Edit tour
Windows
Analysis Report
INV.2022LB0362 FORM CO (2).exe
Overview
General Information
| Sample Name: | INV.2022LB0362 FORM CO (2).exe |
| Analysis ID: | 756310 |
| MD5: | baed30aea51e6000571219633aa745b0 |
| SHA1: | d7e3b155c00245a7f867dd2fb4c06cb7be6ec3f7 |
| SHA256: | 57520e51bb0820741b7883926800223886c491a8a5ddd517a49b0e2cc752fb18 |
| Tags: | exeLoki |
| Infos: |  |
 | |
Detection
Lokibot
| Score: | 100 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Yara detected AntiVM3
Yara detected Lokibot
Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Snort IDS alert for network traffic
Tries to steal Mail credentials (via file / registry access)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Yara detected aPLib compressed binary
Tries to harvest and steal ftp login credentials
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Machine Learning detection for sample
.NET source code contains potential unpacker
C2 URLs / IPs found in malware configuration
Tries to harvest and steal browser information (history, passwords, etc)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
May sleep (evasive loops) to hinder dynamic analysis
Internet Provider seen in connection with other malware
Detected potential crypto function
Yara detected Credential Stealer
IP address seen in connection with other malware
Contains long sleeps (>= 3 min)
Enables debug privileges
Sample file is different than original file name gathered from version info
Uses a known web browser user agent for HTTP communication
Binary contains a suspicious time stamp
Creates a process in suspended mode (likely to inject code)
Classification
- System is w10x64
INV.2022LB0362 FORM CO (2).exe (PID: 6092 cmdline: C:\Users\u ser\Deskto p\INV.2022 LB0362 FOR M CO (2).e xe MD5: BAED30AEA51E6000571219633AA745B0) - INV.2022LB0362 FORM CO (2).exe (PID: 2240 cmdline:
C:\Users\u ser\Deskto p\INV.2022 LB0362 FOR M CO (2).e xe MD5: BAED30AEA51E6000571219633AA745B0) - INV.2022LB0362 FORM CO (2).exe (PID: 5164 cmdline:
C:\Users\u ser\Deskto p\INV.2022 LB0362 FOR M CO (2).e xe MD5: BAED30AEA51E6000571219633AA745B0) - INV.2022LB0362 FORM CO (2).exe (PID: 6132 cmdline:
C:\Users\u ser\Deskto p\INV.2022 LB0362 FOR M CO (2).e xe MD5: BAED30AEA51E6000571219633AA745B0)
- cleanup
{"C2 list": ["http://kbfvzoboss.bid/alien/fre.php", "http://alphastand.trade/alien/fre.php", "http://alphastand.win/alien/fre.php", "http://alphastand.top/alien/fre.php", "http://sempersim.su/gm11/fre.php"]}| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_Lokibot_1 | Yara detected Lokibot | Joe Security |
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
| JoeSecurity_aPLib_compressed_binary | Yara detected aPLib compressed binary | Joe Security | ||
| JoeSecurity_Lokibot | Yara detected Lokibot | Joe Security | ||
| Windows_Trojan_Lokibot_1f885282 | unknown | unknown |
| |
| Windows_Trojan_Lokibot_0f421617 | unknown | unknown |
| |
| Click to see the 27 entries | ||||
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| SUSP_XORed_URL_in_EXE | Detects an XORed URL in an executable | Florian Roth |
| |
| JoeSecurity_aPLib_compressed_binary | Yara detected aPLib compressed binary | Joe Security | ||
| Windows_Trojan_Lokibot_1f885282 | unknown | unknown |
| |
| Windows_Trojan_Lokibot_0f421617 | unknown | unknown |
| |
| Loki_1 | Loki Payload | kevoreilly |
| |
| Click to see the 43 entries | ||||
⊘No Sigma rule has matched
| Timestamp: | 192.168.2.395.213.216.20249705802024318 11/30/22-00:54:20.168790 |
| SID: | 2024318 |
| Source Port: | 49705 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249702802021641 11/30/22-00:54:14.871390 |
| SID: | 2021641 |
| Source Port: | 49702 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249738802024313 11/30/22-00:55:23.450513 |
| SID: | 2024313 |
| Source Port: | 49738 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249734802825766 11/30/22-00:55:16.065951 |
| SID: | 2825766 |
| Source Port: | 49734 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 95.213.216.202192.168.2.380497272025483 11/30/22-00:55:04.982566 |
| SID: | 2025483 |
| Source Port: | 80 |
| Destination Port: | 49727 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249741802024313 11/30/22-00:55:29.247109 |
| SID: | 2024313 |
| Source Port: | 49741 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249701802825766 11/30/22-00:54:12.581436 |
| SID: | 2825766 |
| Source Port: | 49701 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249749802025381 11/30/22-00:55:43.976237 |
| SID: | 2025381 |
| Source Port: | 49749 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249759802825766 11/30/22-00:56:01.042444 |
| SID: | 2825766 |
| Source Port: | 49759 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249738802024318 11/30/22-00:55:23.450513 |
| SID: | 2024318 |
| Source Port: | 49738 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249735802021641 11/30/22-00:55:17.863854 |
| SID: | 2021641 |
| Source Port: | 49735 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249705802024313 11/30/22-00:54:20.168790 |
| SID: | 2024313 |
| Source Port: | 49705 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249741802024318 11/30/22-00:55:29.247109 |
| SID: | 2024318 |
| Source Port: | 49741 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 95.213.216.202192.168.2.380497232025483 11/30/22-00:54:57.894669 |
| SID: | 2025483 |
| Source Port: | 80 |
| Destination Port: | 49723 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249752802025381 11/30/22-00:55:49.378987 |
| SID: | 2025381 |
| Source Port: | 49752 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249716802025381 11/30/22-00:54:43.829219 |
| SID: | 2025381 |
| Source Port: | 49716 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249707802021641 11/30/22-00:54:24.716724 |
| SID: | 2021641 |
| Source Port: | 49707 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249757802025381 11/30/22-00:55:58.948901 |
| SID: | 2025381 |
| Source Port: | 49757 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249730802021641 11/30/22-00:55:08.823725 |
| SID: | 2021641 |
| Source Port: | 49730 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.861416532014169 11/30/22-00:55:12.379224 |
| SID: | 2014169 |
| Source Port: | 61416 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | Potentially Bad Traffic |
| Timestamp: | 192.168.2.38.8.8.860088532014169 11/30/22-00:55:21.529314 |
| SID: | 2014169 |
| Source Port: | 60088 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | Potentially Bad Traffic |
| Timestamp: | 192.168.2.395.213.216.20249713802024313 11/30/22-00:54:37.979213 |
| SID: | 2024313 |
| Source Port: | 49713 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249726802825766 11/30/22-00:55:01.673863 |
| SID: | 2825766 |
| Source Port: | 49726 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249713802024318 11/30/22-00:54:37.979213 |
| SID: | 2024318 |
| Source Port: | 49713 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.857743532014169 11/30/22-00:55:08.735474 |
| SID: | 2014169 |
| Source Port: | 57743 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | Potentially Bad Traffic |
| Timestamp: | 192.168.2.395.213.216.20249754802825766 11/30/22-00:55:53.496270 |
| SID: | 2825766 |
| Source Port: | 49754 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 95.213.216.202192.168.2.380497572025483 11/30/22-00:55:59.773200 |
| SID: | 2025483 |
| Source Port: | 80 |
| Destination Port: | 49757 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249744802025381 11/30/22-00:55:34.401351 |
| SID: | 2025381 |
| Source Port: | 49744 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.859820532014169 11/30/22-00:55:29.162121 |
| SID: | 2014169 |
| Source Port: | 59820 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | Potentially Bad Traffic |
| Timestamp: | 192.168.2.38.8.8.853305532014169 11/30/22-00:54:54.648302 |
| SID: | 2014169 |
| Source Port: | 53305 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | Potentially Bad Traffic |
| Timestamp: | 95.213.216.202192.168.2.380497532025483 11/30/22-00:55:52.887247 |
| SID: | 2025483 |
| Source Port: | 80 |
| Destination Port: | 49753 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249708802025381 11/30/22-00:54:26.803652 |
| SID: | 2025381 |
| Source Port: | 49708 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 95.213.216.202192.168.2.380497162025483 11/30/22-00:54:45.204539 |
| SID: | 2025483 |
| Source Port: | 80 |
| Destination Port: | 49716 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 95.213.216.202192.168.2.380497382025483 11/30/22-00:55:24.982216 |
| SID: | 2025483 |
| Source Port: | 80 |
| Destination Port: | 49738 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249758802024313 11/30/22-00:56:00.034214 |
| SID: | 2024313 |
| Source Port: | 49758 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249755802021641 11/30/22-00:55:55.653974 |
| SID: | 2021641 |
| Source Port: | 49755 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 95.213.216.202192.168.2.380497302025483 11/30/22-00:55:10.337695 |
| SID: | 2025483 |
| Source Port: | 80 |
| Destination Port: | 49730 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 95.213.216.202192.168.2.380497342025483 11/30/22-00:55:17.565495 |
| SID: | 2025483 |
| Source Port: | 80 |
| Destination Port: | 49734 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249758802024318 11/30/22-00:56:00.034214 |
| SID: | 2024318 |
| Source Port: | 49758 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.852387532014169 11/30/22-00:54:14.412323 |
| SID: | 2014169 |
| Source Port: | 52387 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | Potentially Bad Traffic |
| Timestamp: | 192.168.2.395.213.216.20249721802024318 11/30/22-00:54:53.572062 |
| SID: | 2024318 |
| Source Port: | 49721 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249727802021641 11/30/22-00:55:03.486766 |
| SID: | 2021641 |
| Source Port: | 49727 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249750802021641 11/30/22-00:55:45.758418 |
| SID: | 2021641 |
| Source Port: | 49750 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 95.213.216.202192.168.2.380497122025483 11/30/22-00:54:37.552263 |
| SID: | 2025483 |
| Source Port: | 80 |
| Destination Port: | 49712 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249718802825766 11/30/22-00:54:47.592007 |
| SID: | 2825766 |
| Source Port: | 49718 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.851992532014169 11/30/22-00:55:36.286012 |
| SID: | 2014169 |
| Source Port: | 51992 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | Potentially Bad Traffic |
| Timestamp: | 192.168.2.38.8.8.860625532014169 11/30/22-00:54:18.863516 |
| SID: | 2014169 |
| Source Port: | 60625 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | Potentially Bad Traffic |
| Timestamp: | 192.168.2.395.213.216.20249736802025381 11/30/22-00:55:19.643476 |
| SID: | 2025381 |
| Source Port: | 49736 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249721802024313 11/30/22-00:54:53.572062 |
| SID: | 2024313 |
| Source Port: | 49721 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249746802825766 11/30/22-00:55:38.275174 |
| SID: | 2825766 |
| Source Port: | 49746 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249722802021641 11/30/22-00:54:54.732179 |
| SID: | 2021641 |
| Source Port: | 49722 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249699802025381 11/30/22-00:54:07.324934 |
| SID: | 2025381 |
| Source Port: | 49699 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249714802021641 11/30/22-00:54:39.977728 |
| SID: | 2021641 |
| Source Port: | 49714 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 95.213.216.202192.168.2.380497492025483 11/30/22-00:55:45.483574 |
| SID: | 2025483 |
| Source Port: | 80 |
| Destination Port: | 49749 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249712802025381 11/30/22-00:54:35.972913 |
| SID: | 2025381 |
| Source Port: | 49712 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.857840532014169 11/30/22-00:54:09.401173 |
| SID: | 2014169 |
| Source Port: | 57840 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | Potentially Bad Traffic |
| Timestamp: | 192.168.2.38.8.8.858301532014169 11/30/22-00:55:42.001541 |
| SID: | 2014169 |
| Source Port: | 58301 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | Potentially Bad Traffic |
| Timestamp: | 192.168.2.395.213.216.20249740802025381 11/30/22-00:55:27.193434 |
| SID: | 2025381 |
| Source Port: | 49740 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 95.213.216.202192.168.2.380497422025483 11/30/22-00:55:32.668199 |
| SID: | 2025483 |
| Source Port: | 80 |
| Destination Port: | 49742 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.863562532014169 11/30/22-00:55:23.368358 |
| SID: | 2014169 |
| Source Port: | 63562 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | Potentially Bad Traffic |
| Timestamp: | 95.213.216.202192.168.2.380497412025483 11/30/22-00:55:30.821604 |
| SID: | 2025483 |
| Source Port: | 80 |
| Destination Port: | 49741 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.850784532014169 11/30/22-00:55:55.557056 |
| SID: | 2014169 |
| Source Port: | 50784 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | Potentially Bad Traffic |
| Timestamp: | 192.168.2.395.213.216.20249723802021641 11/30/22-00:54:56.463103 |
| SID: | 2021641 |
| Source Port: | 49723 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249713802825766 11/30/22-00:54:37.979213 |
| SID: | 2825766 |
| Source Port: | 49713 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249726802024313 11/30/22-00:55:01.673863 |
| SID: | 2024313 |
| Source Port: | 49726 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249728802025381 11/30/22-00:55:05.285201 |
| SID: | 2025381 |
| Source Port: | 49728 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249726802024318 11/30/22-00:55:01.673863 |
| SID: | 2024318 |
| Source Port: | 49726 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249737802025381 11/30/22-00:55:21.614296 |
| SID: | 2025381 |
| Source Port: | 49737 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 95.213.216.202192.168.2.380497112025483 11/30/22-00:54:35.462242 |
| SID: | 2025483 |
| Source Port: | 80 |
| Destination Port: | 49711 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.856949532014169 11/30/22-00:54:59.841953 |
| SID: | 2014169 |
| Source Port: | 56949 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | Potentially Bad Traffic |
| Timestamp: | 192.168.2.395.213.216.20249753802024318 11/30/22-00:55:51.242717 |
| SID: | 2024318 |
| Source Port: | 49753 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249753802024313 11/30/22-00:55:51.242717 |
| SID: | 2024313 |
| Source Port: | 49753 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 95.213.216.202192.168.2.380497082025483 11/30/22-00:54:28.382639 |
| SID: | 2025483 |
| Source Port: | 80 |
| Destination Port: | 49708 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249714802825766 11/30/22-00:54:39.977728 |
| SID: | 2825766 |
| Source Port: | 49714 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249725802024313 11/30/22-00:54:59.930841 |
| SID: | 2024313 |
| Source Port: | 49725 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249756802025381 11/30/22-00:55:57.533680 |
| SID: | 2025381 |
| Source Port: | 49756 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.860825532014169 11/30/22-00:55:59.940841 |
| SID: | 2014169 |
| Source Port: | 60825 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | Potentially Bad Traffic |
| Timestamp: | 192.168.2.395.213.216.20249754802024313 11/30/22-00:55:53.496270 |
| SID: | 2024313 |
| Source Port: | 49754 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249748802021641 11/30/22-00:55:42.098367 |
| SID: | 2021641 |
| Source Port: | 49748 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249725802024318 11/30/22-00:54:59.930841 |
| SID: | 2024318 |
| Source Port: | 49725 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249742802021641 11/30/22-00:55:31.101064 |
| SID: | 2021641 |
| Source Port: | 49742 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249755802825766 11/30/22-00:55:55.653974 |
| SID: | 2825766 |
| Source Port: | 49755 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249754802024318 11/30/22-00:55:53.496270 |
| SID: | 2024318 |
| Source Port: | 49754 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249709802025381 11/30/22-00:54:29.164231 |
| SID: | 2025381 |
| Source Port: | 49709 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.849977532014169 11/30/22-00:54:06.875981 |
| SID: | 2014169 |
| Source Port: | 49977 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | Potentially Bad Traffic |
| Timestamp: | 192.168.2.38.8.8.856924532014169 11/30/22-00:54:16.879287 |
| SID: | 2014169 |
| Source Port: | 56924 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | Potentially Bad Traffic |
| Timestamp: | 192.168.2.395.213.216.20249700802024317 11/30/22-00:54:09.487691 |
| SID: | 2024317 |
| Source Port: | 49700 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249739802825766 11/30/22-00:55:25.267085 |
| SID: | 2825766 |
| Source Port: | 49739 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.860582532014169 11/30/22-00:54:28.778637 |
| SID: | 2014169 |
| Source Port: | 60582 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | Potentially Bad Traffic |
| Timestamp: | 95.213.216.202192.168.2.380497192025483 11/30/22-00:54:51.280995 |
| SID: | 2025483 |
| Source Port: | 80 |
| Destination Port: | 49719 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.864595532014169 11/30/22-00:55:31.020256 |
| SID: | 2014169 |
| Source Port: | 64595 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | Potentially Bad Traffic |
| Timestamp: | 192.168.2.395.213.216.20249742802825766 11/30/22-00:55:31.101064 |
| SID: | 2825766 |
| Source Port: | 49742 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249700802024312 11/30/22-00:54:09.487691 |
| SID: | 2024312 |
| Source Port: | 49700 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249711802025381 11/30/22-00:54:33.859062 |
| SID: | 2025381 |
| Source Port: | 49711 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.860767532014169 11/30/22-00:54:45.460012 |
| SID: | 2014169 |
| Source Port: | 60767 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | Potentially Bad Traffic |
| Timestamp: | 192.168.2.395.213.216.20249739802021641 11/30/22-00:55:25.267085 |
| SID: | 2021641 |
| Source Port: | 49739 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249724802025381 11/30/22-00:54:58.184483 |
| SID: | 2025381 |
| Source Port: | 49724 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249751802021641 11/30/22-00:55:47.279515 |
| SID: | 2021641 |
| Source Port: | 49751 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249758802825766 11/30/22-00:56:00.034214 |
| SID: | 2825766 |
| Source Port: | 49758 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249710802021641 11/30/22-00:54:31.910937 |
| SID: | 2021641 |
| Source Port: | 49710 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249711802021641 11/30/22-00:54:33.859062 |
| SID: | 2021641 |
| Source Port: | 49711 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.849201532014169 11/30/22-00:56:00.958664 |
| SID: | 2014169 |
| Source Port: | 49201 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | Potentially Bad Traffic |
| Timestamp: | 192.168.2.395.213.216.20249729802024313 11/30/22-00:55:07.068054 |
| SID: | 2024313 |
| Source Port: | 49729 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249758802025381 11/30/22-00:56:00.034214 |
| SID: | 2025381 |
| Source Port: | 49758 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 95.213.216.202192.168.2.380497262025483 11/30/22-00:55:03.204141 |
| SID: | 2025483 |
| Source Port: | 80 |
| Destination Port: | 49726 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249743802025381 11/30/22-00:55:32.962709 |
| SID: | 2025381 |
| Source Port: | 49743 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249729802024318 11/30/22-00:55:07.068054 |
| SID: | 2024318 |
| Source Port: | 49729 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249744802021641 11/30/22-00:55:34.401351 |
| SID: | 2021641 |
| Source Port: | 49744 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249726802021641 11/30/22-00:55:01.673863 |
| SID: | 2021641 |
| Source Port: | 49726 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249750802024313 11/30/22-00:55:45.758418 |
| SID: | 2024313 |
| Source Port: | 49750 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249710802825766 11/30/22-00:54:31.910937 |
| SID: | 2825766 |
| Source Port: | 49710 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 95.213.216.202192.168.2.380497222025483 11/30/22-00:54:56.166551 |
| SID: | 2025483 |
| Source Port: | 80 |
| Destination Port: | 49722 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249750802024318 11/30/22-00:55:45.758418 |
| SID: | 2024318 |
| Source Port: | 49750 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249699802021641 11/30/22-00:54:07.324934 |
| SID: | 2021641 |
| Source Port: | 49699 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 95.213.216.202192.168.2.380497202025483 11/30/22-00:54:53.259308 |
| SID: | 2025483 |
| Source Port: | 80 |
| Destination Port: | 49720 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249701802021641 11/30/22-00:54:12.581436 |
| SID: | 2021641 |
| Source Port: | 49701 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.853623532014169 11/30/22-00:55:10.547934 |
| SID: | 2014169 |
| Source Port: | 53623 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | Potentially Bad Traffic |
| Timestamp: | 192.168.2.395.213.216.20249754802021641 11/30/22-00:55:53.496270 |
| SID: | 2021641 |
| Source Port: | 49754 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249715802025381 11/30/22-00:54:42.060768 |
| SID: | 2025381 |
| Source Port: | 49715 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.852955532014169 11/30/22-00:54:26.705694 |
| SID: | 2014169 |
| Source Port: | 52955 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | Potentially Bad Traffic |
| Timestamp: | 192.168.2.395.213.216.20249740802024313 11/30/22-00:55:27.193434 |
| SID: | 2024313 |
| Source Port: | 49740 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249740802024318 11/30/22-00:55:27.193434 |
| SID: | 2024318 |
| Source Port: | 49740 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249738802025381 11/30/22-00:55:23.450513 |
| SID: | 2025381 |
| Source Port: | 49738 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249731802021641 11/30/22-00:55:10.632751 |
| SID: | 2021641 |
| Source Port: | 49731 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249752802021641 11/30/22-00:55:49.378987 |
| SID: | 2021641 |
| Source Port: | 49752 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249703802021641 11/30/22-00:54:16.960834 |
| SID: | 2021641 |
| Source Port: | 49703 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249712802024313 11/30/22-00:54:35.972913 |
| SID: | 2024313 |
| Source Port: | 49712 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249727802825766 11/30/22-00:55:03.486766 |
| SID: | 2825766 |
| Source Port: | 49727 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249717802025381 11/30/22-00:54:45.540558 |
| SID: | 2025381 |
| Source Port: | 49717 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.859581532014169 11/30/22-00:55:17.784201 |
| SID: | 2014169 |
| Source Port: | 59581 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | Potentially Bad Traffic |
| Timestamp: | 192.168.2.395.213.216.20249712802024318 11/30/22-00:54:35.972913 |
| SID: | 2024318 |
| Source Port: | 49712 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 95.213.216.202192.168.2.380497312025483 11/30/22-00:55:12.166821 |
| SID: | 2025483 |
| Source Port: | 80 |
| Destination Port: | 49731 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249739802024313 11/30/22-00:55:25.267085 |
| SID: | 2024313 |
| Source Port: | 49739 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249725802025381 11/30/22-00:54:59.930841 |
| SID: | 2025381 |
| Source Port: | 49725 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.849166532014169 11/30/22-00:55:40.126118 |
| SID: | 2014169 |
| Source Port: | 49166 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | Potentially Bad Traffic |
| Timestamp: | 192.168.2.38.8.8.860749532014169 11/30/22-00:54:58.103973 |
| SID: | 2014169 |
| Source Port: | 60749 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | Potentially Bad Traffic |
| Timestamp: | 95.213.216.202192.168.2.380497052025483 11/30/22-00:54:21.783216 |
| SID: | 2025483 |
| Source Port: | 80 |
| Destination Port: | 49705 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.853975532014169 11/30/22-00:54:22.160619 |
| SID: | 2014169 |
| Source Port: | 53975 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | Potentially Bad Traffic |
| Timestamp: | 192.168.2.395.213.216.20249753802025381 11/30/22-00:55:51.242717 |
| SID: | 2025381 |
| Source Port: | 49753 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249757802021641 11/30/22-00:55:58.948901 |
| SID: | 2021641 |
| Source Port: | 49757 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249716802021641 11/30/22-00:54:43.829219 |
| SID: | 2021641 |
| Source Port: | 49716 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249739802024318 11/30/22-00:55:25.267085 |
| SID: | 2024318 |
| Source Port: | 49739 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249741802825766 11/30/22-00:55:29.247109 |
| SID: | 2825766 |
| Source Port: | 49741 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249700802825766 11/30/22-00:54:09.487691 |
| SID: | 2825766 |
| Source Port: | 49700 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249720802024313 11/30/22-00:54:51.608521 |
| SID: | 2024313 |
| Source Port: | 49720 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249708802024318 11/30/22-00:54:26.803652 |
| SID: | 2024318 |
| Source Port: | 49708 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 95.213.216.202192.168.2.380497482025483 11/30/22-00:55:43.661913 |
| SID: | 2025483 |
| Source Port: | 80 |
| Destination Port: | 49748 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249731802825766 11/30/22-00:55:10.632751 |
| SID: | 2825766 |
| Source Port: | 49731 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249702802024313 11/30/22-00:54:14.871390 |
| SID: | 2024313 |
| Source Port: | 49702 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249720802024318 11/30/22-00:54:51.608521 |
| SID: | 2024318 |
| Source Port: | 49720 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249737802825766 11/30/22-00:55:21.614296 |
| SID: | 2825766 |
| Source Port: | 49737 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249702802024318 11/30/22-00:54:14.871390 |
| SID: | 2024318 |
| Source Port: | 49702 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249719802825766 11/30/22-00:54:49.641508 |
| SID: | 2825766 |
| Source Port: | 49719 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.863446532014169 11/30/22-00:55:43.898414 |
| SID: | 2014169 |
| Source Port: | 63446 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | Potentially Bad Traffic |
| Timestamp: | 95.213.216.202192.168.2.380497092025483 11/30/22-00:54:30.691043 |
| SID: | 2025483 |
| Source Port: | 80 |
| Destination Port: | 49709 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 95.213.216.202192.168.2.380497432025483 11/30/22-00:55:34.122250 |
| SID: | 2025483 |
| Source Port: | 80 |
| Destination Port: | 49743 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249708802024313 11/30/22-00:54:26.803652 |
| SID: | 2024313 |
| Source Port: | 49708 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.858119532014169 11/30/22-00:55:38.197046 |
| SID: | 2014169 |
| Source Port: | 58119 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | Potentially Bad Traffic |
| Timestamp: | 192.168.2.38.8.8.857990532014169 11/30/22-00:54:11.706174 |
| SID: | 2014169 |
| Source Port: | 57990 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | Potentially Bad Traffic |
| Timestamp: | 192.168.2.395.213.216.20249759802024318 11/30/22-00:56:01.042444 |
| SID: | 2024318 |
| Source Port: | 49759 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249709802825766 11/30/22-00:54:29.164231 |
| SID: | 2825766 |
| Source Port: | 49709 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249730802024313 11/30/22-00:55:08.823725 |
| SID: | 2024313 |
| Source Port: | 49730 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249745802025381 11/30/22-00:55:36.377571 |
| SID: | 2025381 |
| Source Port: | 49745 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249724802021641 11/30/22-00:54:58.184483 |
| SID: | 2021641 |
| Source Port: | 49724 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249759802024313 11/30/22-00:56:01.042444 |
| SID: | 2024313 |
| Source Port: | 49759 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249703802825766 11/30/22-00:54:16.960834 |
| SID: | 2825766 |
| Source Port: | 49703 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249704802025381 11/30/22-00:54:18.966132 |
| SID: | 2025381 |
| Source Port: | 49704 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 95.213.216.202192.168.2.380497152025483 11/30/22-00:54:43.541337 |
| SID: | 2025483 |
| Source Port: | 80 |
| Destination Port: | 49715 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249730802024318 11/30/22-00:55:08.823725 |
| SID: | 2024318 |
| Source Port: | 49730 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249718802024318 11/30/22-00:54:47.592007 |
| SID: | 2024318 |
| Source Port: | 49718 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.864121532014169 11/30/22-00:55:57.444180 |
| SID: | 2014169 |
| Source Port: | 64121 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | Potentially Bad Traffic |
| Timestamp: | 192.168.2.395.213.216.20249719802021641 11/30/22-00:54:49.641508 |
| SID: | 2021641 |
| Source Port: | 49719 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249721802825766 11/30/22-00:54:53.572062 |
| SID: | 2825766 |
| Source Port: | 49721 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 95.213.216.202192.168.2.380497042025483 11/30/22-00:54:19.714505 |
| SID: | 2025483 |
| Source Port: | 80 |
| Destination Port: | 49704 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249747802021641 11/30/22-00:55:40.214633 |
| SID: | 2021641 |
| Source Port: | 49747 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.849874532014169 11/30/22-00:55:45.675021 |
| SID: | 2014169 |
| Source Port: | 49874 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | Potentially Bad Traffic |
| Timestamp: | 192.168.2.395.213.216.20249722802025381 11/30/22-00:54:54.732179 |
| SID: | 2025381 |
| Source Port: | 49722 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249718802024313 11/30/22-00:54:47.592007 |
| SID: | 2024313 |
| Source Port: | 49718 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.853428532014169 11/30/22-00:55:25.189214 |
| SID: | 2014169 |
| Source Port: | 53428 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | Potentially Bad Traffic |
| Timestamp: | 192.168.2.395.213.216.20249736802024318 11/30/22-00:55:19.643476 |
| SID: | 2024318 |
| Source Port: | 49736 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249736802024313 11/30/22-00:55:19.643476 |
| SID: | 2024313 |
| Source Port: | 49736 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249732802025381 11/30/22-00:55:12.457821 |
| SID: | 2025381 |
| Source Port: | 49732 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 95.213.216.202192.168.2.380497592025483 11/30/22-00:56:01.793951 |
| SID: | 2025483 |
| Source Port: | 80 |
| Destination Port: | 49759 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249746802024318 11/30/22-00:55:38.275174 |
| SID: | 2024318 |
| Source Port: | 49746 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249749802024318 11/30/22-00:55:43.976237 |
| SID: | 2024318 |
| Source Port: | 49749 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249737802021641 11/30/22-00:55:21.614296 |
| SID: | 2021641 |
| Source Port: | 49737 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249746802024313 11/30/22-00:55:38.275174 |
| SID: | 2024313 |
| Source Port: | 49746 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 95.213.216.202192.168.2.380497542025483 11/30/22-00:55:55.161061 |
| SID: | 2025483 |
| Source Port: | 80 |
| Destination Port: | 49754 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249735802025381 11/30/22-00:55:17.863854 |
| SID: | 2025381 |
| Source Port: | 49735 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249706802021641 11/30/22-00:54:22.484255 |
| SID: | 2021641 |
| Source Port: | 49706 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249734802021641 11/30/22-00:55:16.065951 |
| SID: | 2021641 |
| Source Port: | 49734 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249699802825766 11/30/22-00:54:07.324934 |
| SID: | 2825766 |
| Source Port: | 49699 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 95.213.216.202192.168.2.380497322025483 11/30/22-00:55:13.950022 |
| SID: | 2025483 |
| Source Port: | 80 |
| Destination Port: | 49732 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 95.213.216.202192.168.2.380497372025483 11/30/22-00:55:23.147009 |
| SID: | 2025483 |
| Source Port: | 80 |
| Destination Port: | 49737 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249749802024313 11/30/22-00:55:43.976237 |
| SID: | 2024313 |
| Source Port: | 49749 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249748802025381 11/30/22-00:55:42.098367 |
| SID: | 2025381 |
| Source Port: | 49748 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 95.213.216.202192.168.2.380497212025483 11/30/22-00:54:54.418787 |
| SID: | 2025483 |
| Source Port: | 80 |
| Destination Port: | 49721 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 95.213.216.202192.168.2.380497102025483 11/30/22-00:54:33.459515 |
| SID: | 2025483 |
| Source Port: | 80 |
| Destination Port: | 49710 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249733802024313 11/30/22-00:55:14.244291 |
| SID: | 2024313 |
| Source Port: | 49733 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249707802025381 11/30/22-00:54:24.716724 |
| SID: | 2025381 |
| Source Port: | 49707 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249733802024318 11/30/22-00:55:14.244291 |
| SID: | 2024318 |
| Source Port: | 49733 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.851139532014169 11/30/22-00:54:24.370686 |
| SID: | 2014169 |
| Source Port: | 51139 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | Potentially Bad Traffic |
| Timestamp: | 192.168.2.395.213.216.20249721802021641 11/30/22-00:54:53.572062 |
| SID: | 2021641 |
| Source Port: | 49721 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249747802825766 11/30/22-00:55:40.214633 |
| SID: | 2825766 |
| Source Port: | 49747 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249706802825766 11/30/22-00:54:22.484255 |
| SID: | 2825766 |
| Source Port: | 49706 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249709802021641 11/30/22-00:54:29.164231 |
| SID: | 2021641 |
| Source Port: | 49709 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.855638532014169 11/30/22-00:54:39.891168 |
| SID: | 2014169 |
| Source Port: | 55638 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | Potentially Bad Traffic |
| Timestamp: | 192.168.2.38.8.8.853466532014169 11/30/22-00:55:06.970990 |
| SID: | 2014169 |
| Source Port: | 53466 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | Potentially Bad Traffic |
| Timestamp: | 192.168.2.395.213.216.20249717802021641 11/30/22-00:54:45.540558 |
| SID: | 2021641 |
| Source Port: | 49717 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.864823532014169 11/30/22-00:55:34.318234 |
| SID: | 2014169 |
| Source Port: | 64823 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | Potentially Bad Traffic |
| Timestamp: | 192.168.2.395.213.216.20249706802025381 11/30/22-00:54:22.484255 |
| SID: | 2025381 |
| Source Port: | 49706 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249716802825766 11/30/22-00:54:43.829219 |
| SID: | 2825766 |
| Source Port: | 49716 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249720802021641 11/30/22-00:54:51.608521 |
| SID: | 2021641 |
| Source Port: | 49720 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.865017532014169 11/30/22-00:55:05.186135 |
| SID: | 2014169 |
| Source Port: | 65017 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | Potentially Bad Traffic |
| Timestamp: | 192.168.2.395.213.216.20249734802025381 11/30/22-00:55:16.065951 |
| SID: | 2025381 |
| Source Port: | 49734 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249723802024318 11/30/22-00:54:56.463103 |
| SID: | 2024318 |
| Source Port: | 49723 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.864602532014169 11/30/22-00:55:53.393350 |
| SID: | 2014169 |
| Source Port: | 64602 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | Potentially Bad Traffic |
| Timestamp: | 95.213.216.202192.168.2.380497252025483 11/30/22-00:55:01.390776 |
| SID: | 2025483 |
| Source Port: | 80 |
| Destination Port: | 49725 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 95.213.216.202192.168.2.380497292025483 11/30/22-00:55:08.539654 |
| SID: | 2025483 |
| Source Port: | 80 |
| Destination Port: | 49729 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249723802024313 11/30/22-00:54:56.463103 |
| SID: | 2024313 |
| Source Port: | 49723 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.853848532014169 11/30/22-00:54:49.539403 |
| SID: | 2014169 |
| Source Port: | 53848 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | Potentially Bad Traffic |
| Timestamp: | 192.168.2.395.213.216.20249744802825766 11/30/22-00:55:34.401351 |
| SID: | 2825766 |
| Source Port: | 49744 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.865107532014169 11/30/22-00:54:47.470066 |
| SID: | 2014169 |
| Source Port: | 65107 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | Potentially Bad Traffic |
| Timestamp: | 192.168.2.395.213.216.20249739802025381 11/30/22-00:55:25.267085 |
| SID: | 2025381 |
| Source Port: | 49739 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249712802021641 11/30/22-00:54:35.972913 |
| SID: | 2021641 |
| Source Port: | 49712 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249753802021641 11/30/22-00:55:51.242717 |
| SID: | 2021641 |
| Source Port: | 49753 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249725802021641 11/30/22-00:54:59.930841 |
| SID: | 2021641 |
| Source Port: | 49725 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249748802024318 11/30/22-00:55:42.098367 |
| SID: | 2024318 |
| Source Port: | 49748 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249731802024313 11/30/22-00:55:10.632751 |
| SID: | 2024313 |
| Source Port: | 49731 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249748802024313 11/30/22-00:55:42.098367 |
| SID: | 2024313 |
| Source Port: | 49748 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.865196532014169 11/30/22-00:55:14.166464 |
| SID: | 2014169 |
| Source Port: | 65196 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | Potentially Bad Traffic |
| Timestamp: | 192.168.2.395.213.216.20249731802024318 11/30/22-00:55:10.632751 |
| SID: | 2024318 |
| Source Port: | 49731 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249708802825766 11/30/22-00:54:26.803652 |
| SID: | 2825766 |
| Source Port: | 49708 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249749802825766 11/30/22-00:55:43.976237 |
| SID: | 2825766 |
| Source Port: | 49749 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249743802024313 11/30/22-00:55:32.962709 |
| SID: | 2024313 |
| Source Port: | 49743 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249757802825766 11/30/22-00:55:58.948901 |
| SID: | 2825766 |
| Source Port: | 49757 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249743802024318 11/30/22-00:55:32.962709 |
| SID: | 2024318 |
| Source Port: | 49743 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249728802024318 11/30/22-00:55:05.285201 |
| SID: | 2024318 |
| Source Port: | 49728 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249750802025381 11/30/22-00:55:45.758418 |
| SID: | 2025381 |
| Source Port: | 49750 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249700802021641 11/30/22-00:54:09.487691 |
| SID: | 2021641 |
| Source Port: | 49700 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249728802024313 11/30/22-00:55:05.285201 |
| SID: | 2024313 |
| Source Port: | 49728 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249714802025381 11/30/22-00:54:39.977728 |
| SID: | 2025381 |
| Source Port: | 49714 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249724802825766 11/30/22-00:54:58.184483 |
| SID: | 2825766 |
| Source Port: | 49724 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249719802025381 11/30/22-00:54:49.641508 |
| SID: | 2025381 |
| Source Port: | 49719 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249756802024318 11/30/22-00:55:57.533680 |
| SID: | 2024318 |
| Source Port: | 49756 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249742802025381 11/30/22-00:55:31.101064 |
| SID: | 2025381 |
| Source Port: | 49742 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249733802021641 11/30/22-00:55:14.244291 |
| SID: | 2021641 |
| Source Port: | 49733 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249729802825766 11/30/22-00:55:07.068054 |
| SID: | 2825766 |
| Source Port: | 49729 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.857704532014169 11/30/22-00:54:41.979608 |
| SID: | 2014169 |
| Source Port: | 57704 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | Potentially Bad Traffic |
| Timestamp: | 192.168.2.395.213.216.20249715802024318 11/30/22-00:54:42.060768 |
| SID: | 2024318 |
| Source Port: | 49715 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249752802825766 11/30/22-00:55:49.378987 |
| SID: | 2825766 |
| Source Port: | 49752 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249756802024313 11/30/22-00:55:57.533680 |
| SID: | 2024313 |
| Source Port: | 49756 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249715802024313 11/30/22-00:54:42.060768 |
| SID: | 2024313 |
| Source Port: | 49715 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249751802024313 11/30/22-00:55:47.279515 |
| SID: | 2024313 |
| Source Port: | 49751 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249711802825766 11/30/22-00:54:33.859062 |
| SID: | 2825766 |
| Source Port: | 49711 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249751802024318 11/30/22-00:55:47.279515 |
| SID: | 2024318 |
| Source Port: | 49751 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249710802024318 11/30/22-00:54:31.910937 |
| SID: | 2024318 |
| Source Port: | 49710 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249710802024313 11/30/22-00:54:31.910937 |
| SID: | 2024313 |
| Source Port: | 49710 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249747802025381 11/30/22-00:55:40.214633 |
| SID: | 2025381 |
| Source Port: | 49747 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249701802025381 11/30/22-00:54:12.581436 |
| SID: | 2025381 |
| Source Port: | 49701 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249755802025381 11/30/22-00:55:55.653974 |
| SID: | 2025381 |
| Source Port: | 49755 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249729802021641 11/30/22-00:55:07.068054 |
| SID: | 2021641 |
| Source Port: | 49729 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 95.213.216.202192.168.2.380497442025483 11/30/22-00:55:36.086250 |
| SID: | 2025483 |
| Source Port: | 80 |
| Destination Port: | 49744 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249735802024318 11/30/22-00:55:17.863854 |
| SID: | 2024318 |
| Source Port: | 49735 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.853049532014169 11/30/22-00:55:19.563471 |
| SID: | 2014169 |
| Source Port: | 53049 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | Potentially Bad Traffic |
| Timestamp: | 192.168.2.395.213.216.20249735802024313 11/30/22-00:55:17.863854 |
| SID: | 2024313 |
| Source Port: | 49735 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249744802024313 11/30/22-00:55:34.401351 |
| SID: | 2024313 |
| Source Port: | 49744 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 95.213.216.202192.168.2.380497472025483 11/30/22-00:55:41.771804 |
| SID: | 2025483 |
| Source Port: | 80 |
| Destination Port: | 49747 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249744802024318 11/30/22-00:55:34.401351 |
| SID: | 2024318 |
| Source Port: | 49744 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249741802021641 11/30/22-00:55:29.247109 |
| SID: | 2021641 |
| Source Port: | 49741 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249704802825766 11/30/22-00:54:18.966132 |
| SID: | 2825766 |
| Source Port: | 49704 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249746802025381 11/30/22-00:55:38.275174 |
| SID: | 2025381 |
| Source Port: | 49746 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249732802021641 11/30/22-00:55:12.457821 |
| SID: | 2021641 |
| Source Port: | 49732 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249699802024312 11/30/22-00:54:07.324934 |
| SID: | 2024312 |
| Source Port: | 49699 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249707802024313 11/30/22-00:54:24.716724 |
| SID: | 2024313 |
| Source Port: | 49707 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 95.213.216.202192.168.2.380497062025483 11/30/22-00:54:24.053489 |
| SID: | 2025483 |
| Source Port: | 80 |
| Destination Port: | 49706 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 95.213.216.202192.168.2.380497502025483 11/30/22-00:55:46.963833 |
| SID: | 2025483 |
| Source Port: | 80 |
| Destination Port: | 49750 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249699802024317 11/30/22-00:54:07.324934 |
| SID: | 2024317 |
| Source Port: | 49699 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249727802025381 11/30/22-00:55:03.486766 |
| SID: | 2025381 |
| Source Port: | 49727 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.865511532014169 11/30/22-00:55:27.103034 |
| SID: | 2014169 |
| Source Port: | 65511 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | Potentially Bad Traffic |
| Timestamp: | 192.168.2.38.8.8.864967532014169 11/30/22-00:55:58.869049 |
| SID: | 2014169 |
| Source Port: | 64967 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | Potentially Bad Traffic |
| Timestamp: | 192.168.2.395.213.216.20249721802025381 11/30/22-00:54:53.572062 |
| SID: | 2025381 |
| Source Port: | 49721 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249707802024318 11/30/22-00:54:24.716724 |
| SID: | 2024318 |
| Source Port: | 49707 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249713802021641 11/30/22-00:54:37.979213 |
| SID: | 2021641 |
| Source Port: | 49713 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249732802825766 11/30/22-00:55:12.457821 |
| SID: | 2825766 |
| Source Port: | 49732 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249751802825766 11/30/22-00:55:47.279515 |
| SID: | 2825766 |
| Source Port: | 49751 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 95.213.216.202192.168.2.380497552025483 11/30/22-00:55:57.270722 |
| SID: | 2025483 |
| Source Port: | 80 |
| Destination Port: | 49755 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 95.213.216.202192.168.2.380497582025483 11/30/22-00:56:00.797031 |
| SID: | 2025483 |
| Source Port: | 80 |
| Destination Port: | 49758 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 95.213.216.202192.168.2.380497362025483 11/30/22-00:55:21.118367 |
| SID: | 2025483 |
| Source Port: | 80 |
| Destination Port: | 49736 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249703802024318 11/30/22-00:54:16.960834 |
| SID: | 2024318 |
| Source Port: | 49703 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249702802025381 11/30/22-00:54:14.871390 |
| SID: | 2025381 |
| Source Port: | 49702 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249703802024313 11/30/22-00:54:16.960834 |
| SID: | 2024313 |
| Source Port: | 49703 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.857134532014169 11/30/22-00:54:31.820802 |
| SID: | 2014169 |
| Source Port: | 57134 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | Potentially Bad Traffic |
| Timestamp: | 192.168.2.395.213.216.20249758802021641 11/30/22-00:56:00.034214 |
| SID: | 2021641 |
| Source Port: | 49758 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.858691532014169 11/30/22-00:54:53.455722 |
| SID: | 2014169 |
| Source Port: | 58691 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | Potentially Bad Traffic |
| Timestamp: | 192.168.2.395.213.216.20249736802825766 11/30/22-00:55:19.643476 |
| SID: | 2825766 |
| Source Port: | 49736 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249705802025381 11/30/22-00:54:20.168790 |
| SID: | 2025381 |
| Source Port: | 49705 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 95.213.216.202192.168.2.380497332025483 11/30/22-00:55:15.751744 |
| SID: | 2025483 |
| Source Port: | 80 |
| Destination Port: | 49733 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249745802825766 11/30/22-00:55:36.377571 |
| SID: | 2825766 |
| Source Port: | 49745 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 95.213.216.202192.168.2.380497032025483 11/30/22-00:54:18.541620 |
| SID: | 2025483 |
| Source Port: | 80 |
| Destination Port: | 49703 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 95.213.216.202192.168.2.380497142025483 11/30/22-00:54:41.602416 |
| SID: | 2025483 |
| Source Port: | 80 |
| Destination Port: | 49714 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249716802024313 11/30/22-00:54:43.829219 |
| SID: | 2024313 |
| Source Port: | 49716 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.859433532014169 11/30/22-00:54:56.376062 |
| SID: | 2014169 |
| Source Port: | 59433 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | Potentially Bad Traffic |
| Timestamp: | 192.168.2.395.213.216.20249757802024313 11/30/22-00:55:58.948901 |
| SID: | 2024313 |
| Source Port: | 49757 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249717802825766 11/30/22-00:54:45.540558 |
| SID: | 2825766 |
| Source Port: | 49717 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249722802024313 11/30/22-00:54:54.732179 |
| SID: | 2024313 |
| Source Port: | 49722 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249716802024318 11/30/22-00:54:43.829219 |
| SID: | 2024318 |
| Source Port: | 49716 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249759802025381 11/30/22-00:56:01.042444 |
| SID: | 2025381 |
| Source Port: | 49759 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249757802024318 11/30/22-00:55:58.948901 |
| SID: | 2024318 |
| Source Port: | 49757 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249723802825766 11/30/22-00:54:56.463103 |
| SID: | 2825766 |
| Source Port: | 49723 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249718802025381 11/30/22-00:54:47.592007 |
| SID: | 2025381 |
| Source Port: | 49718 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249730802025381 11/30/22-00:55:08.823725 |
| SID: | 2025381 |
| Source Port: | 49730 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249704802021641 11/30/22-00:54:18.966132 |
| SID: | 2021641 |
| Source Port: | 49704 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249722802024318 11/30/22-00:54:54.732179 |
| SID: | 2024318 |
| Source Port: | 49722 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249745802021641 11/30/22-00:55:36.377571 |
| SID: | 2021641 |
| Source Port: | 49745 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249714802024313 11/30/22-00:54:39.977728 |
| SID: | 2024313 |
| Source Port: | 49714 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249725802825766 11/30/22-00:54:59.930841 |
| SID: | 2825766 |
| Source Port: | 49725 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249700802025381 11/30/22-00:54:09.487691 |
| SID: | 2025381 |
| Source Port: | 49700 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249714802024318 11/30/22-00:54:39.977728 |
| SID: | 2024318 |
| Source Port: | 49714 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.858708532014169 11/30/22-00:55:15.985743 |
| SID: | 2014169 |
| Source Port: | 58708 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | Potentially Bad Traffic |
| Timestamp: | 95.213.216.202192.168.2.380497282025483 11/30/22-00:55:06.759571 |
| SID: | 2025483 |
| Source Port: | 80 |
| Destination Port: | 49728 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249732802024318 11/30/22-00:55:12.457821 |
| SID: | 2024318 |
| Source Port: | 49732 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249707802825766 11/30/22-00:54:24.716724 |
| SID: | 2825766 |
| Source Port: | 49707 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 95.213.216.202192.168.2.380497242025483 11/30/22-00:54:59.594972 |
| SID: | 2025483 |
| Source Port: | 80 |
| Destination Port: | 49724 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249732802024313 11/30/22-00:55:12.457821 |
| SID: | 2024313 |
| Source Port: | 49732 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249708802021641 11/30/22-00:54:26.803652 |
| SID: | 2021641 |
| Source Port: | 49708 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249724802024318 11/30/22-00:54:58.184483 |
| SID: | 2024318 |
| Source Port: | 49724 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249759802021641 11/30/22-00:56:01.042444 |
| SID: | 2021641 |
| Source Port: | 49759 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249751802025381 11/30/22-00:55:47.279515 |
| SID: | 2025381 |
| Source Port: | 49751 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249724802024313 11/30/22-00:54:58.184483 |
| SID: | 2024313 |
| Source Port: | 49724 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249710802025381 11/30/22-00:54:31.910937 |
| SID: | 2025381 |
| Source Port: | 49710 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249715802825766 11/30/22-00:54:42.060768 |
| SID: | 2825766 |
| Source Port: | 49715 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249747802024318 11/30/22-00:55:40.214633 |
| SID: | 2024318 |
| Source Port: | 49747 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249747802024313 11/30/22-00:55:40.214633 |
| SID: | 2024313 |
| Source Port: | 49747 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249719802024313 11/30/22-00:54:49.641508 |
| SID: | 2024313 |
| Source Port: | 49719 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249743802825766 11/30/22-00:55:32.962709 |
| SID: | 2825766 |
| Source Port: | 49743 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.857571532014169 11/30/22-00:54:51.528645 |
| SID: | 2014169 |
| Source Port: | 57571 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | Potentially Bad Traffic |
| Timestamp: | 192.168.2.395.213.216.20249719802024318 11/30/22-00:54:49.641508 |
| SID: | 2024318 |
| Source Port: | 49719 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249742802024318 11/30/22-00:55:31.101064 |
| SID: | 2024318 |
| Source Port: | 49742 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.859636532014169 11/30/22-00:54:37.879679 |
| SID: | 2014169 |
| Source Port: | 59636 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | Potentially Bad Traffic |
| Timestamp: | 192.168.2.395.213.216.20249720802825766 11/30/22-00:54:51.608521 |
| SID: | 2825766 |
| Source Port: | 49720 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249742802024313 11/30/22-00:55:31.101064 |
| SID: | 2024313 |
| Source Port: | 49742 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249718802021641 11/30/22-00:54:47.592007 |
| SID: | 2021641 |
| Source Port: | 49718 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249733802025381 11/30/22-00:55:14.244291 |
| SID: | 2025381 |
| Source Port: | 49733 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249736802021641 11/30/22-00:55:19.643476 |
| SID: | 2021641 |
| Source Port: | 49736 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249746802021641 11/30/22-00:55:38.275174 |
| SID: | 2021641 |
| Source Port: | 49746 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249734802024318 11/30/22-00:55:16.065951 |
| SID: | 2024318 |
| Source Port: | 49734 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249723802025381 11/30/22-00:54:56.463103 |
| SID: | 2025381 |
| Source Port: | 49723 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249748802825766 11/30/22-00:55:42.098367 |
| SID: | 2825766 |
| Source Port: | 49748 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249737802024313 11/30/22-00:55:21.614296 |
| SID: | 2024313 |
| Source Port: | 49737 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 95.213.216.202192.168.2.380497562025483 11/30/22-00:55:58.723099 |
| SID: | 2025483 |
| Source Port: | 80 |
| Destination Port: | 49756 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249702802825766 11/30/22-00:54:14.871390 |
| SID: | 2825766 |
| Source Port: | 49702 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249737802024318 11/30/22-00:55:21.614296 |
| SID: | 2024318 |
| Source Port: | 49737 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249730802825766 11/30/22-00:55:08.823725 |
| SID: | 2825766 |
| Source Port: | 49730 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249706802024313 11/30/22-00:54:22.484255 |
| SID: | 2024313 |
| Source Port: | 49706 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249734802024313 11/30/22-00:55:16.065951 |
| SID: | 2024313 |
| Source Port: | 49734 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 95.213.216.202192.168.2.380497352025483 11/30/22-00:55:19.347023 |
| SID: | 2025483 |
| Source Port: | 80 |
| Destination Port: | 49735 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249706802024318 11/30/22-00:54:22.484255 |
| SID: | 2024318 |
| Source Port: | 49706 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 95.213.216.202192.168.2.380497522025483 11/30/22-00:55:50.930381 |
| SID: | 2025483 |
| Source Port: | 80 |
| Destination Port: | 49752 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 95.213.216.202192.168.2.380497172025483 11/30/22-00:54:47.032787 |
| SID: | 2025483 |
| Source Port: | 80 |
| Destination Port: | 49717 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249733802825766 11/30/22-00:55:14.244291 |
| SID: | 2825766 |
| Source Port: | 49733 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 95.213.216.202192.168.2.380497392025483 11/30/22-00:55:26.908255 |
| SID: | 2025483 |
| Source Port: | 80 |
| Destination Port: | 49739 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249720802025381 11/30/22-00:54:51.608521 |
| SID: | 2025381 |
| Source Port: | 49720 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249749802021641 11/30/22-00:55:43.976237 |
| SID: | 2021641 |
| Source Port: | 49749 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.865320532014169 11/30/22-00:54:43.751689 |
| SID: | 2014169 |
| Source Port: | 65320 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | Potentially Bad Traffic |
| Timestamp: | 192.168.2.395.213.216.20249735802825766 11/30/22-00:55:17.863854 |
| SID: | 2825766 |
| Source Port: | 49735 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.852079532014169 11/30/22-00:55:32.870195 |
| SID: | 2014169 |
| Source Port: | 52079 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | Potentially Bad Traffic |
| Timestamp: | 95.213.216.202192.168.2.380497012025483 11/30/22-00:54:14.085146 |
| SID: | 2025483 |
| Source Port: | 80 |
| Destination Port: | 49701 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249731802025381 11/30/22-00:55:10.632751 |
| SID: | 2025381 |
| Source Port: | 49731 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249709802024318 11/30/22-00:54:29.164231 |
| SID: | 2024318 |
| Source Port: | 49709 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249745802024318 11/30/22-00:55:36.377571 |
| SID: | 2024318 |
| Source Port: | 49745 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249709802024313 11/30/22-00:54:29.164231 |
| SID: | 2024313 |
| Source Port: | 49709 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249705802825766 11/30/22-00:54:20.168790 |
| SID: | 2825766 |
| Source Port: | 49705 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249745802024313 11/30/22-00:55:36.377571 |
| SID: | 2024313 |
| Source Port: | 49745 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249704802024318 11/30/22-00:54:18.966132 |
| SID: | 2024318 |
| Source Port: | 49704 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249704802024313 11/30/22-00:54:18.966132 |
| SID: | 2024313 |
| Source Port: | 49704 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249717802024313 11/30/22-00:54:45.540558 |
| SID: | 2024313 |
| Source Port: | 49717 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249722802825766 11/30/22-00:54:54.732179 |
| SID: | 2825766 |
| Source Port: | 49722 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249703802025381 11/30/22-00:54:16.960834 |
| SID: | 2025381 |
| Source Port: | 49703 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.849302532014169 11/30/22-00:54:20.078245 |
| SID: | 2014169 |
| Source Port: | 49302 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | Potentially Bad Traffic |
| Timestamp: | 192.168.2.395.213.216.20249711802024313 11/30/22-00:54:33.859062 |
| SID: | 2024313 |
| Source Port: | 49711 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249728802825766 11/30/22-00:55:05.285201 |
| SID: | 2825766 |
| Source Port: | 49728 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249705802021641 11/30/22-00:54:20.168790 |
| SID: | 2021641 |
| Source Port: | 49705 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249711802024318 11/30/22-00:54:33.859062 |
| SID: | 2024318 |
| Source Port: | 49711 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249738802021641 11/30/22-00:55:23.450513 |
| SID: | 2021641 |
| Source Port: | 49738 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.865385532014169 11/30/22-00:55:49.289719 |
| SID: | 2014169 |
| Source Port: | 65385 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | Potentially Bad Traffic |
| Timestamp: | 192.168.2.395.213.216.20249740802825766 11/30/22-00:55:27.193434 |
| SID: | 2825766 |
| Source Port: | 49740 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 95.213.216.202192.168.2.380497452025483 11/30/22-00:55:37.973570 |
| SID: | 2025483 |
| Source Port: | 80 |
| Destination Port: | 49745 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 95.213.216.202192.168.2.380497462025483 11/30/22-00:55:39.906968 |
| SID: | 2025483 |
| Source Port: | 80 |
| Destination Port: | 49746 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 95.213.216.202192.168.2.380497402025483 11/30/22-00:55:28.902821 |
| SID: | 2025483 |
| Source Port: | 80 |
| Destination Port: | 49740 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249717802024318 11/30/22-00:54:45.540558 |
| SID: | 2024318 |
| Source Port: | 49717 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249701802024313 11/30/22-00:54:12.581436 |
| SID: | 2024313 |
| Source Port: | 49701 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249738802825766 11/30/22-00:55:23.450513 |
| SID: | 2825766 |
| Source Port: | 49738 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 95.213.216.202192.168.2.380497132025483 11/30/22-00:54:39.587400 |
| SID: | 2025483 |
| Source Port: | 80 |
| Destination Port: | 49713 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249701802024318 11/30/22-00:54:12.581436 |
| SID: | 2024318 |
| Source Port: | 49701 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249756802825766 11/30/22-00:55:57.533680 |
| SID: | 2825766 |
| Source Port: | 49756 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 95.213.216.202192.168.2.380497022025483 11/30/22-00:54:16.469088 |
| SID: | 2025483 |
| Source Port: | 80 |
| Destination Port: | 49702 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249750802825766 11/30/22-00:55:45.758418 |
| SID: | 2825766 |
| Source Port: | 49750 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249743802021641 11/30/22-00:55:32.962709 |
| SID: | 2021641 |
| Source Port: | 49743 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249740802021641 11/30/22-00:55:27.193434 |
| SID: | 2021641 |
| Source Port: | 49740 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249729802025381 11/30/22-00:55:07.068054 |
| SID: | 2025381 |
| Source Port: | 49729 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249752802024313 11/30/22-00:55:49.378987 |
| SID: | 2024313 |
| Source Port: | 49752 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249741802025381 11/30/22-00:55:29.247109 |
| SID: | 2025381 |
| Source Port: | 49741 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249726802025381 11/30/22-00:55:01.673863 |
| SID: | 2025381 |
| Source Port: | 49726 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249752802024318 11/30/22-00:55:49.378987 |
| SID: | 2024318 |
| Source Port: | 49752 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.856042532014169 11/30/22-00:54:35.894646 |
| SID: | 2014169 |
| Source Port: | 56042 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | Potentially Bad Traffic |
| Timestamp: | 192.168.2.38.8.8.853844532014169 11/30/22-00:55:03.396283 |
| SID: | 2014169 |
| Source Port: | 53844 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | Potentially Bad Traffic |
| Timestamp: | 192.168.2.38.8.8.862050532014169 11/30/22-00:54:33.763792 |
| SID: | 2014169 |
| Source Port: | 62050 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | Potentially Bad Traffic |
| Timestamp: | 192.168.2.395.213.216.20249728802021641 11/30/22-00:55:05.285201 |
| SID: | 2021641 |
| Source Port: | 49728 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 95.213.216.202192.168.2.380497512025483 11/30/22-00:55:49.068855 |
| SID: | 2025483 |
| Source Port: | 80 |
| Destination Port: | 49751 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249755802024318 11/30/22-00:55:55.653974 |
| SID: | 2024318 |
| Source Port: | 49755 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 95.213.216.202192.168.2.380497182025483 11/30/22-00:54:49.052316 |
| SID: | 2025483 |
| Source Port: | 80 |
| Destination Port: | 49718 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.852547532014169 11/30/22-00:55:01.596754 |
| SID: | 2014169 |
| Source Port: | 52547 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | Potentially Bad Traffic |
| Timestamp: | 192.168.2.395.213.216.20249755802024313 11/30/22-00:55:55.653974 |
| SID: | 2024313 |
| Source Port: | 49755 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249727802024318 11/30/22-00:55:03.486766 |
| SID: | 2024318 |
| Source Port: | 49727 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249713802025381 11/30/22-00:54:37.979213 |
| SID: | 2025381 |
| Source Port: | 49713 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249756802021641 11/30/22-00:55:57.533680 |
| SID: | 2021641 |
| Source Port: | 49756 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.865459532014169 11/30/22-00:55:47.178193 |
| SID: | 2014169 |
| Source Port: | 65459 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | Potentially Bad Traffic |
| Timestamp: | 95.213.216.202192.168.2.380497072025483 11/30/22-00:54:26.372322 |
| SID: | 2025483 |
| Source Port: | 80 |
| Destination Port: | 49707 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249715802021641 11/30/22-00:54:42.060768 |
| SID: | 2021641 |
| Source Port: | 49715 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249712802825766 11/30/22-00:54:35.972913 |
| SID: | 2825766 |
| Source Port: | 49712 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249753802825766 11/30/22-00:55:51.242717 |
| SID: | 2825766 |
| Source Port: | 49753 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.854153532014169 11/30/22-00:55:51.152832 |
| SID: | 2014169 |
| Source Port: | 54153 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | Potentially Bad Traffic |
| Timestamp: | 192.168.2.395.213.216.20249754802025381 11/30/22-00:55:53.496270 |
| SID: | 2025381 |
| Source Port: | 49754 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.395.213.216.20249727802024313 11/30/22-00:55:03.486766 |
| SID: | 2024313 |
| Source Port: | 49727 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | ReversingLabs: | |||
| Source: | Virustotal: | Perma Link | ||
| Source: | Avira URL Cloud: | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | Joe Sandbox ML: | ||
| Source: | Malware Configuration Extractor: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
Networking | |
|---|
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | ASN Name: | ||
| Source: | IP Address: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | HTTP traffic detected: | ||
| Source: | DNS traffic detected: | ||
System Summary | |
|---|
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Static PE information: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Static PE information: | ||
| Source: | ReversingLabs: | ||
| Source: | Virustotal: | ||
| Source: | Static PE information: | ||
| Source: | Key opened: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Classification label: | ||
| Source: | Static file information: | ||
| Source: | Section loaded: | ||
| Source: | Mutant created: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | File read: | Jump to behavior | ||
| Source: | File read: | Jump to behavior | ||
| Source: | File read: | Jump to behavior | ||
| Source: | File opened: | ||
| Source: | Key opened: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
Data Obfuscation | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | .Net Code: | ||
| Source: | .Net Code: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
Malware Analysis System Evasion | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Thread sleep time: | ||
| Source: | Thread sleep time: | ||
| Source: | Thread sleep time: | ||
| Source: | Thread delayed: | ||
| Source: | Process information queried: | ||
| Source: | Thread delayed: | ||
| Source: | Thread delayed: | ||
| Source: | Thread delayed: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Process token adjusted: | ||
| Source: | Process token adjusted: | ||
| Source: | Memory allocated: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Key value queried: | ||
Stealing of Sensitive Information | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | Key opened: | ||
| Source: | Key opened: | ||
| Source: | Key opened: | ||
| Source: | Key opened: | ||
| Source: | File opened: | ||
| Source: | File opened: | ||
| Source: | File opened: | ||
| Source: | File opened: | ||
| Source: | File opened: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Valid Accounts | Windows Management Instrumentation | Path Interception | 11 Process Injection | 1 Masquerading | 2 OS Credential Dumping | 11 Security Software Discovery | Remote Services | 1 Email Collection | Exfiltration Over Other Network Medium | 1 Encrypted Channel | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
| Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Disable or Modify Tools | 1 Credentials in Registry | 1 Process Discovery | Remote Desktop Protocol | 1 Archive Collected Data | Exfiltration Over Bluetooth | 2 Non-Application Layer Protocol | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
| Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | 21 Virtualization/Sandbox Evasion | Security Account Manager | 21 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | 2 Data from Local System | Automated Exfiltration | 112 Application Layer Protocol | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
| Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | 11 Process Injection | NTDS | 1 Remote System Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | Protocol Impersonation | SIM Card Swap | Carrier Billing Fraud | |
| Cloud Accounts | Cron | Network Logon Script | Network Logon Script | 1 Obfuscated Files or Information | LSA Secrets | 13 System Information Discovery | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
| Replication Through Removable Media | Launchd | Rc.common | Rc.common | 12 Software Packing | Cached Domain Credentials | System Owner/User Discovery | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
| External Remote Services | Scheduled Task | Startup Items | Startup Items | 1 Timestomp | DCSync | Network Sniffing | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 71% | ReversingLabs | ByteCode-MSIL.Trojan.AgentTesla | ||
| 56% | Virustotal | Browse | ||
| 100% | Joe Sandbox ML |
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link | Download |
|---|---|---|---|---|---|
| 100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
| 100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
| 100% | Avira | TR/Crypt.XPACK.Gen | Download File |
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 25% | Virustotal | Browse |
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 25% | Virustotal | Browse | ||
| 100% | Avira URL Cloud | malware |
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| sempersim.su | 95.213.216.202 | true | true |
| unknown |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| true |
| unknown | |
| true |
| unknown | |
| true |
| unknown | |
| true |
| unknown | |
| true |
| unknown |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 95.213.216.202 | sempersim.su | Russian Federation | 49505 | SELECTELRU | true |
| Joe Sandbox Version: | 36.0.0 Rainbow Opal |
| Analysis ID: | 756310 |
| Start date and time: | 2022-11-30 00:53:06 +01:00 |
| Joe Sandbox Product: | CloudBasic |
| Overall analysis duration: | 0h 5m 33s |
| Hypervisor based Inspection enabled: | false |
| Report type: | light |
| Sample file name: | INV.2022LB0362 FORM CO (2).exe |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
| Number of analysed new started processes analysed: | 15 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Detection: | MAL |
| Classification: | mal100.troj.spyw.evad.winEXE@7/3@61/1 |
| EGA Information: |
|
| HDC Information: | Failed |
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, SgrmBroker.exe, conhost.exe, svchost.exe
- HTTP Packets have been reduced
- TCP Packets have been reduced to 100
- Excluded IPs from analysis (whitelisted): 8.238.190.126, 8.241.126.249, 8.241.121.126, 8.253.204.249, 8.253.204.120
- Excluded domains from analysis (whitelisted): fg.download.windowsupdate.com.c.footprint.net, fs.microsoft.com, ctldl.windowsupdate.com, wu-bg-shim.trafficmanager.net
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtAllocateVirtualMemory calls found.
- Report size getting too big, too many NtDeviceIoControlFile calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
| Time | Type | Description |
|---|---|---|
| 00:54:02 | API Interceptor |
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\INV.2022LB0362 FORM CO (2).exe.log 
Download File
| Process: | C:\Users\user\Desktop\INV.2022LB0362 FORM CO (2).exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1216 |
| Entropy (8bit): | 5.355304211458859 |
| Encrypted: | false |
| SSDEEP: | 24:MLUE4K5E4Ks2E1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4x84j:MIHK5HKXE1qHiYHKhQnoPtHoxHhAHKzr |
| MD5: | FED34146BF2F2FA59DCF8702FCC8232E |
| SHA1: | B03BFEA175989D989850CF06FE5E7BBF56EAA00A |
| SHA-256: | 123BE4E3590609A008E85501243AF5BC53FA0C26C82A92881B8879524F8C0D5C |
| SHA-512: | 1CC89F2ED1DBD70628FA1DC41A32BA0BFA3E81EAE1A1CF3C5F6A48F2DA0BF1F21A5001B8A18B04043C5B8FE4FBE663068D86AA8C4BD8E17933F75687C3178FF6 |
| Malicious: | true |
| Reputation: | high, very likely benign file |
| Preview: |
| Process: | C:\Users\user\Desktop\INV.2022LB0362 FORM CO (2).exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | 3:U:U |
| MD5: | C4CA4238A0B923820DCC509A6F75849B |
| SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
| SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
| SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
| Malicious: | false |
| Reputation: | high, very likely benign file |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3853321935-2125563209-4053062332-1002\414045e2d09286d5db2581e0d955d358_d06ed635-68f6-4e9a-955c-4899f5f57b9a
Download File
| Process: | C:\Users\user\Desktop\INV.2022LB0362 FORM CO (2).exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 46 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | 3:: |
| MD5: | D898504A722BFF1524134C6AB6A5EAA5 |
| SHA1: | E0FDC90C2CA2A0219C99D2758E68C18875A3E11E |
| SHA-256: | 878F32F76B159494F5A39F9321616C6068CDB82E88DF89BCC739BBC1EA78E1F9 |
| SHA-512: | 26A4398BFFB0C0AEF9A6EC53CD3367A2D0ABF2F70097F711BBBF1E9E32FD9F1A72121691BB6A39EEB55D596EDD527934E541B4DEFB3B1426B1D1A6429804DC61 |
| Malicious: | false |
| Reputation: | high, very likely benign file |
| Preview: |
| File type: | |
| Entropy (8bit): | 7.565543571702018 |
| TrID: |
|
| File name: | INV.2022LB0362 FORM CO (2).exe |
| File size: | 865280 |
| MD5: | baed30aea51e6000571219633aa745b0 |
| SHA1: | d7e3b155c00245a7f867dd2fb4c06cb7be6ec3f7 |
| SHA256: | 57520e51bb0820741b7883926800223886c491a8a5ddd517a49b0e2cc752fb18 |
| SHA512: | 4f19e423fc1bdbba152a570e5382bd2eabdf04ca335cdc1ed286287740c153c7a34d3a661abaf01f124870f9bd3de2e9321e66114f5bedea16131bd77de2b786 |
| SSDEEP: | 24576:GM+L74mBfNUstzoB1ERZcSMI2PmVl9kiYxM9aE3r8JN:F+RiSMHmgu9HI |
| TLSH: | 91054A4F2B7FDEF0EA245CFB221457039D3651DABA8BCA7883984BC660F161C5B74864 |
| File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....k................0..*..........vH... ...`....@.. ....................................@................................ |
 | |
| Icon Hash: | 00828e8e8686b000 |
| Entrypoint: | 0x4d4876 |
| Entrypoint Section: | .text |
| Digitally signed: | false |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
| DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
| Time Stamp: | 0xDBD76B81 [Sat Nov 16 23:34:25 2086 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 4 |
| OS Version Minor: | 0 |
| File Version Major: | 4 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 4 |
| Subsystem Version Minor: | 0 |
| Import Hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
| Instruction |
|---|
| jmp dword ptr [00402000h] |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0xd4824 | 0x4f | .text |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xd6000 | 0x5cc | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0xd8000 | 0xc | .reloc |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0xd4808 | 0x1c | .text |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x2000 | 0x8 | .text |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x2008 | 0x48 | .text |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|
| .text | 0x2000 | 0xd287c | 0xd2a00 | False | 0.8132742952522255 | data | 7.568253289628953 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .rsrc | 0xd6000 | 0x5cc | 0x600 | False | 0.4264322916666667 | data | 4.114856973981248 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .reloc | 0xd8000 | 0xc | 0x200 | False | 0.044921875 | data | 0.10191042566270775 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country |
|---|---|---|---|---|---|
| RT_VERSION | 0xd6090 | 0x33c | data | ||
| RT_MANIFEST | 0xd63dc | 0x1ea | XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators |
| DLL | Import |
|---|---|
| mscoree.dll | _CorExeMain |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|---|---|---|
| 192.168.2.395.213.216.20249705802024318 11/30/22-00:54:20.168790 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49705 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249702802021641 11/30/22-00:54:14.871390 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49702 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249738802024313 11/30/22-00:55:23.450513 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49738 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249734802825766 11/30/22-00:55:16.065951 | TCP | 2825766 | ETPRO TROJAN LokiBot Checkin M2 | 49734 | 80 | 192.168.2.3 | 95.213.216.202 |
| 95.213.216.202192.168.2.380497272025483 11/30/22-00:55:04.982566 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49727 | 95.213.216.202 | 192.168.2.3 |
| 192.168.2.395.213.216.20249741802024313 11/30/22-00:55:29.247109 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49741 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249701802825766 11/30/22-00:54:12.581436 | TCP | 2825766 | ETPRO TROJAN LokiBot Checkin M2 | 49701 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249749802025381 11/30/22-00:55:43.976237 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49749 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249759802825766 11/30/22-00:56:01.042444 | TCP | 2825766 | ETPRO TROJAN LokiBot Checkin M2 | 49759 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249738802024318 11/30/22-00:55:23.450513 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49738 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249735802021641 11/30/22-00:55:17.863854 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49735 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249705802024313 11/30/22-00:54:20.168790 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49705 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249741802024318 11/30/22-00:55:29.247109 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49741 | 80 | 192.168.2.3 | 95.213.216.202 |
| 95.213.216.202192.168.2.380497232025483 11/30/22-00:54:57.894669 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49723 | 95.213.216.202 | 192.168.2.3 |
| 192.168.2.395.213.216.20249752802025381 11/30/22-00:55:49.378987 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49752 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249716802025381 11/30/22-00:54:43.829219 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49716 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249707802021641 11/30/22-00:54:24.716724 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49707 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249757802025381 11/30/22-00:55:58.948901 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49757 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249730802021641 11/30/22-00:55:08.823725 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49730 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.38.8.8.861416532014169 11/30/22-00:55:12.379224 | UDP | 2014169 | ET DNS Query for .su TLD (Soviet Union) Often Malware Related | 61416 | 53 | 192.168.2.3 | 8.8.8.8 |
| 192.168.2.38.8.8.860088532014169 11/30/22-00:55:21.529314 | UDP | 2014169 | ET DNS Query for .su TLD (Soviet Union) Often Malware Related | 60088 | 53 | 192.168.2.3 | 8.8.8.8 |
| 192.168.2.395.213.216.20249713802024313 11/30/22-00:54:37.979213 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49713 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249726802825766 11/30/22-00:55:01.673863 | TCP | 2825766 | ETPRO TROJAN LokiBot Checkin M2 | 49726 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249713802024318 11/30/22-00:54:37.979213 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49713 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.38.8.8.857743532014169 11/30/22-00:55:08.735474 | UDP | 2014169 | ET DNS Query for .su TLD (Soviet Union) Often Malware Related | 57743 | 53 | 192.168.2.3 | 8.8.8.8 |
| 192.168.2.395.213.216.20249754802825766 11/30/22-00:55:53.496270 | TCP | 2825766 | ETPRO TROJAN LokiBot Checkin M2 | 49754 | 80 | 192.168.2.3 | 95.213.216.202 |
| 95.213.216.202192.168.2.380497572025483 11/30/22-00:55:59.773200 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49757 | 95.213.216.202 | 192.168.2.3 |
| 192.168.2.395.213.216.20249744802025381 11/30/22-00:55:34.401351 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49744 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.38.8.8.859820532014169 11/30/22-00:55:29.162121 | UDP | 2014169 | ET DNS Query for .su TLD (Soviet Union) Often Malware Related | 59820 | 53 | 192.168.2.3 | 8.8.8.8 |
| 192.168.2.38.8.8.853305532014169 11/30/22-00:54:54.648302 | UDP | 2014169 | ET DNS Query for .su TLD (Soviet Union) Often Malware Related | 53305 | 53 | 192.168.2.3 | 8.8.8.8 |
| 95.213.216.202192.168.2.380497532025483 11/30/22-00:55:52.887247 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49753 | 95.213.216.202 | 192.168.2.3 |
| 192.168.2.395.213.216.20249708802025381 11/30/22-00:54:26.803652 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49708 | 80 | 192.168.2.3 | 95.213.216.202 |
| 95.213.216.202192.168.2.380497162025483 11/30/22-00:54:45.204539 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49716 | 95.213.216.202 | 192.168.2.3 |
| 95.213.216.202192.168.2.380497382025483 11/30/22-00:55:24.982216 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49738 | 95.213.216.202 | 192.168.2.3 |
| 192.168.2.395.213.216.20249758802024313 11/30/22-00:56:00.034214 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49758 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249755802021641 11/30/22-00:55:55.653974 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49755 | 80 | 192.168.2.3 | 95.213.216.202 |
| 95.213.216.202192.168.2.380497302025483 11/30/22-00:55:10.337695 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49730 | 95.213.216.202 | 192.168.2.3 |
| 95.213.216.202192.168.2.380497342025483 11/30/22-00:55:17.565495 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49734 | 95.213.216.202 | 192.168.2.3 |
| 192.168.2.395.213.216.20249758802024318 11/30/22-00:56:00.034214 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49758 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.38.8.8.852387532014169 11/30/22-00:54:14.412323 | UDP | 2014169 | ET DNS Query for .su TLD (Soviet Union) Often Malware Related | 52387 | 53 | 192.168.2.3 | 8.8.8.8 |
| 192.168.2.395.213.216.20249721802024318 11/30/22-00:54:53.572062 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49721 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249727802021641 11/30/22-00:55:03.486766 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49727 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249750802021641 11/30/22-00:55:45.758418 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49750 | 80 | 192.168.2.3 | 95.213.216.202 |
| 95.213.216.202192.168.2.380497122025483 11/30/22-00:54:37.552263 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49712 | 95.213.216.202 | 192.168.2.3 |
| 192.168.2.395.213.216.20249718802825766 11/30/22-00:54:47.592007 | TCP | 2825766 | ETPRO TROJAN LokiBot Checkin M2 | 49718 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.38.8.8.851992532014169 11/30/22-00:55:36.286012 | UDP | 2014169 | ET DNS Query for .su TLD (Soviet Union) Often Malware Related | 51992 | 53 | 192.168.2.3 | 8.8.8.8 |
| 192.168.2.38.8.8.860625532014169 11/30/22-00:54:18.863516 | UDP | 2014169 | ET DNS Query for .su TLD (Soviet Union) Often Malware Related | 60625 | 53 | 192.168.2.3 | 8.8.8.8 |
| 192.168.2.395.213.216.20249736802025381 11/30/22-00:55:19.643476 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49736 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249721802024313 11/30/22-00:54:53.572062 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49721 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249746802825766 11/30/22-00:55:38.275174 | TCP | 2825766 | ETPRO TROJAN LokiBot Checkin M2 | 49746 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249722802021641 11/30/22-00:54:54.732179 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49722 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249699802025381 11/30/22-00:54:07.324934 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49699 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249714802021641 11/30/22-00:54:39.977728 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49714 | 80 | 192.168.2.3 | 95.213.216.202 |
| 95.213.216.202192.168.2.380497492025483 11/30/22-00:55:45.483574 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49749 | 95.213.216.202 | 192.168.2.3 |
| 192.168.2.395.213.216.20249712802025381 11/30/22-00:54:35.972913 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49712 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.38.8.8.857840532014169 11/30/22-00:54:09.401173 | UDP | 2014169 | ET DNS Query for .su TLD (Soviet Union) Often Malware Related | 57840 | 53 | 192.168.2.3 | 8.8.8.8 |
| 192.168.2.38.8.8.858301532014169 11/30/22-00:55:42.001541 | UDP | 2014169 | ET DNS Query for .su TLD (Soviet Union) Often Malware Related | 58301 | 53 | 192.168.2.3 | 8.8.8.8 |
| 192.168.2.395.213.216.20249740802025381 11/30/22-00:55:27.193434 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49740 | 80 | 192.168.2.3 | 95.213.216.202 |
| 95.213.216.202192.168.2.380497422025483 11/30/22-00:55:32.668199 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49742 | 95.213.216.202 | 192.168.2.3 |
| 192.168.2.38.8.8.863562532014169 11/30/22-00:55:23.368358 | UDP | 2014169 | ET DNS Query for .su TLD (Soviet Union) Often Malware Related | 63562 | 53 | 192.168.2.3 | 8.8.8.8 |
| 95.213.216.202192.168.2.380497412025483 11/30/22-00:55:30.821604 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49741 | 95.213.216.202 | 192.168.2.3 |
| 192.168.2.38.8.8.850784532014169 11/30/22-00:55:55.557056 | UDP | 2014169 | ET DNS Query for .su TLD (Soviet Union) Often Malware Related | 50784 | 53 | 192.168.2.3 | 8.8.8.8 |
| 192.168.2.395.213.216.20249723802021641 11/30/22-00:54:56.463103 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49723 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249713802825766 11/30/22-00:54:37.979213 | TCP | 2825766 | ETPRO TROJAN LokiBot Checkin M2 | 49713 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249726802024313 11/30/22-00:55:01.673863 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49726 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249728802025381 11/30/22-00:55:05.285201 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49728 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249726802024318 11/30/22-00:55:01.673863 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49726 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249737802025381 11/30/22-00:55:21.614296 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49737 | 80 | 192.168.2.3 | 95.213.216.202 |
| 95.213.216.202192.168.2.380497112025483 11/30/22-00:54:35.462242 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49711 | 95.213.216.202 | 192.168.2.3 |
| 192.168.2.38.8.8.856949532014169 11/30/22-00:54:59.841953 | UDP | 2014169 | ET DNS Query for .su TLD (Soviet Union) Often Malware Related | 56949 | 53 | 192.168.2.3 | 8.8.8.8 |
| 192.168.2.395.213.216.20249753802024318 11/30/22-00:55:51.242717 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49753 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249753802024313 11/30/22-00:55:51.242717 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49753 | 80 | 192.168.2.3 | 95.213.216.202 |
| 95.213.216.202192.168.2.380497082025483 11/30/22-00:54:28.382639 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49708 | 95.213.216.202 | 192.168.2.3 |
| 192.168.2.395.213.216.20249714802825766 11/30/22-00:54:39.977728 | TCP | 2825766 | ETPRO TROJAN LokiBot Checkin M2 | 49714 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249725802024313 11/30/22-00:54:59.930841 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49725 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249756802025381 11/30/22-00:55:57.533680 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49756 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.38.8.8.860825532014169 11/30/22-00:55:59.940841 | UDP | 2014169 | ET DNS Query for .su TLD (Soviet Union) Often Malware Related | 60825 | 53 | 192.168.2.3 | 8.8.8.8 |
| 192.168.2.395.213.216.20249754802024313 11/30/22-00:55:53.496270 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49754 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249748802021641 11/30/22-00:55:42.098367 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49748 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249725802024318 11/30/22-00:54:59.930841 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49725 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249742802021641 11/30/22-00:55:31.101064 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49742 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249755802825766 11/30/22-00:55:55.653974 | TCP | 2825766 | ETPRO TROJAN LokiBot Checkin M2 | 49755 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249754802024318 11/30/22-00:55:53.496270 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49754 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249709802025381 11/30/22-00:54:29.164231 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49709 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.38.8.8.849977532014169 11/30/22-00:54:06.875981 | UDP | 2014169 | ET DNS Query for .su TLD (Soviet Union) Often Malware Related | 49977 | 53 | 192.168.2.3 | 8.8.8.8 |
| 192.168.2.38.8.8.856924532014169 11/30/22-00:54:16.879287 | UDP | 2014169 | ET DNS Query for .su TLD (Soviet Union) Often Malware Related | 56924 | 53 | 192.168.2.3 | 8.8.8.8 |
| 192.168.2.395.213.216.20249700802024317 11/30/22-00:54:09.487691 | TCP | 2024317 | ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2 | 49700 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249739802825766 11/30/22-00:55:25.267085 | TCP | 2825766 | ETPRO TROJAN LokiBot Checkin M2 | 49739 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.38.8.8.860582532014169 11/30/22-00:54:28.778637 | UDP | 2014169 | ET DNS Query for .su TLD (Soviet Union) Often Malware Related | 60582 | 53 | 192.168.2.3 | 8.8.8.8 |
| 95.213.216.202192.168.2.380497192025483 11/30/22-00:54:51.280995 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49719 | 95.213.216.202 | 192.168.2.3 |
| 192.168.2.38.8.8.864595532014169 11/30/22-00:55:31.020256 | UDP | 2014169 | ET DNS Query for .su TLD (Soviet Union) Often Malware Related | 64595 | 53 | 192.168.2.3 | 8.8.8.8 |
| 192.168.2.395.213.216.20249742802825766 11/30/22-00:55:31.101064 | TCP | 2825766 | ETPRO TROJAN LokiBot Checkin M2 | 49742 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249700802024312 11/30/22-00:54:09.487691 | TCP | 2024312 | ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 | 49700 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249711802025381 11/30/22-00:54:33.859062 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49711 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.38.8.8.860767532014169 11/30/22-00:54:45.460012 | UDP | 2014169 | ET DNS Query for .su TLD (Soviet Union) Often Malware Related | 60767 | 53 | 192.168.2.3 | 8.8.8.8 |
| 192.168.2.395.213.216.20249739802021641 11/30/22-00:55:25.267085 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49739 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249724802025381 11/30/22-00:54:58.184483 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49724 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249751802021641 11/30/22-00:55:47.279515 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49751 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249758802825766 11/30/22-00:56:00.034214 | TCP | 2825766 | ETPRO TROJAN LokiBot Checkin M2 | 49758 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249710802021641 11/30/22-00:54:31.910937 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49710 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249711802021641 11/30/22-00:54:33.859062 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49711 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.38.8.8.849201532014169 11/30/22-00:56:00.958664 | UDP | 2014169 | ET DNS Query for .su TLD (Soviet Union) Often Malware Related | 49201 | 53 | 192.168.2.3 | 8.8.8.8 |
| 192.168.2.395.213.216.20249729802024313 11/30/22-00:55:07.068054 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49729 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249758802025381 11/30/22-00:56:00.034214 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49758 | 80 | 192.168.2.3 | 95.213.216.202 |
| 95.213.216.202192.168.2.380497262025483 11/30/22-00:55:03.204141 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49726 | 95.213.216.202 | 192.168.2.3 |
| 192.168.2.395.213.216.20249743802025381 11/30/22-00:55:32.962709 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49743 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249729802024318 11/30/22-00:55:07.068054 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49729 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249744802021641 11/30/22-00:55:34.401351 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49744 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249726802021641 11/30/22-00:55:01.673863 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49726 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249750802024313 11/30/22-00:55:45.758418 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49750 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249710802825766 11/30/22-00:54:31.910937 | TCP | 2825766 | ETPRO TROJAN LokiBot Checkin M2 | 49710 | 80 | 192.168.2.3 | 95.213.216.202 |
| 95.213.216.202192.168.2.380497222025483 11/30/22-00:54:56.166551 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49722 | 95.213.216.202 | 192.168.2.3 |
| 192.168.2.395.213.216.20249750802024318 11/30/22-00:55:45.758418 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49750 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249699802021641 11/30/22-00:54:07.324934 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49699 | 80 | 192.168.2.3 | 95.213.216.202 |
| 95.213.216.202192.168.2.380497202025483 11/30/22-00:54:53.259308 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49720 | 95.213.216.202 | 192.168.2.3 |
| 192.168.2.395.213.216.20249701802021641 11/30/22-00:54:12.581436 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49701 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.38.8.8.853623532014169 11/30/22-00:55:10.547934 | UDP | 2014169 | ET DNS Query for .su TLD (Soviet Union) Often Malware Related | 53623 | 53 | 192.168.2.3 | 8.8.8.8 |
| 192.168.2.395.213.216.20249754802021641 11/30/22-00:55:53.496270 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49754 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249715802025381 11/30/22-00:54:42.060768 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49715 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.38.8.8.852955532014169 11/30/22-00:54:26.705694 | UDP | 2014169 | ET DNS Query for .su TLD (Soviet Union) Often Malware Related | 52955 | 53 | 192.168.2.3 | 8.8.8.8 |
| 192.168.2.395.213.216.20249740802024313 11/30/22-00:55:27.193434 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49740 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249740802024318 11/30/22-00:55:27.193434 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49740 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249738802025381 11/30/22-00:55:23.450513 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49738 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249731802021641 11/30/22-00:55:10.632751 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49731 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249752802021641 11/30/22-00:55:49.378987 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49752 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249703802021641 11/30/22-00:54:16.960834 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49703 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249712802024313 11/30/22-00:54:35.972913 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49712 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249727802825766 11/30/22-00:55:03.486766 | TCP | 2825766 | ETPRO TROJAN LokiBot Checkin M2 | 49727 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249717802025381 11/30/22-00:54:45.540558 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49717 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.38.8.8.859581532014169 11/30/22-00:55:17.784201 | UDP | 2014169 | ET DNS Query for .su TLD (Soviet Union) Often Malware Related | 59581 | 53 | 192.168.2.3 | 8.8.8.8 |
| 192.168.2.395.213.216.20249712802024318 11/30/22-00:54:35.972913 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49712 | 80 | 192.168.2.3 | 95.213.216.202 |
| 95.213.216.202192.168.2.380497312025483 11/30/22-00:55:12.166821 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49731 | 95.213.216.202 | 192.168.2.3 |
| 192.168.2.395.213.216.20249739802024313 11/30/22-00:55:25.267085 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49739 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249725802025381 11/30/22-00:54:59.930841 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49725 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.38.8.8.849166532014169 11/30/22-00:55:40.126118 | UDP | 2014169 | ET DNS Query for .su TLD (Soviet Union) Often Malware Related | 49166 | 53 | 192.168.2.3 | 8.8.8.8 |
| 192.168.2.38.8.8.860749532014169 11/30/22-00:54:58.103973 | UDP | 2014169 | ET DNS Query for .su TLD (Soviet Union) Often Malware Related | 60749 | 53 | 192.168.2.3 | 8.8.8.8 |
| 95.213.216.202192.168.2.380497052025483 11/30/22-00:54:21.783216 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49705 | 95.213.216.202 | 192.168.2.3 |
| 192.168.2.38.8.8.853975532014169 11/30/22-00:54:22.160619 | UDP | 2014169 | ET DNS Query for .su TLD (Soviet Union) Often Malware Related | 53975 | 53 | 192.168.2.3 | 8.8.8.8 |
| 192.168.2.395.213.216.20249753802025381 11/30/22-00:55:51.242717 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49753 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249757802021641 11/30/22-00:55:58.948901 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49757 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249716802021641 11/30/22-00:54:43.829219 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49716 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249739802024318 11/30/22-00:55:25.267085 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49739 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249741802825766 11/30/22-00:55:29.247109 | TCP | 2825766 | ETPRO TROJAN LokiBot Checkin M2 | 49741 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249700802825766 11/30/22-00:54:09.487691 | TCP | 2825766 | ETPRO TROJAN LokiBot Checkin M2 | 49700 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249720802024313 11/30/22-00:54:51.608521 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49720 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249708802024318 11/30/22-00:54:26.803652 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49708 | 80 | 192.168.2.3 | 95.213.216.202 |
| 95.213.216.202192.168.2.380497482025483 11/30/22-00:55:43.661913 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49748 | 95.213.216.202 | 192.168.2.3 |
| 192.168.2.395.213.216.20249731802825766 11/30/22-00:55:10.632751 | TCP | 2825766 | ETPRO TROJAN LokiBot Checkin M2 | 49731 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249702802024313 11/30/22-00:54:14.871390 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49702 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249720802024318 11/30/22-00:54:51.608521 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49720 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249737802825766 11/30/22-00:55:21.614296 | TCP | 2825766 | ETPRO TROJAN LokiBot Checkin M2 | 49737 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249702802024318 11/30/22-00:54:14.871390 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49702 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249719802825766 11/30/22-00:54:49.641508 | TCP | 2825766 | ETPRO TROJAN LokiBot Checkin M2 | 49719 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.38.8.8.863446532014169 11/30/22-00:55:43.898414 | UDP | 2014169 | ET DNS Query for .su TLD (Soviet Union) Often Malware Related | 63446 | 53 | 192.168.2.3 | 8.8.8.8 |
| 95.213.216.202192.168.2.380497092025483 11/30/22-00:54:30.691043 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49709 | 95.213.216.202 | 192.168.2.3 |
| 95.213.216.202192.168.2.380497432025483 11/30/22-00:55:34.122250 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49743 | 95.213.216.202 | 192.168.2.3 |
| 192.168.2.395.213.216.20249708802024313 11/30/22-00:54:26.803652 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49708 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.38.8.8.858119532014169 11/30/22-00:55:38.197046 | UDP | 2014169 | ET DNS Query for .su TLD (Soviet Union) Often Malware Related | 58119 | 53 | 192.168.2.3 | 8.8.8.8 |
| 192.168.2.38.8.8.857990532014169 11/30/22-00:54:11.706174 | UDP | 2014169 | ET DNS Query for .su TLD (Soviet Union) Often Malware Related | 57990 | 53 | 192.168.2.3 | 8.8.8.8 |
| 192.168.2.395.213.216.20249759802024318 11/30/22-00:56:01.042444 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49759 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249709802825766 11/30/22-00:54:29.164231 | TCP | 2825766 | ETPRO TROJAN LokiBot Checkin M2 | 49709 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249730802024313 11/30/22-00:55:08.823725 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49730 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249745802025381 11/30/22-00:55:36.377571 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49745 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249724802021641 11/30/22-00:54:58.184483 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49724 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249759802024313 11/30/22-00:56:01.042444 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49759 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249703802825766 11/30/22-00:54:16.960834 | TCP | 2825766 | ETPRO TROJAN LokiBot Checkin M2 | 49703 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249704802025381 11/30/22-00:54:18.966132 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49704 | 80 | 192.168.2.3 | 95.213.216.202 |
| 95.213.216.202192.168.2.380497152025483 11/30/22-00:54:43.541337 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49715 | 95.213.216.202 | 192.168.2.3 |
| 192.168.2.395.213.216.20249730802024318 11/30/22-00:55:08.823725 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49730 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249718802024318 11/30/22-00:54:47.592007 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49718 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.38.8.8.864121532014169 11/30/22-00:55:57.444180 | UDP | 2014169 | ET DNS Query for .su TLD (Soviet Union) Often Malware Related | 64121 | 53 | 192.168.2.3 | 8.8.8.8 |
| 192.168.2.395.213.216.20249719802021641 11/30/22-00:54:49.641508 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49719 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249721802825766 11/30/22-00:54:53.572062 | TCP | 2825766 | ETPRO TROJAN LokiBot Checkin M2 | 49721 | 80 | 192.168.2.3 | 95.213.216.202 |
| 95.213.216.202192.168.2.380497042025483 11/30/22-00:54:19.714505 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49704 | 95.213.216.202 | 192.168.2.3 |
| 192.168.2.395.213.216.20249747802021641 11/30/22-00:55:40.214633 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49747 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.38.8.8.849874532014169 11/30/22-00:55:45.675021 | UDP | 2014169 | ET DNS Query for .su TLD (Soviet Union) Often Malware Related | 49874 | 53 | 192.168.2.3 | 8.8.8.8 |
| 192.168.2.395.213.216.20249722802025381 11/30/22-00:54:54.732179 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49722 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249718802024313 11/30/22-00:54:47.592007 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49718 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.38.8.8.853428532014169 11/30/22-00:55:25.189214 | UDP | 2014169 | ET DNS Query for .su TLD (Soviet Union) Often Malware Related | 53428 | 53 | 192.168.2.3 | 8.8.8.8 |
| 192.168.2.395.213.216.20249736802024318 11/30/22-00:55:19.643476 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49736 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249736802024313 11/30/22-00:55:19.643476 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49736 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249732802025381 11/30/22-00:55:12.457821 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49732 | 80 | 192.168.2.3 | 95.213.216.202 |
| 95.213.216.202192.168.2.380497592025483 11/30/22-00:56:01.793951 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49759 | 95.213.216.202 | 192.168.2.3 |
| 192.168.2.395.213.216.20249746802024318 11/30/22-00:55:38.275174 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49746 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249749802024318 11/30/22-00:55:43.976237 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49749 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249737802021641 11/30/22-00:55:21.614296 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49737 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249746802024313 11/30/22-00:55:38.275174 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49746 | 80 | 192.168.2.3 | 95.213.216.202 |
| 95.213.216.202192.168.2.380497542025483 11/30/22-00:55:55.161061 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49754 | 95.213.216.202 | 192.168.2.3 |
| 192.168.2.395.213.216.20249735802025381 11/30/22-00:55:17.863854 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49735 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249706802021641 11/30/22-00:54:22.484255 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49706 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249734802021641 11/30/22-00:55:16.065951 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49734 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249699802825766 11/30/22-00:54:07.324934 | TCP | 2825766 | ETPRO TROJAN LokiBot Checkin M2 | 49699 | 80 | 192.168.2.3 | 95.213.216.202 |
| 95.213.216.202192.168.2.380497322025483 11/30/22-00:55:13.950022 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49732 | 95.213.216.202 | 192.168.2.3 |
| 95.213.216.202192.168.2.380497372025483 11/30/22-00:55:23.147009 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49737 | 95.213.216.202 | 192.168.2.3 |
| 192.168.2.395.213.216.20249749802024313 11/30/22-00:55:43.976237 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49749 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249748802025381 11/30/22-00:55:42.098367 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49748 | 80 | 192.168.2.3 | 95.213.216.202 |
| 95.213.216.202192.168.2.380497212025483 11/30/22-00:54:54.418787 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49721 | 95.213.216.202 | 192.168.2.3 |
| 95.213.216.202192.168.2.380497102025483 11/30/22-00:54:33.459515 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49710 | 95.213.216.202 | 192.168.2.3 |
| 192.168.2.395.213.216.20249733802024313 11/30/22-00:55:14.244291 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49733 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249707802025381 11/30/22-00:54:24.716724 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49707 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249733802024318 11/30/22-00:55:14.244291 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49733 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.38.8.8.851139532014169 11/30/22-00:54:24.370686 | UDP | 2014169 | ET DNS Query for .su TLD (Soviet Union) Often Malware Related | 51139 | 53 | 192.168.2.3 | 8.8.8.8 |
| 192.168.2.395.213.216.20249721802021641 11/30/22-00:54:53.572062 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49721 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249747802825766 11/30/22-00:55:40.214633 | TCP | 2825766 | ETPRO TROJAN LokiBot Checkin M2 | 49747 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249706802825766 11/30/22-00:54:22.484255 | TCP | 2825766 | ETPRO TROJAN LokiBot Checkin M2 | 49706 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249709802021641 11/30/22-00:54:29.164231 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49709 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.38.8.8.855638532014169 11/30/22-00:54:39.891168 | UDP | 2014169 | ET DNS Query for .su TLD (Soviet Union) Often Malware Related | 55638 | 53 | 192.168.2.3 | 8.8.8.8 |
| 192.168.2.38.8.8.853466532014169 11/30/22-00:55:06.970990 | UDP | 2014169 | ET DNS Query for .su TLD (Soviet Union) Often Malware Related | 53466 | 53 | 192.168.2.3 | 8.8.8.8 |
| 192.168.2.395.213.216.20249717802021641 11/30/22-00:54:45.540558 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49717 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.38.8.8.864823532014169 11/30/22-00:55:34.318234 | UDP | 2014169 | ET DNS Query for .su TLD (Soviet Union) Often Malware Related | 64823 | 53 | 192.168.2.3 | 8.8.8.8 |
| 192.168.2.395.213.216.20249706802025381 11/30/22-00:54:22.484255 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49706 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249716802825766 11/30/22-00:54:43.829219 | TCP | 2825766 | ETPRO TROJAN LokiBot Checkin M2 | 49716 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249720802021641 11/30/22-00:54:51.608521 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49720 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.38.8.8.865017532014169 11/30/22-00:55:05.186135 | UDP | 2014169 | ET DNS Query for .su TLD (Soviet Union) Often Malware Related | 65017 | 53 | 192.168.2.3 | 8.8.8.8 |
| 192.168.2.395.213.216.20249734802025381 11/30/22-00:55:16.065951 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49734 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249723802024318 11/30/22-00:54:56.463103 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49723 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.38.8.8.864602532014169 11/30/22-00:55:53.393350 | UDP | 2014169 | ET DNS Query for .su TLD (Soviet Union) Often Malware Related | 64602 | 53 | 192.168.2.3 | 8.8.8.8 |
| 95.213.216.202192.168.2.380497252025483 11/30/22-00:55:01.390776 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49725 | 95.213.216.202 | 192.168.2.3 |
| 95.213.216.202192.168.2.380497292025483 11/30/22-00:55:08.539654 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49729 | 95.213.216.202 | 192.168.2.3 |
| 192.168.2.395.213.216.20249723802024313 11/30/22-00:54:56.463103 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49723 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.38.8.8.853848532014169 11/30/22-00:54:49.539403 | UDP | 2014169 | ET DNS Query for .su TLD (Soviet Union) Often Malware Related | 53848 | 53 | 192.168.2.3 | 8.8.8.8 |
| 192.168.2.395.213.216.20249744802825766 11/30/22-00:55:34.401351 | TCP | 2825766 | ETPRO TROJAN LokiBot Checkin M2 | 49744 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.38.8.8.865107532014169 11/30/22-00:54:47.470066 | UDP | 2014169 | ET DNS Query for .su TLD (Soviet Union) Often Malware Related | 65107 | 53 | 192.168.2.3 | 8.8.8.8 |
| 192.168.2.395.213.216.20249739802025381 11/30/22-00:55:25.267085 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49739 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249712802021641 11/30/22-00:54:35.972913 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49712 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249753802021641 11/30/22-00:55:51.242717 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49753 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249725802021641 11/30/22-00:54:59.930841 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49725 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249748802024318 11/30/22-00:55:42.098367 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49748 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249731802024313 11/30/22-00:55:10.632751 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49731 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249748802024313 11/30/22-00:55:42.098367 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49748 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.38.8.8.865196532014169 11/30/22-00:55:14.166464 | UDP | 2014169 | ET DNS Query for .su TLD (Soviet Union) Often Malware Related | 65196 | 53 | 192.168.2.3 | 8.8.8.8 |
| 192.168.2.395.213.216.20249731802024318 11/30/22-00:55:10.632751 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49731 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249708802825766 11/30/22-00:54:26.803652 | TCP | 2825766 | ETPRO TROJAN LokiBot Checkin M2 | 49708 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249749802825766 11/30/22-00:55:43.976237 | TCP | 2825766 | ETPRO TROJAN LokiBot Checkin M2 | 49749 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249743802024313 11/30/22-00:55:32.962709 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49743 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249757802825766 11/30/22-00:55:58.948901 | TCP | 2825766 | ETPRO TROJAN LokiBot Checkin M2 | 49757 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249743802024318 11/30/22-00:55:32.962709 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49743 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249728802024318 11/30/22-00:55:05.285201 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49728 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249750802025381 11/30/22-00:55:45.758418 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49750 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249700802021641 11/30/22-00:54:09.487691 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49700 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249728802024313 11/30/22-00:55:05.285201 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49728 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249714802025381 11/30/22-00:54:39.977728 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49714 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249724802825766 11/30/22-00:54:58.184483 | TCP | 2825766 | ETPRO TROJAN LokiBot Checkin M2 | 49724 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249719802025381 11/30/22-00:54:49.641508 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49719 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249756802024318 11/30/22-00:55:57.533680 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49756 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249742802025381 11/30/22-00:55:31.101064 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49742 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249733802021641 11/30/22-00:55:14.244291 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49733 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249729802825766 11/30/22-00:55:07.068054 | TCP | 2825766 | ETPRO TROJAN LokiBot Checkin M2 | 49729 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.38.8.8.857704532014169 11/30/22-00:54:41.979608 | UDP | 2014169 | ET DNS Query for .su TLD (Soviet Union) Often Malware Related | 57704 | 53 | 192.168.2.3 | 8.8.8.8 |
| 192.168.2.395.213.216.20249715802024318 11/30/22-00:54:42.060768 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49715 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249752802825766 11/30/22-00:55:49.378987 | TCP | 2825766 | ETPRO TROJAN LokiBot Checkin M2 | 49752 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249756802024313 11/30/22-00:55:57.533680 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49756 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249715802024313 11/30/22-00:54:42.060768 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49715 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249751802024313 11/30/22-00:55:47.279515 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49751 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249711802825766 11/30/22-00:54:33.859062 | TCP | 2825766 | ETPRO TROJAN LokiBot Checkin M2 | 49711 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249751802024318 11/30/22-00:55:47.279515 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49751 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249710802024318 11/30/22-00:54:31.910937 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49710 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249710802024313 11/30/22-00:54:31.910937 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49710 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249747802025381 11/30/22-00:55:40.214633 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49747 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249701802025381 11/30/22-00:54:12.581436 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49701 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249755802025381 11/30/22-00:55:55.653974 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49755 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249729802021641 11/30/22-00:55:07.068054 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49729 | 80 | 192.168.2.3 | 95.213.216.202 |
| 95.213.216.202192.168.2.380497442025483 11/30/22-00:55:36.086250 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49744 | 95.213.216.202 | 192.168.2.3 |
| 192.168.2.395.213.216.20249735802024318 11/30/22-00:55:17.863854 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49735 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.38.8.8.853049532014169 11/30/22-00:55:19.563471 | UDP | 2014169 | ET DNS Query for .su TLD (Soviet Union) Often Malware Related | 53049 | 53 | 192.168.2.3 | 8.8.8.8 |
| 192.168.2.395.213.216.20249735802024313 11/30/22-00:55:17.863854 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49735 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249744802024313 11/30/22-00:55:34.401351 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49744 | 80 | 192.168.2.3 | 95.213.216.202 |
| 95.213.216.202192.168.2.380497472025483 11/30/22-00:55:41.771804 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49747 | 95.213.216.202 | 192.168.2.3 |
| 192.168.2.395.213.216.20249744802024318 11/30/22-00:55:34.401351 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49744 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249741802021641 11/30/22-00:55:29.247109 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49741 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249704802825766 11/30/22-00:54:18.966132 | TCP | 2825766 | ETPRO TROJAN LokiBot Checkin M2 | 49704 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249746802025381 11/30/22-00:55:38.275174 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49746 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249732802021641 11/30/22-00:55:12.457821 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49732 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249699802024312 11/30/22-00:54:07.324934 | TCP | 2024312 | ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 | 49699 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249707802024313 11/30/22-00:54:24.716724 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49707 | 80 | 192.168.2.3 | 95.213.216.202 |
| 95.213.216.202192.168.2.380497062025483 11/30/22-00:54:24.053489 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49706 | 95.213.216.202 | 192.168.2.3 |
| 95.213.216.202192.168.2.380497502025483 11/30/22-00:55:46.963833 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49750 | 95.213.216.202 | 192.168.2.3 |
| 192.168.2.395.213.216.20249699802024317 11/30/22-00:54:07.324934 | TCP | 2024317 | ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2 | 49699 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249727802025381 11/30/22-00:55:03.486766 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49727 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.38.8.8.865511532014169 11/30/22-00:55:27.103034 | UDP | 2014169 | ET DNS Query for .su TLD (Soviet Union) Often Malware Related | 65511 | 53 | 192.168.2.3 | 8.8.8.8 |
| 192.168.2.38.8.8.864967532014169 11/30/22-00:55:58.869049 | UDP | 2014169 | ET DNS Query for .su TLD (Soviet Union) Often Malware Related | 64967 | 53 | 192.168.2.3 | 8.8.8.8 |
| 192.168.2.395.213.216.20249721802025381 11/30/22-00:54:53.572062 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49721 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249707802024318 11/30/22-00:54:24.716724 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49707 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249713802021641 11/30/22-00:54:37.979213 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49713 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249732802825766 11/30/22-00:55:12.457821 | TCP | 2825766 | ETPRO TROJAN LokiBot Checkin M2 | 49732 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249751802825766 11/30/22-00:55:47.279515 | TCP | 2825766 | ETPRO TROJAN LokiBot Checkin M2 | 49751 | 80 | 192.168.2.3 | 95.213.216.202 |
| 95.213.216.202192.168.2.380497552025483 11/30/22-00:55:57.270722 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49755 | 95.213.216.202 | 192.168.2.3 |
| 95.213.216.202192.168.2.380497582025483 11/30/22-00:56:00.797031 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49758 | 95.213.216.202 | 192.168.2.3 |
| 95.213.216.202192.168.2.380497362025483 11/30/22-00:55:21.118367 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49736 | 95.213.216.202 | 192.168.2.3 |
| 192.168.2.395.213.216.20249703802024318 11/30/22-00:54:16.960834 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49703 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249702802025381 11/30/22-00:54:14.871390 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49702 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249703802024313 11/30/22-00:54:16.960834 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49703 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.38.8.8.857134532014169 11/30/22-00:54:31.820802 | UDP | 2014169 | ET DNS Query for .su TLD (Soviet Union) Often Malware Related | 57134 | 53 | 192.168.2.3 | 8.8.8.8 |
| 192.168.2.395.213.216.20249758802021641 11/30/22-00:56:00.034214 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49758 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.38.8.8.858691532014169 11/30/22-00:54:53.455722 | UDP | 2014169 | ET DNS Query for .su TLD (Soviet Union) Often Malware Related | 58691 | 53 | 192.168.2.3 | 8.8.8.8 |
| 192.168.2.395.213.216.20249736802825766 11/30/22-00:55:19.643476 | TCP | 2825766 | ETPRO TROJAN LokiBot Checkin M2 | 49736 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249705802025381 11/30/22-00:54:20.168790 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49705 | 80 | 192.168.2.3 | 95.213.216.202 |
| 95.213.216.202192.168.2.380497332025483 11/30/22-00:55:15.751744 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49733 | 95.213.216.202 | 192.168.2.3 |
| 192.168.2.395.213.216.20249745802825766 11/30/22-00:55:36.377571 | TCP | 2825766 | ETPRO TROJAN LokiBot Checkin M2 | 49745 | 80 | 192.168.2.3 | 95.213.216.202 |
| 95.213.216.202192.168.2.380497032025483 11/30/22-00:54:18.541620 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49703 | 95.213.216.202 | 192.168.2.3 |
| 95.213.216.202192.168.2.380497142025483 11/30/22-00:54:41.602416 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49714 | 95.213.216.202 | 192.168.2.3 |
| 192.168.2.395.213.216.20249716802024313 11/30/22-00:54:43.829219 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49716 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.38.8.8.859433532014169 11/30/22-00:54:56.376062 | UDP | 2014169 | ET DNS Query for .su TLD (Soviet Union) Often Malware Related | 59433 | 53 | 192.168.2.3 | 8.8.8.8 |
| 192.168.2.395.213.216.20249757802024313 11/30/22-00:55:58.948901 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49757 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249717802825766 11/30/22-00:54:45.540558 | TCP | 2825766 | ETPRO TROJAN LokiBot Checkin M2 | 49717 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249722802024313 11/30/22-00:54:54.732179 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49722 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249716802024318 11/30/22-00:54:43.829219 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49716 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249759802025381 11/30/22-00:56:01.042444 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49759 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249757802024318 11/30/22-00:55:58.948901 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49757 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249723802825766 11/30/22-00:54:56.463103 | TCP | 2825766 | ETPRO TROJAN LokiBot Checkin M2 | 49723 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249718802025381 11/30/22-00:54:47.592007 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49718 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249730802025381 11/30/22-00:55:08.823725 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49730 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249704802021641 11/30/22-00:54:18.966132 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49704 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249722802024318 11/30/22-00:54:54.732179 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49722 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249745802021641 11/30/22-00:55:36.377571 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49745 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249714802024313 11/30/22-00:54:39.977728 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49714 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249725802825766 11/30/22-00:54:59.930841 | TCP | 2825766 | ETPRO TROJAN LokiBot Checkin M2 | 49725 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249700802025381 11/30/22-00:54:09.487691 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49700 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249714802024318 11/30/22-00:54:39.977728 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49714 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.38.8.8.858708532014169 11/30/22-00:55:15.985743 | UDP | 2014169 | ET DNS Query for .su TLD (Soviet Union) Often Malware Related | 58708 | 53 | 192.168.2.3 | 8.8.8.8 |
| 95.213.216.202192.168.2.380497282025483 11/30/22-00:55:06.759571 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49728 | 95.213.216.202 | 192.168.2.3 |
| 192.168.2.395.213.216.20249732802024318 11/30/22-00:55:12.457821 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49732 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249707802825766 11/30/22-00:54:24.716724 | TCP | 2825766 | ETPRO TROJAN LokiBot Checkin M2 | 49707 | 80 | 192.168.2.3 | 95.213.216.202 |
| 95.213.216.202192.168.2.380497242025483 11/30/22-00:54:59.594972 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49724 | 95.213.216.202 | 192.168.2.3 |
| 192.168.2.395.213.216.20249732802024313 11/30/22-00:55:12.457821 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49732 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249708802021641 11/30/22-00:54:26.803652 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49708 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249724802024318 11/30/22-00:54:58.184483 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49724 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249759802021641 11/30/22-00:56:01.042444 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49759 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249751802025381 11/30/22-00:55:47.279515 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49751 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249724802024313 11/30/22-00:54:58.184483 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49724 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249710802025381 11/30/22-00:54:31.910937 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49710 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249715802825766 11/30/22-00:54:42.060768 | TCP | 2825766 | ETPRO TROJAN LokiBot Checkin M2 | 49715 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249747802024318 11/30/22-00:55:40.214633 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49747 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249747802024313 11/30/22-00:55:40.214633 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49747 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249719802024313 11/30/22-00:54:49.641508 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49719 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249743802825766 11/30/22-00:55:32.962709 | TCP | 2825766 | ETPRO TROJAN LokiBot Checkin M2 | 49743 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.38.8.8.857571532014169 11/30/22-00:54:51.528645 | UDP | 2014169 | ET DNS Query for .su TLD (Soviet Union) Often Malware Related | 57571 | 53 | 192.168.2.3 | 8.8.8.8 |
| 192.168.2.395.213.216.20249719802024318 11/30/22-00:54:49.641508 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49719 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249742802024318 11/30/22-00:55:31.101064 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49742 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.38.8.8.859636532014169 11/30/22-00:54:37.879679 | UDP | 2014169 | ET DNS Query for .su TLD (Soviet Union) Often Malware Related | 59636 | 53 | 192.168.2.3 | 8.8.8.8 |
| 192.168.2.395.213.216.20249720802825766 11/30/22-00:54:51.608521 | TCP | 2825766 | ETPRO TROJAN LokiBot Checkin M2 | 49720 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249742802024313 11/30/22-00:55:31.101064 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49742 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249718802021641 11/30/22-00:54:47.592007 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49718 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249733802025381 11/30/22-00:55:14.244291 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49733 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249736802021641 11/30/22-00:55:19.643476 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49736 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249746802021641 11/30/22-00:55:38.275174 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49746 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249734802024318 11/30/22-00:55:16.065951 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49734 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249723802025381 11/30/22-00:54:56.463103 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49723 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249748802825766 11/30/22-00:55:42.098367 | TCP | 2825766 | ETPRO TROJAN LokiBot Checkin M2 | 49748 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249737802024313 11/30/22-00:55:21.614296 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49737 | 80 | 192.168.2.3 | 95.213.216.202 |
| 95.213.216.202192.168.2.380497562025483 11/30/22-00:55:58.723099 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49756 | 95.213.216.202 | 192.168.2.3 |
| 192.168.2.395.213.216.20249702802825766 11/30/22-00:54:14.871390 | TCP | 2825766 | ETPRO TROJAN LokiBot Checkin M2 | 49702 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249737802024318 11/30/22-00:55:21.614296 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49737 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249730802825766 11/30/22-00:55:08.823725 | TCP | 2825766 | ETPRO TROJAN LokiBot Checkin M2 | 49730 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249706802024313 11/30/22-00:54:22.484255 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49706 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249734802024313 11/30/22-00:55:16.065951 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49734 | 80 | 192.168.2.3 | 95.213.216.202 |
| 95.213.216.202192.168.2.380497352025483 11/30/22-00:55:19.347023 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49735 | 95.213.216.202 | 192.168.2.3 |
| 192.168.2.395.213.216.20249706802024318 11/30/22-00:54:22.484255 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49706 | 80 | 192.168.2.3 | 95.213.216.202 |
| 95.213.216.202192.168.2.380497522025483 11/30/22-00:55:50.930381 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49752 | 95.213.216.202 | 192.168.2.3 |
| 95.213.216.202192.168.2.380497172025483 11/30/22-00:54:47.032787 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49717 | 95.213.216.202 | 192.168.2.3 |
| 192.168.2.395.213.216.20249733802825766 11/30/22-00:55:14.244291 | TCP | 2825766 | ETPRO TROJAN LokiBot Checkin M2 | 49733 | 80 | 192.168.2.3 | 95.213.216.202 |
| 95.213.216.202192.168.2.380497392025483 11/30/22-00:55:26.908255 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49739 | 95.213.216.202 | 192.168.2.3 |
| 192.168.2.395.213.216.20249720802025381 11/30/22-00:54:51.608521 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49720 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249749802021641 11/30/22-00:55:43.976237 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49749 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.38.8.8.865320532014169 11/30/22-00:54:43.751689 | UDP | 2014169 | ET DNS Query for .su TLD (Soviet Union) Often Malware Related | 65320 | 53 | 192.168.2.3 | 8.8.8.8 |
| 192.168.2.395.213.216.20249735802825766 11/30/22-00:55:17.863854 | TCP | 2825766 | ETPRO TROJAN LokiBot Checkin M2 | 49735 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.38.8.8.852079532014169 11/30/22-00:55:32.870195 | UDP | 2014169 | ET DNS Query for .su TLD (Soviet Union) Often Malware Related | 52079 | 53 | 192.168.2.3 | 8.8.8.8 |
| 95.213.216.202192.168.2.380497012025483 11/30/22-00:54:14.085146 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49701 | 95.213.216.202 | 192.168.2.3 |
| 192.168.2.395.213.216.20249731802025381 11/30/22-00:55:10.632751 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49731 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249709802024318 11/30/22-00:54:29.164231 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49709 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249745802024318 11/30/22-00:55:36.377571 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49745 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249709802024313 11/30/22-00:54:29.164231 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49709 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249705802825766 11/30/22-00:54:20.168790 | TCP | 2825766 | ETPRO TROJAN LokiBot Checkin M2 | 49705 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249745802024313 11/30/22-00:55:36.377571 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49745 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249704802024318 11/30/22-00:54:18.966132 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49704 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249704802024313 11/30/22-00:54:18.966132 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49704 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249717802024313 11/30/22-00:54:45.540558 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49717 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249722802825766 11/30/22-00:54:54.732179 | TCP | 2825766 | ETPRO TROJAN LokiBot Checkin M2 | 49722 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249703802025381 11/30/22-00:54:16.960834 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49703 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.38.8.8.849302532014169 11/30/22-00:54:20.078245 | UDP | 2014169 | ET DNS Query for .su TLD (Soviet Union) Often Malware Related | 49302 | 53 | 192.168.2.3 | 8.8.8.8 |
| 192.168.2.395.213.216.20249711802024313 11/30/22-00:54:33.859062 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49711 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249728802825766 11/30/22-00:55:05.285201 | TCP | 2825766 | ETPRO TROJAN LokiBot Checkin M2 | 49728 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249705802021641 11/30/22-00:54:20.168790 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49705 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249711802024318 11/30/22-00:54:33.859062 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49711 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249738802021641 11/30/22-00:55:23.450513 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49738 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.38.8.8.865385532014169 11/30/22-00:55:49.289719 | UDP | 2014169 | ET DNS Query for .su TLD (Soviet Union) Often Malware Related | 65385 | 53 | 192.168.2.3 | 8.8.8.8 |
| 192.168.2.395.213.216.20249740802825766 11/30/22-00:55:27.193434 | TCP | 2825766 | ETPRO TROJAN LokiBot Checkin M2 | 49740 | 80 | 192.168.2.3 | 95.213.216.202 |
| 95.213.216.202192.168.2.380497452025483 11/30/22-00:55:37.973570 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49745 | 95.213.216.202 | 192.168.2.3 |
| 95.213.216.202192.168.2.380497462025483 11/30/22-00:55:39.906968 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49746 | 95.213.216.202 | 192.168.2.3 |
| 95.213.216.202192.168.2.380497402025483 11/30/22-00:55:28.902821 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49740 | 95.213.216.202 | 192.168.2.3 |
| 192.168.2.395.213.216.20249717802024318 11/30/22-00:54:45.540558 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49717 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249701802024313 11/30/22-00:54:12.581436 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49701 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249738802825766 11/30/22-00:55:23.450513 | TCP | 2825766 | ETPRO TROJAN LokiBot Checkin M2 | 49738 | 80 | 192.168.2.3 | 95.213.216.202 |
| 95.213.216.202192.168.2.380497132025483 11/30/22-00:54:39.587400 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49713 | 95.213.216.202 | 192.168.2.3 |
| 192.168.2.395.213.216.20249701802024318 11/30/22-00:54:12.581436 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49701 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249756802825766 11/30/22-00:55:57.533680 | TCP | 2825766 | ETPRO TROJAN LokiBot Checkin M2 | 49756 | 80 | 192.168.2.3 | 95.213.216.202 |
| 95.213.216.202192.168.2.380497022025483 11/30/22-00:54:16.469088 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49702 | 95.213.216.202 | 192.168.2.3 |
| 192.168.2.395.213.216.20249750802825766 11/30/22-00:55:45.758418 | TCP | 2825766 | ETPRO TROJAN LokiBot Checkin M2 | 49750 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249743802021641 11/30/22-00:55:32.962709 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49743 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249740802021641 11/30/22-00:55:27.193434 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49740 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249729802025381 11/30/22-00:55:07.068054 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49729 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249752802024313 11/30/22-00:55:49.378987 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49752 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249741802025381 11/30/22-00:55:29.247109 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49741 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249726802025381 11/30/22-00:55:01.673863 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49726 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249752802024318 11/30/22-00:55:49.378987 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49752 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.38.8.8.856042532014169 11/30/22-00:54:35.894646 | UDP | 2014169 | ET DNS Query for .su TLD (Soviet Union) Often Malware Related | 56042 | 53 | 192.168.2.3 | 8.8.8.8 |
| 192.168.2.38.8.8.853844532014169 11/30/22-00:55:03.396283 | UDP | 2014169 | ET DNS Query for .su TLD (Soviet Union) Often Malware Related | 53844 | 53 | 192.168.2.3 | 8.8.8.8 |
| 192.168.2.38.8.8.862050532014169 11/30/22-00:54:33.763792 | UDP | 2014169 | ET DNS Query for .su TLD (Soviet Union) Often Malware Related | 62050 | 53 | 192.168.2.3 | 8.8.8.8 |
| 192.168.2.395.213.216.20249728802021641 11/30/22-00:55:05.285201 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49728 | 80 | 192.168.2.3 | 95.213.216.202 |
| 95.213.216.202192.168.2.380497512025483 11/30/22-00:55:49.068855 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49751 | 95.213.216.202 | 192.168.2.3 |
| 192.168.2.395.213.216.20249755802024318 11/30/22-00:55:55.653974 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49755 | 80 | 192.168.2.3 | 95.213.216.202 |
| 95.213.216.202192.168.2.380497182025483 11/30/22-00:54:49.052316 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49718 | 95.213.216.202 | 192.168.2.3 |
| 192.168.2.38.8.8.852547532014169 11/30/22-00:55:01.596754 | UDP | 2014169 | ET DNS Query for .su TLD (Soviet Union) Often Malware Related | 52547 | 53 | 192.168.2.3 | 8.8.8.8 |
| 192.168.2.395.213.216.20249755802024313 11/30/22-00:55:55.653974 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49755 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249727802024318 11/30/22-00:55:03.486766 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49727 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249713802025381 11/30/22-00:54:37.979213 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49713 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249756802021641 11/30/22-00:55:57.533680 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49756 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.38.8.8.865459532014169 11/30/22-00:55:47.178193 | UDP | 2014169 | ET DNS Query for .su TLD (Soviet Union) Often Malware Related | 65459 | 53 | 192.168.2.3 | 8.8.8.8 |
| 95.213.216.202192.168.2.380497072025483 11/30/22-00:54:26.372322 | TCP | 2025483 | ET TROJAN LokiBot Fake 404 Response | 80 | 49707 | 95.213.216.202 | 192.168.2.3 |
| 192.168.2.395.213.216.20249715802021641 11/30/22-00:54:42.060768 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49715 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249712802825766 11/30/22-00:54:35.972913 | TCP | 2825766 | ETPRO TROJAN LokiBot Checkin M2 | 49712 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249753802825766 11/30/22-00:55:51.242717 | TCP | 2825766 | ETPRO TROJAN LokiBot Checkin M2 | 49753 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.38.8.8.854153532014169 11/30/22-00:55:51.152832 | UDP | 2014169 | ET DNS Query for .su TLD (Soviet Union) Often Malware Related | 54153 | 53 | 192.168.2.3 | 8.8.8.8 |
| 192.168.2.395.213.216.20249754802025381 11/30/22-00:55:53.496270 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49754 | 80 | 192.168.2.3 | 95.213.216.202 |
| 192.168.2.395.213.216.20249727802024313 11/30/22-00:55:03.486766 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49727 | 80 | 192.168.2.3 | 95.213.216.202 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Nov 30, 2022 00:54:07.252681971 CET | 49699 | 80 | 192.168.2.3 | 95.213.216.202 |
| Nov 30, 2022 00:54:07.317872047 CET | 80 | 49699 | 95.213.216.202 | 192.168.2.3 |
| Nov 30, 2022 00:54:07.318666935 CET | 49699 | 80 | 192.168.2.3 | 95.213.216.202 |
| Nov 30, 2022 00:54:07.324934006 CET | 49699 | 80 | 192.168.2.3 | 95.213.216.202 |
| Nov 30, 2022 00:54:07.390002012 CET | 80 | 49699 | 95.213.216.202 | 192.168.2.3 |
| Nov 30, 2022 00:54:07.390280008 CET | 49699 | 80 | 192.168.2.3 | 95.213.216.202 |
| Nov 30, 2022 00:54:07.454189062 CET | 80 | 49699 | 95.213.216.202 | 192.168.2.3 |
| Nov 30, 2022 00:54:08.932713032 CET | 80 | 49699 | 95.213.216.202 | 192.168.2.3 |
| Nov 30, 2022 00:54:08.932929993 CET | 49699 | 80 | 192.168.2.3 | 95.213.216.202 |
| Nov 30, 2022 00:54:08.932929993 CET | 49699 | 80 | 192.168.2.3 | 95.213.216.202 |
| Nov 30, 2022 00:54:08.997078896 CET | 80 | 49699 | 95.213.216.202 | 192.168.2.3 |
| Nov 30, 2022 00:54:09.427567959 CET | 49700 | 80 | 192.168.2.3 | 95.213.216.202 |
| Nov 30, 2022 00:54:09.484437943 CET | 80 | 49700 | 95.213.216.202 | 192.168.2.3 |
| Nov 30, 2022 00:54:09.484872103 CET | 49700 | 80 | 192.168.2.3 | 95.213.216.202 |
| Nov 30, 2022 00:54:09.487690926 CET | 49700 | 80 | 192.168.2.3 | 95.213.216.202 |
| Nov 30, 2022 00:54:09.545456886 CET | 80 | 49700 | 95.213.216.202 | 192.168.2.3 |
| Nov 30, 2022 00:54:09.545732975 CET | 49700 | 80 | 192.168.2.3 | 95.213.216.202 |
| Nov 30, 2022 00:54:09.602526903 CET | 80 | 49700 | 95.213.216.202 | 192.168.2.3 |
| Nov 30, 2022 00:54:11.058943987 CET | 80 | 49700 | 95.213.216.202 | 192.168.2.3 |
| Nov 30, 2022 00:54:11.059271097 CET | 49700 | 80 | 192.168.2.3 | 95.213.216.202 |
| Nov 30, 2022 00:54:11.251259089 CET | 49700 | 80 | 192.168.2.3 | 95.213.216.202 |
| Nov 30, 2022 00:54:11.308391094 CET | 80 | 49700 | 95.213.216.202 | 192.168.2.3 |
| Nov 30, 2022 00:54:12.515145063 CET | 49701 | 80 | 192.168.2.3 | 95.213.216.202 |
| Nov 30, 2022 00:54:12.578533888 CET | 80 | 49701 | 95.213.216.202 | 192.168.2.3 |
| Nov 30, 2022 00:54:12.578650951 CET | 49701 | 80 | 192.168.2.3 | 95.213.216.202 |
| Nov 30, 2022 00:54:12.581435919 CET | 49701 | 80 | 192.168.2.3 | 95.213.216.202 |
| Nov 30, 2022 00:54:12.644690037 CET | 80 | 49701 | 95.213.216.202 | 192.168.2.3 |
| Nov 30, 2022 00:54:12.644942999 CET | 49701 | 80 | 192.168.2.3 | 95.213.216.202 |
| Nov 30, 2022 00:54:12.708281040 CET | 80 | 49701 | 95.213.216.202 | 192.168.2.3 |
| Nov 30, 2022 00:54:14.085145950 CET | 80 | 49701 | 95.213.216.202 | 192.168.2.3 |
| Nov 30, 2022 00:54:14.085324049 CET | 49701 | 80 | 192.168.2.3 | 95.213.216.202 |
| Nov 30, 2022 00:54:14.085324049 CET | 49701 | 80 | 192.168.2.3 | 95.213.216.202 |
| Nov 30, 2022 00:54:14.148653984 CET | 80 | 49701 | 95.213.216.202 | 192.168.2.3 |
| Nov 30, 2022 00:54:14.796390057 CET | 49702 | 80 | 192.168.2.3 | 95.213.216.202 |
| Nov 30, 2022 00:54:14.863887072 CET | 80 | 49702 | 95.213.216.202 | 192.168.2.3 |
| Nov 30, 2022 00:54:14.864324093 CET | 49702 | 80 | 192.168.2.3 | 95.213.216.202 |
| Nov 30, 2022 00:54:14.871390104 CET | 49702 | 80 | 192.168.2.3 | 95.213.216.202 |
| Nov 30, 2022 00:54:14.938833952 CET | 80 | 49702 | 95.213.216.202 | 192.168.2.3 |
| Nov 30, 2022 00:54:14.939245939 CET | 49702 | 80 | 192.168.2.3 | 95.213.216.202 |
| Nov 30, 2022 00:54:15.006510973 CET | 80 | 49702 | 95.213.216.202 | 192.168.2.3 |
| Nov 30, 2022 00:54:16.469088078 CET | 80 | 49702 | 95.213.216.202 | 192.168.2.3 |
| Nov 30, 2022 00:54:16.469213009 CET | 49702 | 80 | 192.168.2.3 | 95.213.216.202 |
| Nov 30, 2022 00:54:16.469305038 CET | 49702 | 80 | 192.168.2.3 | 95.213.216.202 |
| Nov 30, 2022 00:54:16.536587954 CET | 80 | 49702 | 95.213.216.202 | 192.168.2.3 |
| Nov 30, 2022 00:54:16.901004076 CET | 49703 | 80 | 192.168.2.3 | 95.213.216.202 |
| Nov 30, 2022 00:54:16.957978010 CET | 80 | 49703 | 95.213.216.202 | 192.168.2.3 |
| Nov 30, 2022 00:54:16.958115101 CET | 49703 | 80 | 192.168.2.3 | 95.213.216.202 |
| Nov 30, 2022 00:54:16.960834026 CET | 49703 | 80 | 192.168.2.3 | 95.213.216.202 |
| Nov 30, 2022 00:54:17.017646074 CET | 80 | 49703 | 95.213.216.202 | 192.168.2.3 |
| Nov 30, 2022 00:54:17.017842054 CET | 49703 | 80 | 192.168.2.3 | 95.213.216.202 |
| Nov 30, 2022 00:54:17.074562073 CET | 80 | 49703 | 95.213.216.202 | 192.168.2.3 |
| Nov 30, 2022 00:54:18.541620016 CET | 80 | 49703 | 95.213.216.202 | 192.168.2.3 |
| Nov 30, 2022 00:54:18.541914940 CET | 49703 | 80 | 192.168.2.3 | 95.213.216.202 |
| Nov 30, 2022 00:54:18.541914940 CET | 49703 | 80 | 192.168.2.3 | 95.213.216.202 |
| Nov 30, 2022 00:54:18.598728895 CET | 80 | 49703 | 95.213.216.202 | 192.168.2.3 |
| Nov 30, 2022 00:54:18.898685932 CET | 49704 | 80 | 192.168.2.3 | 95.213.216.202 |
| Nov 30, 2022 00:54:18.963310003 CET | 80 | 49704 | 95.213.216.202 | 192.168.2.3 |
| Nov 30, 2022 00:54:18.963515997 CET | 49704 | 80 | 192.168.2.3 | 95.213.216.202 |
| Nov 30, 2022 00:54:18.966131926 CET | 49704 | 80 | 192.168.2.3 | 95.213.216.202 |
| Nov 30, 2022 00:54:19.030903101 CET | 80 | 49704 | 95.213.216.202 | 192.168.2.3 |
| Nov 30, 2022 00:54:19.031228065 CET | 49704 | 80 | 192.168.2.3 | 95.213.216.202 |
| Nov 30, 2022 00:54:19.095748901 CET | 80 | 49704 | 95.213.216.202 | 192.168.2.3 |
| Nov 30, 2022 00:54:19.714504957 CET | 80 | 49704 | 95.213.216.202 | 192.168.2.3 |
| Nov 30, 2022 00:54:19.714649916 CET | 49704 | 80 | 192.168.2.3 | 95.213.216.202 |
| Nov 30, 2022 00:54:19.722553015 CET | 49704 | 80 | 192.168.2.3 | 95.213.216.202 |
| Nov 30, 2022 00:54:19.787149906 CET | 80 | 49704 | 95.213.216.202 | 192.168.2.3 |
| Nov 30, 2022 00:54:20.097837925 CET | 49705 | 80 | 192.168.2.3 | 95.213.216.202 |
| Nov 30, 2022 00:54:20.161624908 CET | 80 | 49705 | 95.213.216.202 | 192.168.2.3 |
| Nov 30, 2022 00:54:20.161886930 CET | 49705 | 80 | 192.168.2.3 | 95.213.216.202 |
| Nov 30, 2022 00:54:20.168790102 CET | 49705 | 80 | 192.168.2.3 | 95.213.216.202 |
| Nov 30, 2022 00:54:20.232583046 CET | 80 | 49705 | 95.213.216.202 | 192.168.2.3 |
| Nov 30, 2022 00:54:20.232693911 CET | 49705 | 80 | 192.168.2.3 | 95.213.216.202 |
| Nov 30, 2022 00:54:20.296284914 CET | 80 | 49705 | 95.213.216.202 | 192.168.2.3 |
| Nov 30, 2022 00:54:21.783216000 CET | 80 | 49705 | 95.213.216.202 | 192.168.2.3 |
| Nov 30, 2022 00:54:21.783595085 CET | 49705 | 80 | 192.168.2.3 | 95.213.216.202 |
| Nov 30, 2022 00:54:21.783595085 CET | 49705 | 80 | 192.168.2.3 | 95.213.216.202 |
| Nov 30, 2022 00:54:21.847395897 CET | 80 | 49705 | 95.213.216.202 | 192.168.2.3 |
| Nov 30, 2022 00:54:22.417725086 CET | 49706 | 80 | 192.168.2.3 | 95.213.216.202 |
| Nov 30, 2022 00:54:22.481591940 CET | 80 | 49706 | 95.213.216.202 | 192.168.2.3 |
| Nov 30, 2022 00:54:22.481817961 CET | 49706 | 80 | 192.168.2.3 | 95.213.216.202 |
| Nov 30, 2022 00:54:22.484255075 CET | 49706 | 80 | 192.168.2.3 | 95.213.216.202 |
| Nov 30, 2022 00:54:22.547919989 CET | 80 | 49706 | 95.213.216.202 | 192.168.2.3 |
| Nov 30, 2022 00:54:22.548185110 CET | 49706 | 80 | 192.168.2.3 | 95.213.216.202 |
| Nov 30, 2022 00:54:22.611813068 CET | 80 | 49706 | 95.213.216.202 | 192.168.2.3 |
| Nov 30, 2022 00:54:24.053488970 CET | 80 | 49706 | 95.213.216.202 | 192.168.2.3 |
| Nov 30, 2022 00:54:24.053700924 CET | 49706 | 80 | 192.168.2.3 | 95.213.216.202 |
| Nov 30, 2022 00:54:24.053700924 CET | 49706 | 80 | 192.168.2.3 | 95.213.216.202 |
| Nov 30, 2022 00:54:24.117465019 CET | 80 | 49706 | 95.213.216.202 | 192.168.2.3 |
| Nov 30, 2022 00:54:24.644469023 CET | 49707 | 80 | 192.168.2.3 | 95.213.216.202 |
| Nov 30, 2022 00:54:24.708810091 CET | 80 | 49707 | 95.213.216.202 | 192.168.2.3 |
| Nov 30, 2022 00:54:24.709328890 CET | 49707 | 80 | 192.168.2.3 | 95.213.216.202 |
| Nov 30, 2022 00:54:24.716723919 CET | 49707 | 80 | 192.168.2.3 | 95.213.216.202 |
| Nov 30, 2022 00:54:24.780909061 CET | 80 | 49707 | 95.213.216.202 | 192.168.2.3 |
| Nov 30, 2022 00:54:24.781121969 CET | 49707 | 80 | 192.168.2.3 | 95.213.216.202 |
| Nov 30, 2022 00:54:24.845062971 CET | 80 | 49707 | 95.213.216.202 | 192.168.2.3 |
| Nov 30, 2022 00:54:26.372322083 CET | 80 | 49707 | 95.213.216.202 | 192.168.2.3 |
| Nov 30, 2022 00:54:26.372553110 CET | 49707 | 80 | 192.168.2.3 | 95.213.216.202 |
| Nov 30, 2022 00:54:26.372901917 CET | 49707 | 80 | 192.168.2.3 | 95.213.216.202 |
| Nov 30, 2022 00:54:26.436924934 CET | 80 | 49707 | 95.213.216.202 | 192.168.2.3 |
| Nov 30, 2022 00:54:26.735404968 CET | 49708 | 80 | 192.168.2.3 | 95.213.216.202 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Nov 30, 2022 00:54:06.875981092 CET | 49977 | 53 | 192.168.2.3 | 8.8.8.8 |
| Nov 30, 2022 00:54:07.240958929 CET | 53 | 49977 | 8.8.8.8 | 192.168.2.3 |
| Nov 30, 2022 00:54:09.401173115 CET | 57840 | 53 | 192.168.2.3 | 8.8.8.8 |
| Nov 30, 2022 00:54:09.420834064 CET | 53 | 57840 | 8.8.8.8 | 192.168.2.3 |
| Nov 30, 2022 00:54:11.706173897 CET | 57990 | 53 | 192.168.2.3 | 8.8.8.8 |
| Nov 30, 2022 00:54:12.468837023 CET | 53 | 57990 | 8.8.8.8 | 192.168.2.3 |
| Nov 30, 2022 00:54:14.412322998 CET | 52387 | 53 | 192.168.2.3 | 8.8.8.8 |
| Nov 30, 2022 00:54:14.780765057 CET | 53 | 52387 | 8.8.8.8 | 192.168.2.3 |
| Nov 30, 2022 00:54:16.879287004 CET | 56924 | 53 | 192.168.2.3 | 8.8.8.8 |
| Nov 30, 2022 00:54:16.898757935 CET | 53 | 56924 | 8.8.8.8 | 192.168.2.3 |
| Nov 30, 2022 00:54:18.863516092 CET | 60625 | 53 | 192.168.2.3 | 8.8.8.8 |
| Nov 30, 2022 00:54:18.881309032 CET | 53 | 60625 | 8.8.8.8 | 192.168.2.3 |
| Nov 30, 2022 00:54:20.078244925 CET | 49302 | 53 | 192.168.2.3 | 8.8.8.8 |
| Nov 30, 2022 00:54:20.096685886 CET | 53 | 49302 | 8.8.8.8 | 192.168.2.3 |
| Nov 30, 2022 00:54:22.160619020 CET | 53975 | 53 | 192.168.2.3 | 8.8.8.8 |
| Nov 30, 2022 00:54:22.415709972 CET | 53 | 53975 | 8.8.8.8 | 192.168.2.3 |
| Nov 30, 2022 00:54:24.370686054 CET | 51139 | 53 | 192.168.2.3 | 8.8.8.8 |
| Nov 30, 2022 00:54:24.639362097 CET | 53 | 51139 | 8.8.8.8 | 192.168.2.3 |
| Nov 30, 2022 00:54:26.705693960 CET | 52955 | 53 | 192.168.2.3 | 8.8.8.8 |
| Nov 30, 2022 00:54:26.723373890 CET | 53 | 52955 | 8.8.8.8 | 192.168.2.3 |
| Nov 30, 2022 00:54:28.778636932 CET | 60582 | 53 | 192.168.2.3 | 8.8.8.8 |
| Nov 30, 2022 00:54:29.064884901 CET | 53 | 60582 | 8.8.8.8 | 192.168.2.3 |
| Nov 30, 2022 00:54:31.820801973 CET | 57134 | 53 | 192.168.2.3 | 8.8.8.8 |
| Nov 30, 2022 00:54:31.840390921 CET | 53 | 57134 | 8.8.8.8 | 192.168.2.3 |
| Nov 30, 2022 00:54:33.763792038 CET | 62050 | 53 | 192.168.2.3 | 8.8.8.8 |
| Nov 30, 2022 00:54:33.781332970 CET | 53 | 62050 | 8.8.8.8 | 192.168.2.3 |
| Nov 30, 2022 00:54:35.894645929 CET | 56042 | 53 | 192.168.2.3 | 8.8.8.8 |
| Nov 30, 2022 00:54:35.912352085 CET | 53 | 56042 | 8.8.8.8 | 192.168.2.3 |
| Nov 30, 2022 00:54:37.879678965 CET | 59636 | 53 | 192.168.2.3 | 8.8.8.8 |
| Nov 30, 2022 00:54:37.897547007 CET | 53 | 59636 | 8.8.8.8 | 192.168.2.3 |
| Nov 30, 2022 00:54:39.891168118 CET | 55638 | 53 | 192.168.2.3 | 8.8.8.8 |
| Nov 30, 2022 00:54:39.908864975 CET | 53 | 55638 | 8.8.8.8 | 192.168.2.3 |
| Nov 30, 2022 00:54:41.979608059 CET | 57704 | 53 | 192.168.2.3 | 8.8.8.8 |
| Nov 30, 2022 00:54:41.997195005 CET | 53 | 57704 | 8.8.8.8 | 192.168.2.3 |
| Nov 30, 2022 00:54:43.751688957 CET | 65320 | 53 | 192.168.2.3 | 8.8.8.8 |
| Nov 30, 2022 00:54:43.768886089 CET | 53 | 65320 | 8.8.8.8 | 192.168.2.3 |
| Nov 30, 2022 00:54:45.460011959 CET | 60767 | 53 | 192.168.2.3 | 8.8.8.8 |
| Nov 30, 2022 00:54:45.479480982 CET | 53 | 60767 | 8.8.8.8 | 192.168.2.3 |
| Nov 30, 2022 00:54:47.470066071 CET | 65107 | 53 | 192.168.2.3 | 8.8.8.8 |
| Nov 30, 2022 00:54:47.487802982 CET | 53 | 65107 | 8.8.8.8 | 192.168.2.3 |
| Nov 30, 2022 00:54:49.539402962 CET | 53848 | 53 | 192.168.2.3 | 8.8.8.8 |
| Nov 30, 2022 00:54:49.559163094 CET | 53 | 53848 | 8.8.8.8 | 192.168.2.3 |
| Nov 30, 2022 00:54:51.528645039 CET | 57571 | 53 | 192.168.2.3 | 8.8.8.8 |
| Nov 30, 2022 00:54:51.546144009 CET | 53 | 57571 | 8.8.8.8 | 192.168.2.3 |
| Nov 30, 2022 00:54:53.455722094 CET | 58691 | 53 | 192.168.2.3 | 8.8.8.8 |
| Nov 30, 2022 00:54:53.473742008 CET | 53 | 58691 | 8.8.8.8 | 192.168.2.3 |
| Nov 30, 2022 00:54:54.648302078 CET | 53305 | 53 | 192.168.2.3 | 8.8.8.8 |
| Nov 30, 2022 00:54:54.668741941 CET | 53 | 53305 | 8.8.8.8 | 192.168.2.3 |
| Nov 30, 2022 00:54:56.376061916 CET | 59433 | 53 | 192.168.2.3 | 8.8.8.8 |
| Nov 30, 2022 00:54:56.395571947 CET | 53 | 59433 | 8.8.8.8 | 192.168.2.3 |
| Nov 30, 2022 00:54:58.103972912 CET | 60749 | 53 | 192.168.2.3 | 8.8.8.8 |
| Nov 30, 2022 00:54:58.123743057 CET | 53 | 60749 | 8.8.8.8 | 192.168.2.3 |
| Nov 30, 2022 00:54:59.841953039 CET | 56949 | 53 | 192.168.2.3 | 8.8.8.8 |
| Nov 30, 2022 00:54:59.861439943 CET | 53 | 56949 | 8.8.8.8 | 192.168.2.3 |
| Nov 30, 2022 00:55:01.596754074 CET | 52547 | 53 | 192.168.2.3 | 8.8.8.8 |
| Nov 30, 2022 00:55:01.613591909 CET | 53 | 52547 | 8.8.8.8 | 192.168.2.3 |
| Nov 30, 2022 00:55:03.396282911 CET | 53844 | 53 | 192.168.2.3 | 8.8.8.8 |
| Nov 30, 2022 00:55:03.413459063 CET | 53 | 53844 | 8.8.8.8 | 192.168.2.3 |
| Nov 30, 2022 00:55:05.186135054 CET | 65017 | 53 | 192.168.2.3 | 8.8.8.8 |
| Nov 30, 2022 00:55:05.205918074 CET | 53 | 65017 | 8.8.8.8 | 192.168.2.3 |
| Nov 30, 2022 00:55:06.970989943 CET | 53466 | 53 | 192.168.2.3 | 8.8.8.8 |
| Nov 30, 2022 00:55:06.988650084 CET | 53 | 53466 | 8.8.8.8 | 192.168.2.3 |
| Nov 30, 2022 00:55:08.735474110 CET | 57743 | 53 | 192.168.2.3 | 8.8.8.8 |
| Nov 30, 2022 00:55:08.753017902 CET | 53 | 57743 | 8.8.8.8 | 192.168.2.3 |
| Nov 30, 2022 00:55:10.547934055 CET | 53623 | 53 | 192.168.2.3 | 8.8.8.8 |
| Nov 30, 2022 00:55:10.565411091 CET | 53 | 53623 | 8.8.8.8 | 192.168.2.3 |
| Nov 30, 2022 00:55:12.379224062 CET | 61416 | 53 | 192.168.2.3 | 8.8.8.8 |
| Nov 30, 2022 00:55:12.396709919 CET | 53 | 61416 | 8.8.8.8 | 192.168.2.3 |
| Nov 30, 2022 00:55:14.166464090 CET | 65196 | 53 | 192.168.2.3 | 8.8.8.8 |
| Nov 30, 2022 00:55:14.183665037 CET | 53 | 65196 | 8.8.8.8 | 192.168.2.3 |
| Nov 30, 2022 00:55:15.985743046 CET | 58708 | 53 | 192.168.2.3 | 8.8.8.8 |
| Nov 30, 2022 00:55:16.003206015 CET | 53 | 58708 | 8.8.8.8 | 192.168.2.3 |
| Nov 30, 2022 00:55:17.784200907 CET | 59581 | 53 | 192.168.2.3 | 8.8.8.8 |
| Nov 30, 2022 00:55:17.801747084 CET | 53 | 59581 | 8.8.8.8 | 192.168.2.3 |
| Nov 30, 2022 00:55:19.563471079 CET | 53049 | 53 | 192.168.2.3 | 8.8.8.8 |
| Nov 30, 2022 00:55:19.582814932 CET | 53 | 53049 | 8.8.8.8 | 192.168.2.3 |
| Nov 30, 2022 00:55:21.529314041 CET | 60088 | 53 | 192.168.2.3 | 8.8.8.8 |
| Nov 30, 2022 00:55:21.547068119 CET | 53 | 60088 | 8.8.8.8 | 192.168.2.3 |
| Nov 30, 2022 00:55:23.368357897 CET | 63562 | 53 | 192.168.2.3 | 8.8.8.8 |
| Nov 30, 2022 00:55:23.385291100 CET | 53 | 63562 | 8.8.8.8 | 192.168.2.3 |
| Nov 30, 2022 00:55:25.189213991 CET | 53428 | 53 | 192.168.2.3 | 8.8.8.8 |
| Nov 30, 2022 00:55:25.206536055 CET | 53 | 53428 | 8.8.8.8 | 192.168.2.3 |
| Nov 30, 2022 00:55:27.103034019 CET | 65511 | 53 | 192.168.2.3 | 8.8.8.8 |
| Nov 30, 2022 00:55:27.120949030 CET | 53 | 65511 | 8.8.8.8 | 192.168.2.3 |
| Nov 30, 2022 00:55:29.162121058 CET | 59820 | 53 | 192.168.2.3 | 8.8.8.8 |
| Nov 30, 2022 00:55:29.179055929 CET | 53 | 59820 | 8.8.8.8 | 192.168.2.3 |
| Nov 30, 2022 00:55:31.020256042 CET | 64595 | 53 | 192.168.2.3 | 8.8.8.8 |
| Nov 30, 2022 00:55:31.039771080 CET | 53 | 64595 | 8.8.8.8 | 192.168.2.3 |
| Nov 30, 2022 00:55:32.870194912 CET | 52079 | 53 | 192.168.2.3 | 8.8.8.8 |
| Nov 30, 2022 00:55:32.889683008 CET | 53 | 52079 | 8.8.8.8 | 192.168.2.3 |
| Nov 30, 2022 00:55:34.318233967 CET | 64823 | 53 | 192.168.2.3 | 8.8.8.8 |
| Nov 30, 2022 00:55:34.335309029 CET | 53 | 64823 | 8.8.8.8 | 192.168.2.3 |
| Nov 30, 2022 00:55:36.286011934 CET | 51992 | 53 | 192.168.2.3 | 8.8.8.8 |
| Nov 30, 2022 00:55:36.303749084 CET | 53 | 51992 | 8.8.8.8 | 192.168.2.3 |
| Nov 30, 2022 00:55:38.197046041 CET | 58119 | 53 | 192.168.2.3 | 8.8.8.8 |
| Nov 30, 2022 00:55:38.214360952 CET | 53 | 58119 | 8.8.8.8 | 192.168.2.3 |
| Nov 30, 2022 00:55:40.126117945 CET | 49166 | 53 | 192.168.2.3 | 8.8.8.8 |
| Nov 30, 2022 00:55:40.145720959 CET | 53 | 49166 | 8.8.8.8 | 192.168.2.3 |
| Nov 30, 2022 00:55:42.001540899 CET | 58301 | 53 | 192.168.2.3 | 8.8.8.8 |
| Nov 30, 2022 00:55:42.019203901 CET | 53 | 58301 | 8.8.8.8 | 192.168.2.3 |
| Nov 30, 2022 00:55:43.898413897 CET | 63446 | 53 | 192.168.2.3 | 8.8.8.8 |
| Nov 30, 2022 00:55:43.915456057 CET | 53 | 63446 | 8.8.8.8 | 192.168.2.3 |
| Nov 30, 2022 00:55:45.675020933 CET | 49874 | 53 | 192.168.2.3 | 8.8.8.8 |
| Nov 30, 2022 00:55:45.694405079 CET | 53 | 49874 | 8.8.8.8 | 192.168.2.3 |
| Nov 30, 2022 00:55:47.178193092 CET | 65459 | 53 | 192.168.2.3 | 8.8.8.8 |
| Nov 30, 2022 00:55:47.198072910 CET | 53 | 65459 | 8.8.8.8 | 192.168.2.3 |
| Nov 30, 2022 00:55:49.289719105 CET | 65385 | 53 | 192.168.2.3 | 8.8.8.8 |
| Nov 30, 2022 00:55:49.307233095 CET | 53 | 65385 | 8.8.8.8 | 192.168.2.3 |
| Nov 30, 2022 00:55:51.152832031 CET | 54153 | 53 | 192.168.2.3 | 8.8.8.8 |
| Nov 30, 2022 00:55:51.172306061 CET | 53 | 54153 | 8.8.8.8 | 192.168.2.3 |
| Nov 30, 2022 00:55:53.393349886 CET | 64602 | 53 | 192.168.2.3 | 8.8.8.8 |
| Nov 30, 2022 00:55:53.412369013 CET | 53 | 64602 | 8.8.8.8 | 192.168.2.3 |
| Nov 30, 2022 00:55:55.557055950 CET | 50784 | 53 | 192.168.2.3 | 8.8.8.8 |
| Nov 30, 2022 00:55:55.574852943 CET | 53 | 50784 | 8.8.8.8 | 192.168.2.3 |
| Nov 30, 2022 00:55:57.444180012 CET | 64121 | 53 | 192.168.2.3 | 8.8.8.8 |
| Nov 30, 2022 00:55:57.463988066 CET | 53 | 64121 | 8.8.8.8 | 192.168.2.3 |
| Nov 30, 2022 00:55:58.869049072 CET | 64967 | 53 | 192.168.2.3 | 8.8.8.8 |
| Nov 30, 2022 00:55:58.886452913 CET | 53 | 64967 | 8.8.8.8 | 192.168.2.3 |
| Nov 30, 2022 00:55:59.940840960 CET | 60825 | 53 | 192.168.2.3 | 8.8.8.8 |
| Nov 30, 2022 00:55:59.957931995 CET | 53 | 60825 | 8.8.8.8 | 192.168.2.3 |
| Nov 30, 2022 00:56:00.958663940 CET | 49201 | 53 | 192.168.2.3 | 8.8.8.8 |
| Nov 30, 2022 00:56:00.977658987 CET | 53 | 49201 | 8.8.8.8 | 192.168.2.3 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Nov 30, 2022 00:54:06.875981092 CET | 192.168.2.3 | 8.8.8.8 | 0x6188 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Nov 30, 2022 00:54:09.401173115 CET | 192.168.2.3 | 8.8.8.8 | 0x5d3b | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Nov 30, 2022 00:54:11.706173897 CET | 192.168.2.3 | 8.8.8.8 | 0xb7e8 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Nov 30, 2022 00:54:14.412322998 CET | 192.168.2.3 | 8.8.8.8 | 0x4082 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Nov 30, 2022 00:54:16.879287004 CET | 192.168.2.3 | 8.8.8.8 | 0x22b9 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Nov 30, 2022 00:54:18.863516092 CET | 192.168.2.3 | 8.8.8.8 | 0xeaac | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Nov 30, 2022 00:54:20.078244925 CET | 192.168.2.3 | 8.8.8.8 | 0x28fb | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Nov 30, 2022 00:54:22.160619020 CET | 192.168.2.3 | 8.8.8.8 | 0xee98 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Nov 30, 2022 00:54:24.370686054 CET | 192.168.2.3 | 8.8.8.8 | 0x2624 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Nov 30, 2022 00:54:26.705693960 CET | 192.168.2.3 | 8.8.8.8 | 0x5477 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Nov 30, 2022 00:54:28.778636932 CET | 192.168.2.3 | 8.8.8.8 | 0xdecc | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Nov 30, 2022 00:54:31.820801973 CET | 192.168.2.3 | 8.8.8.8 | 0x1c2d | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Nov 30, 2022 00:54:33.763792038 CET | 192.168.2.3 | 8.8.8.8 | 0xf2e6 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Nov 30, 2022 00:54:35.894645929 CET | 192.168.2.3 | 8.8.8.8 | 0x1fc5 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Nov 30, 2022 00:54:37.879678965 CET | 192.168.2.3 | 8.8.8.8 | 0xbad | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Nov 30, 2022 00:54:39.891168118 CET | 192.168.2.3 | 8.8.8.8 | 0x785c | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Nov 30, 2022 00:54:41.979608059 CET | 192.168.2.3 | 8.8.8.8 | 0xabaf | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Nov 30, 2022 00:54:43.751688957 CET | 192.168.2.3 | 8.8.8.8 | 0x692b | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Nov 30, 2022 00:54:45.460011959 CET | 192.168.2.3 | 8.8.8.8 | 0x4377 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Nov 30, 2022 00:54:47.470066071 CET | 192.168.2.3 | 8.8.8.8 | 0xbe7a | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Nov 30, 2022 00:54:49.539402962 CET | 192.168.2.3 | 8.8.8.8 | 0x9c9a | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Nov 30, 2022 00:54:51.528645039 CET | 192.168.2.3 | 8.8.8.8 | 0xb58 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Nov 30, 2022 00:54:53.455722094 CET | 192.168.2.3 | 8.8.8.8 | 0xdac7 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Nov 30, 2022 00:54:54.648302078 CET | 192.168.2.3 | 8.8.8.8 | 0xaacd | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Nov 30, 2022 00:54:56.376061916 CET | 192.168.2.3 | 8.8.8.8 | 0x479c | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Nov 30, 2022 00:54:58.103972912 CET | 192.168.2.3 | 8.8.8.8 | 0xea9f | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Nov 30, 2022 00:54:59.841953039 CET | 192.168.2.3 | 8.8.8.8 | 0x16e7 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Nov 30, 2022 00:55:01.596754074 CET | 192.168.2.3 | 8.8.8.8 | 0x35c4 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Nov 30, 2022 00:55:03.396282911 CET | 192.168.2.3 | 8.8.8.8 | 0x8db7 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Nov 30, 2022 00:55:05.186135054 CET | 192.168.2.3 | 8.8.8.8 | 0xa497 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Nov 30, 2022 00:55:06.970989943 CET | 192.168.2.3 | 8.8.8.8 | 0x67db | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Nov 30, 2022 00:55:08.735474110 CET | 192.168.2.3 | 8.8.8.8 | 0x7db5 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Nov 30, 2022 00:55:10.547934055 CET | 192.168.2.3 | 8.8.8.8 | 0x1fa1 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Nov 30, 2022 00:55:12.379224062 CET | 192.168.2.3 | 8.8.8.8 | 0x4f02 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Nov 30, 2022 00:55:14.166464090 CET | 192.168.2.3 | 8.8.8.8 | 0x4ab6 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Nov 30, 2022 00:55:15.985743046 CET | 192.168.2.3 | 8.8.8.8 | 0x3921 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Nov 30, 2022 00:55:17.784200907 CET | 192.168.2.3 | 8.8.8.8 | 0xc7dc | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Nov 30, 2022 00:55:19.563471079 CET | 192.168.2.3 | 8.8.8.8 | 0x46b9 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Nov 30, 2022 00:55:21.529314041 CET | 192.168.2.3 | 8.8.8.8 | 0x213 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Nov 30, 2022 00:55:23.368357897 CET | 192.168.2.3 | 8.8.8.8 | 0x1d07 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Nov 30, 2022 00:55:25.189213991 CET | 192.168.2.3 | 8.8.8.8 | 0x6e37 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Nov 30, 2022 00:55:27.103034019 CET | 192.168.2.3 | 8.8.8.8 | 0xea01 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Nov 30, 2022 00:55:29.162121058 CET | 192.168.2.3 | 8.8.8.8 | 0x4235 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Nov 30, 2022 00:55:31.020256042 CET | 192.168.2.3 | 8.8.8.8 | 0xa106 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Nov 30, 2022 00:55:32.870194912 CET | 192.168.2.3 | 8.8.8.8 | 0x86ee | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Nov 30, 2022 00:55:34.318233967 CET | 192.168.2.3 | 8.8.8.8 | 0x2d83 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Nov 30, 2022 00:55:36.286011934 CET | 192.168.2.3 | 8.8.8.8 | 0xbdf8 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Nov 30, 2022 00:55:38.197046041 CET | 192.168.2.3 | 8.8.8.8 | 0x23f4 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Nov 30, 2022 00:55:40.126117945 CET | 192.168.2.3 | 8.8.8.8 | 0x856e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Nov 30, 2022 00:55:42.001540899 CET | 192.168.2.3 | 8.8.8.8 | 0x3a49 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Nov 30, 2022 00:55:43.898413897 CET | 192.168.2.3 | 8.8.8.8 | 0x4c7e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Nov 30, 2022 00:55:45.675020933 CET | 192.168.2.3 | 8.8.8.8 | 0xd354 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Nov 30, 2022 00:55:47.178193092 CET | 192.168.2.3 | 8.8.8.8 | 0x8af6 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Nov 30, 2022 00:55:49.289719105 CET | 192.168.2.3 | 8.8.8.8 | 0xc369 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Nov 30, 2022 00:55:51.152832031 CET | 192.168.2.3 | 8.8.8.8 | 0xe950 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Nov 30, 2022 00:55:53.393349886 CET | 192.168.2.3 | 8.8.8.8 | 0x9913 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Nov 30, 2022 00:55:55.557055950 CET | 192.168.2.3 | 8.8.8.8 | 0x2074 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Nov 30, 2022 00:55:57.444180012 CET | 192.168.2.3 | 8.8.8.8 | 0x2543 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Nov 30, 2022 00:55:58.869049072 CET | 192.168.2.3 | 8.8.8.8 | 0x92c3 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Nov 30, 2022 00:55:59.940840960 CET | 192.168.2.3 | 8.8.8.8 | 0x3488 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Nov 30, 2022 00:56:00.958663940 CET | 192.168.2.3 | 8.8.8.8 | 0x58c4 | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Nov 30, 2022 00:54:07.240958929 CET | 8.8.8.8 | 192.168.2.3 | 0x6188 | No error (0) | 95.213.216.202 | A (IP address) | IN (0x0001) | false | ||
| Nov 30, 2022 00:54:09.420834064 CET | 8.8.8.8 | 192.168.2.3 | 0x5d3b | No error (0) | 95.213.216.202 | A (IP address) | IN (0x0001) | false | ||
| Nov 30, 2022 00:54:12.468837023 CET | 8.8.8.8 | 192.168.2.3 | 0xb7e8 | No error (0) | 95.213.216.202 | A (IP address) | IN (0x0001) | false | ||
| Nov 30, 2022 00:54:14.780765057 CET | 8.8.8.8 | 192.168.2.3 | 0x4082 | No error (0) | 95.213.216.202 | A (IP address) | IN (0x0001) | false | ||
| Nov 30, 2022 00:54:16.898757935 CET | 8.8.8.8 | 192.168.2.3 | 0x22b9 | No error (0) | 95.213.216.202 | A (IP address) | IN (0x0001) | false | ||
| Nov 30, 2022 00:54:18.881309032 CET | 8.8.8.8 | 192.168.2.3 | 0xeaac | No error (0) | 95.213.216.202 | A (IP address) | IN (0x0001) | false | ||
| Nov 30, 2022 00:54:20.096685886 CET | 8.8.8.8 | 192.168.2.3 | 0x28fb | No error (0) | 95.213.216.202 | A (IP address) | IN (0x0001) | false | ||
| Nov 30, 2022 00:54:22.415709972 CET | 8.8.8.8 | 192.168.2.3 | 0xee98 | No error (0) | 95.213.216.202 | A (IP address) | IN (0x0001) | false | ||
| Nov 30, 2022 00:54:24.639362097 CET | 8.8.8.8 | 192.168.2.3 | 0x2624 | No error (0) | 95.213.216.202 | A (IP address) | IN (0x0001) | false | ||
| Nov 30, 2022 00:54:26.723373890 CET | 8.8.8.8 | 192.168.2.3 | 0x5477 | No error (0) | 95.213.216.202 | A (IP address) | IN (0x0001) | false | ||
| Nov 30, 2022 00:54:29.064884901 CET | 8.8.8.8 | 192.168.2.3 | 0xdecc | No error (0) | 95.213.216.202 | A (IP address) | IN (0x0001) | false | ||
| Nov 30, 2022 00:54:31.840390921 CET | 8.8.8.8 | 192.168.2.3 | 0x1c2d | No error (0) | 95.213.216.202 | A (IP address) | IN (0x0001) | false | ||
| Nov 30, 2022 00:54:33.781332970 CET | 8.8.8.8 | 192.168.2.3 | 0xf2e6 | No error (0) | 95.213.216.202 | A (IP address) | IN (0x0001) | false | ||
| Nov 30, 2022 00:54:35.912352085 CET | 8.8.8.8 | 192.168.2.3 | 0x1fc5 | No error (0) | 95.213.216.202 | A (IP address) | IN (0x0001) | false | ||
| Nov 30, 2022 00:54:37.897547007 CET | 8.8.8.8 | 192.168.2.3 | 0xbad | No error (0) | 95.213.216.202 | A (IP address) | IN (0x0001) | false | ||
| Nov 30, 2022 00:54:39.908864975 CET | 8.8.8.8 | 192.168.2.3 | 0x785c | No error (0) | 95.213.216.202 | A (IP address) | IN (0x0001) | false | ||
| Nov 30, 2022 00:54:41.997195005 CET | 8.8.8.8 | 192.168.2.3 | 0xabaf | No error (0) | 95.213.216.202 | A (IP address) | IN (0x0001) | false | ||
| Nov 30, 2022 00:54:43.768886089 CET | 8.8.8.8 | 192.168.2.3 | 0x692b | No error (0) | 95.213.216.202 | A (IP address) | IN (0x0001) | false | ||
| Nov 30, 2022 00:54:45.479480982 CET | 8.8.8.8 | 192.168.2.3 | 0x4377 | No error (0) | 95.213.216.202 | A (IP address) | IN (0x0001) | false | ||
| Nov 30, 2022 00:54:47.487802982 CET | 8.8.8.8 | 192.168.2.3 | 0xbe7a | No error (0) | 95.213.216.202 | A (IP address) | IN (0x0001) | false | ||
| Nov 30, 2022 00:54:49.559163094 CET | 8.8.8.8 | 192.168.2.3 | 0x9c9a | No error (0) | 95.213.216.202 | A (IP address) | IN (0x0001) | false | ||
| Nov 30, 2022 00:54:51.546144009 CET | 8.8.8.8 | 192.168.2.3 | 0xb58 | No error (0) | 95.213.216.202 | A (IP address) | IN (0x0001) | false | ||
| Nov 30, 2022 00:54:53.473742008 CET | 8.8.8.8 | 192.168.2.3 | 0xdac7 | No error (0) | 95.213.216.202 | A (IP address) | IN (0x0001) | false | ||
| Nov 30, 2022 00:54:54.668741941 CET | 8.8.8.8 | 192.168.2.3 | 0xaacd | No error (0) | 95.213.216.202 | A (IP address) | IN (0x0001) | false | ||
| Nov 30, 2022 00:54:56.395571947 CET | 8.8.8.8 | 192.168.2.3 | 0x479c | No error (0) | 95.213.216.202 | A (IP address) | IN (0x0001) | false | ||
| Nov 30, 2022 00:54:58.123743057 CET | 8.8.8.8 | 192.168.2.3 | 0xea9f | No error (0) | 95.213.216.202 | A (IP address) | IN (0x0001) | false | ||
| Nov 30, 2022 00:54:59.861439943 CET | 8.8.8.8 | 192.168.2.3 | 0x16e7 | No error (0) | 95.213.216.202 | A (IP address) | IN (0x0001) | false | ||
| Nov 30, 2022 00:55:01.613591909 CET | 8.8.8.8 | 192.168.2.3 | 0x35c4 | No error (0) | 95.213.216.202 | A (IP address) | IN (0x0001) | false | ||
| Nov 30, 2022 00:55:03.413459063 CET | 8.8.8.8 | 192.168.2.3 | 0x8db7 | No error (0) | 95.213.216.202 | A (IP address) | IN (0x0001) | false | ||
| Nov 30, 2022 00:55:05.205918074 CET | 8.8.8.8 | 192.168.2.3 | 0xa497 | No error (0) | 95.213.216.202 | A (IP address) | IN (0x0001) | false | ||
| Nov 30, 2022 00:55:06.988650084 CET | 8.8.8.8 | 192.168.2.3 | 0x67db | No error (0) | 95.213.216.202 | A (IP address) | IN (0x0001) | false | ||
| Nov 30, 2022 00:55:08.753017902 CET | 8.8.8.8 | 192.168.2.3 | 0x7db5 | No error (0) | 95.213.216.202 | A (IP address) | IN (0x0001) | false | ||
| Nov 30, 2022 00:55:10.565411091 CET | 8.8.8.8 | 192.168.2.3 | 0x1fa1 | No error (0) | 95.213.216.202 | A (IP address) | IN (0x0001) | false | ||
| Nov 30, 2022 00:55:12.396709919 CET | 8.8.8.8 | 192.168.2.3 | 0x4f02 | No error (0) | 95.213.216.202 | A (IP address) | IN (0x0001) | false | ||
| Nov 30, 2022 00:55:14.183665037 CET | 8.8.8.8 | 192.168.2.3 | 0x4ab6 | No error (0) | 95.213.216.202 | A (IP address) | IN (0x0001) | false | ||
| Nov 30, 2022 00:55:16.003206015 CET | 8.8.8.8 | 192.168.2.3 | 0x3921 | No error (0) | 95.213.216.202 | A (IP address) | IN (0x0001) | false | ||
| Nov 30, 2022 00:55:17.801747084 CET | 8.8.8.8 | 192.168.2.3 | 0xc7dc | No error (0) | 95.213.216.202 | A (IP address) | IN (0x0001) | false | ||
| Nov 30, 2022 00:55:19.582814932 CET | 8.8.8.8 | 192.168.2.3 | 0x46b9 | No error (0) | 95.213.216.202 | A (IP address) | IN (0x0001) | false | ||
| Nov 30, 2022 00:55:21.547068119 CET | 8.8.8.8 | 192.168.2.3 | 0x213 | No error (0) | 95.213.216.202 | A (IP address) | IN (0x0001) | false | ||
| Nov 30, 2022 00:55:23.385291100 CET | 8.8.8.8 | 192.168.2.3 | 0x1d07 | No error (0) | 95.213.216.202 | A (IP address) | IN (0x0001) | false | ||
| Nov 30, 2022 00:55:25.206536055 CET | 8.8.8.8 | 192.168.2.3 | 0x6e37 | No error (0) | 95.213.216.202 | A (IP address) | IN (0x0001) | false | ||
| Nov 30, 2022 00:55:27.120949030 CET | 8.8.8.8 | 192.168.2.3 | 0xea01 | No error (0) | 95.213.216.202 | A (IP address) | IN (0x0001) | false | ||
| Nov 30, 2022 00:55:29.179055929 CET | 8.8.8.8 | 192.168.2.3 | 0x4235 | No error (0) | 95.213.216.202 | A (IP address) | IN (0x0001) | false | ||
| Nov 30, 2022 00:55:31.039771080 CET | 8.8.8.8 | 192.168.2.3 | 0xa106 | No error (0) | 95.213.216.202 | A (IP address) | IN (0x0001) | false | ||
| Nov 30, 2022 00:55:32.889683008 CET | 8.8.8.8 | 192.168.2.3 | 0x86ee | No error (0) | 95.213.216.202 | A (IP address) | IN (0x0001) | false | ||
| Nov 30, 2022 00:55:34.335309029 CET | 8.8.8.8 | 192.168.2.3 | 0x2d83 | No error (0) | 95.213.216.202 | A (IP address) | IN (0x0001) | false | ||
| Nov 30, 2022 00:55:36.303749084 CET | 8.8.8.8 | 192.168.2.3 | 0xbdf8 | No error (0) | 95.213.216.202 | A (IP address) | IN (0x0001) | false | ||
| Nov 30, 2022 00:55:38.214360952 CET | 8.8.8.8 | 192.168.2.3 | 0x23f4 | No error (0) | 95.213.216.202 | A (IP address) | IN (0x0001) | false | ||
| Nov 30, 2022 00:55:40.145720959 CET | 8.8.8.8 | 192.168.2.3 | 0x856e | No error (0) | 95.213.216.202 | A (IP address) | IN (0x0001) | false | ||
| Nov 30, 2022 00:55:42.019203901 CET | 8.8.8.8 | 192.168.2.3 | 0x3a49 | No error (0) | 95.213.216.202 | A (IP address) | IN (0x0001) | false | ||
| Nov 30, 2022 00:55:43.915456057 CET | 8.8.8.8 | 192.168.2.3 | 0x4c7e | No error (0) | 95.213.216.202 | A (IP address) | IN (0x0001) | false | ||
| Nov 30, 2022 00:55:45.694405079 CET | 8.8.8.8 | 192.168.2.3 | 0xd354 | No error (0) | 95.213.216.202 | A (IP address) | IN (0x0001) | false | ||
| Nov 30, 2022 00:55:47.198072910 CET | 8.8.8.8 | 192.168.2.3 | 0x8af6 | No error (0) | 95.213.216.202 | A (IP address) | IN (0x0001) | false | ||
| Nov 30, 2022 00:55:49.307233095 CET | 8.8.8.8 | 192.168.2.3 | 0xc369 | No error (0) | 95.213.216.202 | A (IP address) | IN (0x0001) | false | ||
| Nov 30, 2022 00:55:51.172306061 CET | 8.8.8.8 | 192.168.2.3 | 0xe950 | No error (0) | 95.213.216.202 | A (IP address) | IN (0x0001) | false | ||
| Nov 30, 2022 00:55:53.412369013 CET | 8.8.8.8 | 192.168.2.3 | 0x9913 | No error (0) | 95.213.216.202 | A (IP address) | IN (0x0001) | false | ||
| Nov 30, 2022 00:55:55.574852943 CET | 8.8.8.8 | 192.168.2.3 | 0x2074 | No error (0) | 95.213.216.202 | A (IP address) | IN (0x0001) | false | ||
| Nov 30, 2022 00:55:57.463988066 CET | 8.8.8.8 | 192.168.2.3 | 0x2543 | No error (0) | 95.213.216.202 | A (IP address) | IN (0x0001) | false | ||
| Nov 30, 2022 00:55:58.886452913 CET | 8.8.8.8 | 192.168.2.3 | 0x92c3 | No error (0) | 95.213.216.202 | A (IP address) | IN (0x0001) | false | ||
| Nov 30, 2022 00:55:59.957931995 CET | 8.8.8.8 | 192.168.2.3 | 0x3488 | No error (0) | 95.213.216.202 | A (IP address) | IN (0x0001) | false | ||
| Nov 30, 2022 00:56:00.977658987 CET | 8.8.8.8 | 192.168.2.3 | 0x58c4 | No error (0) | 95.213.216.202 | A (IP address) | IN (0x0001) | false |
|
Click to jump to process
| Target ID: | 0 |
| Start time: | 00:53:56 |
| Start date: | 30/11/2022 |
| Path: | C:\Users\user\Desktop\INV.2022LB0362 FORM CO (2).exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x3d0000 |
| File size: | 865280 bytes |
| MD5 hash: | BAED30AEA51E6000571219633AA745B0 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | .Net C# or VB.NET |
| Yara matches: |
|
| Reputation: | low |
| Target ID: | 1 |
| Start time: | 00:54:03 |
| Start date: | 30/11/2022 |
| Path: | C:\Users\user\Desktop\INV.2022LB0362 FORM CO (2).exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x1d0000 |
| File size: | 865280 bytes |
| MD5 hash: | BAED30AEA51E6000571219633AA745B0 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | low |
| Target ID: | 2 |
| Start time: | 00:54:03 |
| Start date: | 30/11/2022 |
| Path: | C:\Users\user\Desktop\INV.2022LB0362 FORM CO (2).exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x360000 |
| File size: | 865280 bytes |
| MD5 hash: | BAED30AEA51E6000571219633AA745B0 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | low |
| Target ID: | 3 |
| Start time: | 00:54:03 |
| Start date: | 30/11/2022 |
| Path: | C:\Users\user\Desktop\INV.2022LB0362 FORM CO (2).exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xc70000 |
| File size: | 865280 bytes |
| MD5 hash: | BAED30AEA51E6000571219633AA745B0 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
⊘No disassembly