.995086908 CEST | 2442 | 49833 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:30:15.039235115 CEST | 49834 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:30:15.135487080 CEST | 2442 | 49834 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:30:15.649763107 CEST | 49834 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:30:15.746546030 CEST | 2442 | 49834 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:30:16.259161949 CEST | 49834 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:30:16.355668068 CEST | 2442 | 49834 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:30:17.417839050 CEST | 49835 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:30:17.511317015 CEST | 2442 | 49835 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:30:18.024969101 CEST | 49835 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:30:18.118371964 CEST | 2442 | 49835 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:30:18.634478092 CEST | 49835 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:30:18.727871895 CEST | 2442 | 49835 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:30:19.774023056 CEST | 49836 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:30:19.866731882 CEST | 2442 | 49836 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:30:20.368901968 CEST | 49836 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:30:20.461700916 CEST | 2442 | 49836 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:30:20.962678909 CEST | 49836 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:30:21.055454969 CEST | 2442 | 49836 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:30:22.077133894 CEST | 49837 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:30:22.175276041 CEST | 2442 | 49837 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:30:22.681605101 CEST | 49837 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:30:22.780509949 CEST | 2442 | 49837 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:30:23.291018963 CEST | 49837 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:30:23.389339924 CEST | 2442 | 49837 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:30:24.422214985 CEST | 49842 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:30:24.521477938 CEST | 2442 | 49842 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:30:25.134931087 CEST | 49842 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:30:25.234378099 CEST | 2442 | 49842 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:30:25.744420052 CEST | 49842 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:30:25.844167948 CEST | 2442 | 49842 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:30:26.895535946 CEST | 49846 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:30:26.990678072 CEST | 2442 | 49846 | 87.251.79.109 | 192.168.2.6 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Aug 5, 2022 11:28:14.245707989 CEST | 55201 | 53 | 192.168.2.6 | 8.8.8.8 |
Aug 5, 2022 11:28:15.658751011 CEST | 59293 | 53 | 192.168.2.6 | 8.8.8.8 |
Aug 5, 2022 11:29:02.184688091 CEST | 52858 | 53 | 192.168.2.6 | 8.8.8.8 |
Aug 5, 2022 11:29:02.204082012 CEST | 53 | 52858 | 8.8.8.8 | 192.168.2.6 |
Aug 5, 2022 11:29:04.549520969 CEST | 50029 | 53 | 192.168.2.6 | 8.8.8.8 |
Aug 5, 2022 11:29:04.571603060 CEST | 53 | 50029 | 8.8.8.8 | 192.168.2.6 |
Aug 5, 2022 11:29:07.006860018 CEST | 51194 | 53 | 192.168.2.6 | 8.8.8.8 |
Aug 5, 2022 11:29:07.036387920 CEST | 53 | 51194 | 8.8.8.8 | 192.168.2.6 |
Aug 5, 2022 11:29:09.657099962 CEST | 51666 | 53 | 192.168.2.6 | 8.8.8.8 |
Aug 5, 2022 11:29:09.675156116 CEST | 53 | 51666 | 8.8.8.8 | 192.168.2.6 |
Aug 5, 2022 11:29:12.175276995 CEST | 57037 | 53 | 192.168.2.6 | 8.8.8.8 |
Aug 5, 2022 11:29:12.195884943 CEST | 53 | 57037 | 8.8.8.8 | 192.168.2.6 |
Aug 5, 2022 11:29:14.485907078 CEST | 54529 | 53 | 192.168.2.6 | 8.8.8.8 |
Aug 5, 2022 11:29:14.615339994 CEST | 62643 | 53 | 192.168.2.6 | 8.8.8.8 |
Aug 5, 2022 11:29:14.634816885 CEST | 53 | 62643 | 8.8.8.8 | 192.168.2.6 |
Aug 5, 2022 11:29:15.163304090 CEST | 54015 | 53 | 192.168.2.6 | 8.8.8.8 |
Aug 5, 2022 11:29:17.043893099 CEST | 52089 | 53 | 192.168.2.6 | 8.8.8.8 |
Aug 5, 2022 11:29:17.064167023 CEST | 53 | 52089 | 8.8.8.8 | 192.168.2.6 |
Aug 5, 2022 11:29:19.464258909 CEST | 52698 | 53 | 192.168.2.6 | 8.8.8.8 |
Aug 5, 2022 11:29:19.483652115 CEST | 53 | 52698 | 8.8.8.8 | 192.168.2.6 |
Aug 5, 2022 11:29:22.043886900 CEST | 53829 | 53 | 192.168.2.6 | 8.8.8.8 |
Aug 5, 2022 11:29:22.063394070 CEST | 53 | 53829 | 8.8.8.8 | 192.168.2.6 |
Aug 5, 2022 11:29:23.417946100 CEST | 61901 | 53 | 192.168.2.6 | 8.8.8.8 |
Aug 5, 2022 11:29:24.456671953 CEST | 58689 | 53 | 192.168.2.6 | 8.8.8.8 |
Aug 5, 2022 11:29:24.473798990 CEST | 53 | 58689 | 8.8.8.8 | 192.168.2.6 |
Aug 5, 2022 11:29:24.677567959 CEST | 50081 | 53 | 192.168.2.6 | 8.8.8.8 |
Aug 5, 2022 11:29:26.964517117 CEST | 65526 | 53 | 192.168.2.6 | 8.8.8.8 |
Aug 5, 2022 11:29:26.983617067 CEST | 53 | 65526 | 8.8.8.8 | 192.168.2.6 |
Aug 5, 2022 11:29:30.382174015 CEST | 53049 | 53 | 192.168.2.6 | 8.8.8.8 |
Aug 5, 2022 11:29:30.401618958 CEST | 53 | 53049 | 8.8.8.8 | 192.168.2.6 |
Aug 5, 2022 11:29:32.910898924 CEST | 52125 | 53 | 192.168.2.6 | 8.8.8.8 |
Aug 5, 2022 11:29:32.931596041 CEST | 53 | 52125 | 8.8.8.8 | 192.168.2.6 |
Aug 5, 2022 11:29:35.394706011 CEST | 63104 | 53 | 192.168.2.6 | 8.8.8.8 |
Aug 5, 2022 11:29:35.411910057 CEST | 53 | 63104 | 8.8.8.8 | 192.168.2.6 |
Aug 5, 2022 11:29:37.767740011 CEST | 55083 | 53 | 192.168.2.6 | 8.8.8.8 |
Aug 5, 2022 11:29:37.785396099 CEST | 53 | 55083 | 8.8.8.8 | 192.168.2.6 |
Aug 5, 2022 11:29:40.154763937 CEST | 58360 | 53 | 192.168.2.6 | 8.8.8.8 |
Aug 5, 2022 11:29:40.174287081 CEST | 53 | 58360 | 8.8.8.8 | 192.168.2.6 |
Aug 5, 2022 11:29:42.614136934 CEST | 59724 | 53 | 192.168.2.6 | 8.8.8.8 |
Aug 5, 2022 11:29:42.633620977 CEST | 53 | 59724 | 8.8.8.8 | 192.168.2.6 |
Aug 5, 2022 11:29:45.355396032 CEST | 56071 | 53 | 192.168.2.6 | 8.8.8.8 |
Aug 5, 2022 11:29:45.374742985 CEST | 53 | 56071 | 8.8.8.8 | 192.168.2.6 |
Aug 5, 2022 11:29:51.785748005 CEST | 59106 | 53 | 192.168.2.6 | 8.8.8.8 |
Aug 5, 2022 11:29:51.805361986 CEST | 53 | 59106 | 8.8.8.8 | 192.168.2.6 |
Aug 5, 2022 11:29:54.478871107 CEST | 60658 | 53 | 192.168.2.6 | 8.8.8.8 |
Aug 5, 2022 11:29:54.498269081 CEST | 53 | 60658 | 8.8.8.8 | 192.168.2.6 |
Aug 5, 2022 11:29:56.859287977 CEST | 53170 | 53 | 192.168.2.6 | 8.8.8.8 |
Aug 5, 2022 11:29:56.877358913 CEST | 53 | 53170 | 8.8.8.8 | 192.168.2.6 |
Aug 5, 2022 11:29:59.211819887 CEST | 65367 | 53 | 192.168.2.6 | 8.8.8.8 |
Aug 5, 2022 11:29:59.229491949 CEST | 53 | 65367 | 8.8.8.8 | 192.168.2.6 |
Aug 5, 2022 11:30:01.560338020 CEST | 64544 | 53 | 192.168.2.6 | 8.8.8.8 |
Aug 5, 2022 11:30:01.579909086 CEST | 53 | 64544 | 8.8.8.8 | 192.168.2.6 |
Aug 5, 2022 11:30:03.899482965 CEST | 49679 | 53 | 192.168.2.6 | 8.8.8.8 |
Aug 5, 2022 11:30:03.917027950 CEST | 53 | 49679 | 8.8.8.8 | 192.168.2.6 |
Aug 5, 2022 11:30:06.336374044 CEST | 60361 | 53 | 192.168.2.6 | 8.8.8.8 |
Aug 5, 2022 11:30:06.355673075 CEST | 53 | 60361 | 8.8.8.8 | 192.168.2.6 |
Aug 5, 2022 11:30:09.932691097 CEST | 63771 | 53 | 192.168.2.6 | 8.8.8.8 |
Aug 5, 2022 11:30:09.954303026 CEST | 53 | 63771 | 8.8.8.8 | 192.168.2.6 |
Aug 5, 2022 11:30:12.483689070 CEST | 64579 | 53 | 192.168.2.6 | 8.8.8.8 |
Aug 5, 2022 11:30:12.504652977 CEST | 53 | 64579 | 8.8.8.8 | 192.168.2.6 |
Aug 5, 2022 11:30:15.014569044 CEST | 58801 | 53 | 192.168.2.6 | 8.8.8.8 |
Aug 5, 2022 11:30:15.035667896 CEST | 53 | 58801 | 8.8.8.8 | 192.168.2.6 |
Aug 5, 2022 11:30:17.395205021 CEST | 59028 | 53 | 192.168.2.6 | 8.8.8.8 |
Aug 5, 2022 11:30:17.416325092 CEST | 53 | 59028 | 8.8.8.8 | 192.168.2.6 |
Aug 5, 2022 11:30:19.745235920 CEST | 61571 | 53 | 192.168.2.6 | 8.8.8.8 |
Aug 5, 2022 11:30:19.772651911 CEST | 53 | 61571 | 8.8.8.8 | 192.168.2.6 |
Aug 5, 2022 11:30:22.058725119 CEST | 49463 | 53 | 192.168.2.6 | 8.8.8.8 |
Aug 5, 2022 11:30:22.076283932 CEST | 53 | 49463 | 8.8.8.8 | 192.168.2.6 |
Aug 5, 2022 11:30:24.401899099 CEST | 64597 | 53 | 192.168.2.6 | 8.8.8.8 |
Aug 5, 2022 11:30:24.421556950 CEST | 53 | 64597 | 8.8.8.8 | 192.168.2.6 |
Aug 5, 2022 11:30:26.868767023 CEST | 57178 | 53 | 192.168.2.6 | 8.8.8.8 |
Aug 5, 2022 11:30:26.888618946 CEST | 53 | 57178 | 8.8.8.8 | 192.168.2.6 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Aug 5, 2022 11:28:14.245707989 CEST | 192.168.2.6 | 8.8.8.8 | 0xecb5 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 5, 2022 11:28:15.658751011 CEST | 192.168.2.6 | 8.8.8.8 | 0x35da | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 5, 2022 11:29:02.184688091 CEST | 192.168.2.6 | 8.8.8.8 | 0x28e6 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 5, 2022 11:29:04.549520969 CEST | 192.168.2.6 | 8.8.8.8 | 0x570 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 5, 2022 11:29:07.006860018 CEST | 192.168.2.6 | 8.8.8.8 | 0x4377 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 5, 2022 11:29:09.657099962 CEST | 192.168.2.6 | 8.8.8.8 | 0xc21e | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 5, 2022 11:29:12.175276995 CEST | 192.168.2.6 | 8.8.8.8 | 0xd995 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 5, 2022 11:29:14.485907078 CEST | 192.168.2.6 | 8.8.8.8 | 0x472d | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 5, 2022 11:29:14.615339994 CEST | 192.168.2.6 | 8.8.8.8 | 0xc72c | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 5, 2022 11:29:15.163304090 CEST | 192.168.2.6 | 8.8.8.8 | 0x6a2 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 5, 2022 11:29:17.043893099 CEST | 192.168.2.6 | 8.8.8.8 | 0x5cda | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 5, 2022 11:29:19.464258909 CEST | 192.168.2.6 | 8.8.8.8 | 0x54ff | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 5, 2022 11:29:22.043886900 CEST | 192.168.2.6 | 8.8.8.8 | 0x7ba2 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 5, 2022 11:29:23.417946100 CEST | 192.168.2.6 | 8.8.8.8 | 0xde98 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 5, 2022 11:29:24.456671953 CEST | 192.168.2.6 | 8.8.8.8 | 0x8eb5 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 5, 2022 11:29:24.677567959 CEST | 192.168.2.6 | 8.8.8.8 | 0x1f50 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 5, 2022 11:29:26.964517117 CEST | 192.168.2.6 | 8.8.8.8 | 0x9f83 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 5, 2022 11:29:30.382174015 CEST | 192.168.2.6 | 8.8.8.8 | 0x1107 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 5, 2022 11:29:32.910898924 CEST | 192.168.2.6 | 8.8.8.8 | 0x9a8d | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 5, 2022 11:29:35.394706011 CEST | 192.168.2.6 | 8.8.8.8 | 0x417d | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 5, 2022 11:29:37.767740011 CEST | 192.168.2.6 | 8.8.8.8 | 0x7294 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 5, 2022 11:29:40.154763937 CEST | 192.168.2.6 | 8.8.8.8 | 0x321e | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 5, 2022 11:29:42.614136934 CEST | 192.168.2.6 | 8.8.8.8 | 0xf920 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 5, 2022 11:29:45.355396032 CEST | 192.168.2.6 | 8.8.8.8 | 0x238f | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 5, 2022 11:29:51.785748005 CEST | 192.168.2.6 | 8.8.8.8 | 0x6ea1 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 5, 2022 11:29:54.478871107 CEST | 192.168.2.6 | 8.8.8.8 | 0xc238 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 5, 2022 11:29:56.859287977 CEST | 192.168.2.6 | 8.8.8.8 | 0x570e | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 5, 2022 11:29:59.211819887 CEST | 192.168.2.6 | 8.8.8.8 | 0x7c76 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 5, 2022 11:30:01.560338020 CEST | 192.168.2.6 | 8.8.8.8 | 0xa1fa | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 5, 2022 11:30:03.899482965 CEST | 192.168.2.6 | 8.8.8.8 | 0x8273 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 5, 2022 11:30:06.336374044 CEST | 192.168.2.6 | 8.8.8.8 | 0xd8f7 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 5, 2022 11:30:09.932691097 CEST | 192.168.2.6 | 8.8.8.8 | 0xda79 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 5, 2022 11:30:12.483689070 CEST | 192.168.2.6 | 8.8.8.8 | 0x210 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 5, 2022 11:30:15.014569044 CEST | 192.168.2.6 | 8.8.8.8 | 0xe251 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 5, 2022 11:30:17.395205021 CEST | 192.168.2.6 | 8.8.8.8 | 0xfe71 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 5, 2022 11:30:19.745235920 CEST | 192.168.2.6 | 8.8.8.8 | 0xad3f | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 5, 2022 11:30:22.058725119 CEST | 192.168.2.6 | 8.8.8.8 | 0xfeb5 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 5, 2022 11:30:24.401899099 CEST | 192.168.2.6 | 8.8.8.8 | 0x844b | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 5, 2022 11:30:26.868767023 CEST | 192.168.2.6 | 8.8.8.8 | 0x84e7 | Standard query (0) | A (IP address) | IN (0x0001) |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Aug 5, 2022 11:28:14.287856102 CEST | 8.8.8.8 | 192.168.2.6 | 0xecb5 | No error (0) | odc-web-geo.onedrive.akadns.net | CNAME (Canonical name) | IN (0x0001) | ||
Aug 5, 2022 11:28:15.716984034 CEST | 8.8.8.8 | 192.168.2.6 | 0x35da | No error (0) | am-files.fe.1drv.com | CNAME (Canonical name) | IN (0x0001) | ||
Aug 5, 2022 11:28:15.716984034 CEST | 8.8.8.8 | 192.168.2.6 | 0x35da | No error (0) | odc-am-files-geo.onedrive.akadns.net | CNAME (Canonical name) | IN (0x0001) | ||
Aug 5, 2022 11:29:02.204082012 CEST | 8.8.8.8 | 192.168.2.6 | 0x28e6 | No error (0) | 87.251.79.109 | A (IP address) | IN (0x0001) | ||
Aug 5, 2022 11:29:04.571603060 CEST | 8.8.8.8 | 192.168.2.6 | 0x570 | No error (0) | 87.251.79.109 | A (IP address) | IN (0x0001) | ||
Aug 5, 2022 11:29:07.036387920 CEST | 8.8.8.8 | 192.168.2.6 | 0x4377 | No error (0) | 87.251.79.109 | A (IP address) | IN (0x0001) | ||
Aug 5, 2022 11:29:09.675156116 CEST | 8.8.8.8 | 192.168.2.6 | 0xc21e | No error (0) | 87.251.79.109 | A (IP address) | IN (0x0001) | ||
Aug 5, 2022 11:29:12.195884943 CEST | 8.8.8.8 | 192.168.2.6 | 0xd995 | No error (0) | 87.251.79.109 | A (IP address) | IN (0x0001) | ||
Aug 5, 2022 11:29:14.528187990 CEST | 8.8.8.8 | 192.168.2.6 | 0x472d | No error (0) | odc-web-geo.onedrive.akadns.net | CNAME (Canonical name) | IN (0x0001) | ||
Aug 5, 2022 11:29:14.634816885 CEST | 8.8.8.8 | 192.168.2.6 | 0xc72c | No error (0) | 87.251.79.109 | A (IP address) | IN (0x0001) | ||
Aug 5, 2022 11:29:15.223334074 CEST | 8.8.8.8 | 192.168.2.6 | 0x6a2 | No error (0) | am-files.fe.1drv.com | CNAME (Canonical name) | IN (0x0001) | ||
Aug 5, 2022 11:29:15.223334074 CEST | 8.8.8.8 | 192.168.2.6 | 0x6a2 | No error (0) | odc-am-files-geo.onedrive.akadns.net | CNAME (Canonical name) | IN (0x0001) | ||
Aug 5, 2022 11:29:17.064167023 CEST | 8.8.8.8 | 192.168.2.6 | 0x5cda | No error (0) | 87.251.79.109 | A (IP address) | IN (0x0001) | ||
Aug 5, 2022 11:29:19.483652115 CEST | 8.8.8.8 | 192.168.2.6 | 0x54ff | No error (0) | 87.251.79.109 | A (IP address) | IN (0x0001) | ||
Aug 5, 2022 11:29:22.063394070 CEST | 8.8.8.8 | 192.168.2.6 | 0x7ba2 | No error (0) | 87.251.79.109 | A (IP address) | IN (0x0001) | ||
Aug 5, 2022 11:29:23.590820074 CEST | 8.8.8.8 | 192.168.2.6 | 0xde98 | No error (0) | odc-web-geo.onedrive.akadns.net | CNAME (Canonical name) | IN (0x0001) | ||
Aug 5, 2022 11:29:24.473798990 CEST | 8.8.8.8 | 192.168.2.6 | 0x8eb5 | No error (0) | 87.251.79.109 | A (IP address) | IN (0x0001) | ||
Aug 5, 2022 11:29:24.736212015 CEST | 8.8.8.8 | 192.168.2.6 | 0x1f50 | No error (0) | am-files.fe.1drv.com | CNAME (Canonical name) | IN (0x0001) | ||
Aug 5, 2022 11:29:24.736212015 CEST | 8.8.8.8 | 192.168.2.6 | 0x1f50 | No error (0) | odc-am-files-geo.onedrive.akadns.net | CNAME (Canonical name) | IN (0x0001) | ||
Aug 5, 2022 11:29:24.736212015 CEST | 8.8.8.8 | 192.168.2.6 | 0x1f50 | No error (0) | 13.107.43.12 | A (IP address) | IN (0x0001) | ||
Aug 5, 2022 11:29:26.983617067 CEST | 8.8.8.8 | 192.168.2.6 | 0x9f83 | No error (0) | 87.251.79.109 | A (IP address) | IN (0x0001) | ||
Aug 5, 2022 11:29:30.401618958 CEST | 8.8.8.8 | 192.168.2.6 | 0x1107 | No error (0) | 87.251.79.109 | A (IP address) | IN (0x0001) | ||
Aug 5, 2022 11:29:32.931596041 CEST | 8.8.8.8 | 192.168.2.6 | 0x9a8d | No error (0) | 87.251.79.109 | A (IP address) | IN (0x0001) | ||
Aug 5, 2022 11:29:35.411910057 CEST | 8.8.8.8 | 192.168.2.6 | 0x417d | No error (0) | 87.251.79.109 | A (IP address) | IN (0x0001) | ||
Aug 5, 2022 11:29:37.785396099 CEST | 8.8.8.8 | 192.168.2.6 | 0x7294 | No error (0) | 87.251.79.109 | A (IP address) | IN (0x0001) | ||
Aug 5, 2022 11:29:40.174287081 CEST | 8.8.8.8 | 192.168.2.6 | 0x321e | No error (0) | 87.251.79.109 | A (IP address) | IN (0x0001) | ||
Aug 5, 2022 11:29:42.633620977 CEST | 8.8.8.8 | 192.168.2.6 | 0xf920 | No error (0) | 87.251.79.109 | A (IP address) | IN (0x0001) | ||
Aug 5, 2022 11:29:45.374742985 CEST | 8.8.8.8 | 192.168.2.6 | 0x238f | No error (0) | 87.251.79.109 | A (IP address) | IN (0x0001) | ||
Aug 5, 2022 11:29:51.805361986 CEST | 8.8.8.8 | 192.168.2.6 | 0x6ea1 | No error (0) | 87.251.79.109 | A (IP address) | IN (0x0001) | ||
Aug 5, 2022 11:29:54.498269081 CEST | 8.8.8.8 | 192.168.2.6 | 0xc238 | No error (0) | 87.251.79.109 | A (IP address) | IN (0x0001) | ||
Aug 5, 2022 11:29:56.877358913 CEST | 8.8.8.8 | 192.168.2.6 | 0x570e | No error (0) | 87.251.79.109 | A (IP address) | IN (0x0001) | ||
Aug 5, 2022 11:29:59.229491949 CEST | 8.8.8.8 | 192.168.2.6 | 0x7c76 | No error (0) | 87.251.79.109 | A (IP address) | IN (0x0001) | ||
Aug 5, 2022 11:30:01.579909086 CEST | 8.8.8.8 | 192.168.2.6 | 0xa1fa | No error (0) | 87.251.79.109 | A (IP address) | IN (0x0001) | ||
Aug 5, 2022 11:30:03.917027950 CEST | 8.8.8.8 | 192.168.2.6 | 0x8273 | No error (0) | 87.251.79.109 | A (IP address) | IN (0x0001) | ||
Aug 5, 2022 11:30:06.355673075 CEST | 8.8.8.8 | 192.168.2.6 | 0xd8f7 | No error (0) | 87.251.79.109 | A (IP address) | IN (0x0001) | ||
Aug 5, 2022 11:30:09.954303026 CEST | 8.8.8.8 | 192.168.2.6 | 0xda79 | No error (0) | 87.251.79.109 | A (IP address) | IN (0x0001) | ||
Aug 5, 2022 11:30:12.504652977 CEST | 8.8.8.8 | 192.168.2.6 | 0x210 | No error (0) | 87.251.79.109 | A (IP address) | IN (0x0001) | ||
Aug 5, 2022 11:30:15.035667896 CEST | 8.8.8.8 | 192.168.2.6 | 0xe251 | No error (0) | 87.251.79.109 | A (IP address) | IN (0x0001) | ||
Aug 5, 2022 11:30:17.416325092 CEST | 8.8.8.8 | 192.168.2.6 | 0xfe71 | No error (0) | 87.251.79.109 | A (IP address) | IN (0x0001) | ||
Aug 5, 2022 11:30:19.772651911 CEST | 8.8.8.8 | 192.168.2.6 | 0xad3f | No error (0) | 87.251.79.109 | A (IP address) | IN (0x0001) | ||
Aug 5, 2022 11:30:22.076283932 CEST | 8.8.8.8 | 192.168.2.6 | 0xfeb5 | No error (0) | 87.251.79.109 | A (IP address) | IN (0x0001) | ||
Aug 5, 2022 11:30:24.421556950 CEST | 8.8.8.8 | 192.168.2.6 | 0x844b | No error (0) | 87.251.79.109 | A (IP address) | IN (0x0001) | ||
Aug 5, 2022 11:30:26.888618946 CEST | 8.8.8.8 | 192.168.2.6 | 0x84e7 | No error (0) | 87.251.79.109 | A (IP address) | IN (0x0001) |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.6 | 49808 | 13.107.43.12 | 443 | C:\Users\Public\Libraries\Accyaz.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-08-05 09:29:24 UTC | 0 | OUT | |
2022-08-05 09:29:25 UTC | 0 | IN | |
2022-08-05 09:29:25 UTC | 1 | IN | |
2022-08-05 09:29:25 UTC | 1 | IN | |
2022-08-05 09:29:25 UTC | 9 | IN | |
2022-08-05 09:29:25 UTC | 17 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.2.6 | 49811 | 13.107.43.12 | 443 | C:\Users\Public\Libraries\Accyaz.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-08-05 09:29:26 UTC | 25 | OUT | |
2022-08-05 09:29:26 UTC | 25 | IN | |
2022-08-05 09:29:26 UTC | 27 | IN | |
2022-08-05 09:29:26 UTC | 30 | IN | |
2022-08-05 09:29:26 UTC | 38 | IN | |
2022-08-05 09:29:26 UTC | 46 | IN | |
2022-08-05 09:29:26 UTC | 54 | IN | |
2022-08-05 09:29:26 UTC | 62 | IN | |
2022-08-05 09:29:26 UTC | 70 | IN | |
2022-08-05 09:29:26 UTC | 78 | IN | |
2022-08-05 09:29:26 UTC | 86 | IN | |
2022-08-05 09:29:26 UTC | 94 | IN | |
2022-08-05 09:29:26 UTC | 102 | IN | |
2022-08-05 09:29:26 UTC | 110 | IN | |
2022-08-05 09:29:26 UTC | 118 | IN | |
2022-08-05 09:29:26 UTC | 126 | IN | |
2022-08-05 09:29:26 UTC | 134 | IN | |
2022-08-05 09:29:26 UTC | 142 | IN | |
2022-08-05 09:29:26 UTC | 150 | IN | |
2022-08-05 09:29:26 UTC | 158 | IN | |
2022-08-05 09:29:26 UTC | 166 | IN | |
2022-08-05 09:29:27 UTC | 182 | IN | |
2022-08-05 09:29:27 UTC | 198 | IN | |
2022-08-05 09:29:27 UTC | 214 | IN | |
2022-08-05 09:29:27 UTC | 230 | IN | |
2022-08-05 09:29:27 UTC | 246 | IN | |
2022-08-05 09:29:27 UTC | 262 | IN | |
2022-08-05 09:29:27 UTC | 278 | IN | |
2022-08-05 09:29:27 UTC | 294 | IN | |
2022-08-05 09:29:27 UTC | 310 | IN | |
2022-08-05 09:29:27 UTC | 326 | IN | |
2022-08-05 09:29:27 UTC | 342 | IN | |
2022-08-05 09:29:27 UTC | 358 | IN | |
2022-08-05 09:29:27 UTC | 374 | IN | |
2022-08-05 09:29:27 UTC | 390 | IN | |
2022-08-05 09:29:27 UTC | 406 | IN | |
2022-08-05 09:29:27 UTC | 422 | IN | |
2022-08-05 09:29:27 UTC | 438 | IN | |
2022-08-05 09:29:27 UTC | 454 | IN | |
2022-08-05 09:29:27 UTC | 470 | IN | |
2022-08-05 09:29:27 UTC | 486 | IN | |
2022-08-05 09:29:27 UTC | 502 | IN | |
2022-08-05 09:29:27 UTC | 518 | IN | |
2022-08-05 09:29:27 UTC | 534 | IN | |
2022-08-05 09:29:27 UTC | 550 | IN | |
2022-08-05 09:29:27 UTC | 566 | IN | |
2022-08-05 09:29:27 UTC | 582 | IN | |
2022-08-05 09:29:27 UTC | 598 | IN | |
2022-08-05 09:29:27 UTC | 614 | IN | |
2022-08-05 09:29:27 UTC | 630 | IN | |
2022-08-05 09:29:27 UTC | 646 | IN | |
2022-08-05 09:29:27 UTC | 662 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 11:28:12 |
Start date: | 05/08/2022 |
Path: | C:\Users\user\Desktop\VoRTaSs6hl.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 1011712 bytes |
MD5 hash: | 6E2D9824EEEBAD8B1507FA4238892439 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Borland Delphi |
Yara matches: |
|
Reputation: | low |
Target ID: | 8 |
Start time: | 11:29:00 |
Start date: | 05/08/2022 |
Path: | C:\Users\user\Desktop\VoRTaSs6hl.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 1011712 bytes |
MD5 hash: | 6E2D9824EEEBAD8B1507FA4238892439 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Target ID: | 10 |
Start time: | 11:29:11 |
Start date: | 05/08/2022 |
Path: | C:\Users\Public\Libraries\Accyaz.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 1011712 bytes |
MD5 hash: | 6E2D9824EEEBAD8B1507FA4238892439 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Borland Delphi |
Yara matches: |
|
Antivirus matches: |
|
Reputation: | low |
Target ID: | 12 |
Start time: | 11:29:20 |
Start date: | 05/08/2022 |
Path: | C:\Users\Public\Libraries\Accyaz.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 1011712 bytes |
MD5 hash: | 6E2D9824EEEBAD8B1507FA4238892439 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Borland Delphi |
Yara matches: |
|
Reputation: | low |
Target ID: | 16 |
Start time: | 11:29:42 |
Start date: | 05/08/2022 |
Path: | C:\Users\Public\Libraries\Accyaz.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 1011712 bytes |
MD5 hash: | 6E2D9824EEEBAD8B1507FA4238892439 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Target ID: | 20 |
Start time: | 11:30:02 |
Start date: | 05/08/2022 |
Path: | C:\Users\Public\Libraries\Accyaz.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 1011712 bytes |
MD5 hash: | 6E2D9824EEEBAD8B1507FA4238892439 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Function 03BDFAE2 Relevance: 1.4, Strings: 1, Instructions: 150COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03BD88E3 Relevance: 1.3, Strings: 1, Instructions: 72COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03C3088D Relevance: 1.3, Strings: 1, Instructions: 72COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03BD8214 Relevance: .8, Instructions: 798COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03BDFB5C Relevance: .1, Instructions: 118COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03C2FE71 Relevance: 31.4, Strings: 25, Instructions: 144COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03BD8000 Relevance: 25.1, Strings: 20, Instructions: 80COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02A1FEA5 Relevance: 31.4, Strings: 25, Instructions: 144COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 029C8000 Relevance: 30.1, Strings: 24, Instructions: 89COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |