Edit tour
Windows
Analysis Report
SO2mdwWVvg.exe
Overview
General Information
| Sample name: | SO2mdwWVvg.exerenamed because original name is a hash value |
| Original sample name: | f3b2f1ec49bf6fbd4fe9e28fb28e526da4c7fce85ac95f835d3dc343b872075d.exe |
| Analysis ID: | 1535738 |
| MD5: | bfa844f0be57643e3ebf11690e539a75 |
| SHA1: | 8495fd0110b642c66f49e3d30c543f5c730bc206 |
| SHA256: | f3b2f1ec49bf6fbd4fe9e28fb28e526da4c7fce85ac95f835d3dc343b872075d |
| Tags: | exeimg-bilibili-buzzuser-JAMESWT_MHT |
| Infos: |  |
 | |
Detection
CobaltStrike
| Score: | 84 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected CobaltStrike
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Found direct / indirect Syscall (likely to bypass EDR)
Detected potential crypto function
HTTP GET or POST without a user agent
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
PE file contains an invalid checksum
PE file contains more sections than normal
PE file contains sections with non-standard names
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses code obfuscation techniques (call, push, ret)
Yara signature match
Classification
- System is w10x64
SO2mdwWVvg.exe (PID: 7516 cmdline: "C:\Users\ user\Deskt op\SO2mdwW Vvg.exe" MD5: BFA844F0BE57643E3EBF11690E539A75) 
conhost.exe (PID: 7524 cmdline: C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
- cleanup
| Name | Description | Attribution | Blogpost URLs | Link |
|---|---|---|---|---|
| Cobalt Strike, CobaltStrike | Cobalt Strike is a paid penetration testing product that allows an attacker to deploy an agent named 'Beacon' on the victim machine. Beacon includes a wealth of functionality to the attacker, including, but not limited to command execution, key logging, file transfer, SOCKS proxying, privilege escalation, mimikatz, port scanning and lateral movement. Beacon is in-memory/file-less, in that it consists of stageless or multi-stage shellcode that once loaded by exploiting a vulnerability or executing a shellcode loader, will reflectively load itself into the memory of a process without touching the disk. It supports C2 and staging over HTTP, HTTPS, DNS, SMB named pipes as well as forward and reverse TCP; Beacons can be daisy-chained. Cobalt Strike comes with a toolkit for developing shellcode loaders, called Artifact Kit.The Beacon implant has become popular amongst targeted attackers and criminal users as it is well written, stable, and highly customizable. |
{"BeaconType": ["HTTPS"], "Port": 2096, "SleepTime": 45000, "MaxGetSize": 1403644, "Jitter": 37, "MaxDNS": "Not Found", "C2Server": "img.bilibili.buzz,/jquery-3.3.1.min.js", "UserAgent": "Not Found", "HttpPostUri": "Not Found", "Malleable_C2_Instructions": "Not Found", "HttpGet_Metadata": "Not Found", "HttpPost_Metadata": "Not Found", "PipeName": "Not Found", "DNS_Idle": "Not Found", "DNS_Sleep": "Not Found", "SSH_Host": "Not Found", "SSH_Port": "Not Found", "SSH_Username": "Not Found", "SSH_Password_Plaintext": "Not Found", "SSH_Password_Pubkey": "Not Found", "HttpGet_Verb": "GET", "HttpPost_Verb": "POST", "HttpPostChunk": 0, "Spawnto_x86": "%windir%\\syswow64\\dllhost.exe", "Spawnto_x64": "%windir%\\sysnative\\dllhost.exe", "CryptoScheme": 0, "Proxy_Config": "Not Found", "Proxy_User": "Not Found", "Proxy_Password": "Not Found", "Proxy_Behavior": "Not Found", "Watermark": 100000000, "bStageCleanup": "True", "bCFGCaution": "False", "KillDate": "Not Found", "bProcInject_StartRWX": "Not Found", "bProcInject_UseRWX": "Not Found", "bProcInject_MinAllocSize": "Not Found", "ProcInject_PrependAppend_x86": "Not Found", "ProcInject_PrependAppend_x64": "Not Found", "ProcInject_Execute": "Not Found", "ProcInject_AllocationMethod": "Not Found", "bUsesCookies": "Not Found", "HostHeader": "Not Found"}| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_CobaltStrike_3 | Yara detected CobaltStrike | Joe Security | ||
| Windows_Trojan_CobaltStrike_f0b627fc | Rule for beacon reflective loader | unknown |
| |
| JoeSecurity_CobaltStrike_3 | Yara detected CobaltStrike | Joe Security | ||
| Windows_Trojan_CobaltStrike_663fc95d | Identifies CobaltStrike via unidentified function code | unknown |
| |
| Windows_Trojan_CobaltStrike_b54b94ac | Rule for beacon sleep obfuscation routine | unknown |
| |
| Click to see the 3 entries | ||||
⊘No Sigma rule has matched
⊘No Suricata rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | Malware Configuration Extractor: | ||
| Source: | ReversingLabs: | ||
| Source: | Integrated Neural Analysis Model: | ||
| Source: | Static PE information: | ||
Networking | |
|---|
| Source: | URLs: | ||
| Source: | HTTP traffic detected: | ||
| Source: | IP Address: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
System Summary | |
|---|
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Code function: | 0_2_000001DDE60FFC3E | |
| Source: | Code function: | 0_2_000001DDE60FFDD6 | |
| Source: | Code function: | 0_2_000001DDE610D384 | |
| Source: | Code function: | 0_2_000001DDE610C888 | |
| Source: | Code function: | 0_2_000001DDE61180B0 | |
| Source: | Code function: | 0_2_000001DDE610C11C | |
| Source: | Code function: | 0_2_000001DDE610A708 | |
| Source: | Code function: | 0_2_000001DDE6117740 | |
| Source: | Code function: | 0_2_000001DDE6104820 | |
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Classification label: | ||
| Source: | Mutant created: | ||
| Source: | Static PE information: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | ReversingLabs: | ||
| Source: | String found in binary or memory: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static file information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 0_3_000001DDE5E04C0F | |
| Source: | Code function: | 0_3_000001DDE5E003A6 | |
| Source: | Code function: | 0_3_000001DDE5E07322 | |
| Source: | Code function: | 0_3_000001DDE5E05ABE | |
| Source: | Code function: | 0_3_000001DDE5E072EE | |
| Source: | Code function: | 0_3_000001DDE5E04AD8 | |
| Source: | Code function: | 0_3_000001DDE5E06269 | |
| Source: | Code function: | 0_3_000001DDE5E05E33 | |
| Source: | Code function: | 0_3_000001DDE5E084A5 | |
| Source: | Code function: | 0_3_000001DDE5E0449E | |
| Source: | Code function: | 0_3_000001DDE5E08476 | |
| Source: | Code function: | 0_3_000001DDE5E057AA | |
| Source: | Code function: | 0_3_000001DDE5E0679A | |
| Source: | Code function: | 0_3_000001DDE5E057AA | |
| Source: | Code function: | 0_3_000001DDE5E0679A | |
| Source: | Code function: | 0_3_000001DDE5E04172 | |
| Source: | Code function: | 0_3_000001DDE5E0791E | |
| Source: | Code function: | 0_2_000001DDE60FAD59 | |
| Source: | Code function: | 0_2_000001DDE6106A4B | |
| Source: | Code function: | 0_2_000001DDE60F935E | |
| Source: | Code function: | 0_2_000001DDE6115BBC | |
| Source: | Code function: | 0_2_000001DDE6115BDC | |
| Source: | Code function: | 0_2_000001DDE6115C05 | |
| Source: | Code function: | 0_2_000001DDE60F971F | |
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Last function: | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Memory allocated: | Jump to behavior | ||
HIPS / PFW / Operating System Protection Evasion | |
|---|
| Source: | NtDeviceIoControlFile: | Jump to behavior | ||
| Source: | NtCreateFile: | Jump to behavior | ||
| Source: | Code function: | 0_2_000001DDE6102FA8 | |
| Source: | Key value queried: | Jump to behavior | ||
Remote Access Functionality | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Command and Scripting Interpreter | 1 DLL Side-Loading | 1 Process Injection | 1 Disable or Modify Tools | OS Credential Dumping | 1 Security Software Discovery | Remote Services | 1 Archive Collected Data | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 Abuse Elevation Control Mechanism | 11 Virtualization/Sandbox Evasion | LSASS Memory | 11 Virtualization/Sandbox Evasion | Remote Desktop Protocol | Data from Removable Media | 1 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 1 DLL Side-Loading | 1 Process Injection | Security Account Manager | 1 Account Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 2 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Abuse Elevation Control Mechanism | NTDS | 1 System Owner/User Discovery | Distributed Component Object Model | Input Capture | 12 Application Layer Protocol | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Obfuscated Files or Information | LSA Secrets | 2 System Information Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
| Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 DLL Side-Loading | Cached Domain Credentials | Wi-Fi Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 37% | ReversingLabs | Win64.Backdoor.Cobeacon |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| sgp.file.myqcloud.com | 43.152.64.207 | true | false | unknown | |
| img.bilibili.buzz | unknown | unknown | true | unknown | |
| 18.31.95.13.in-addr.arpa | unknown | unknown | true | unknown | |
| intl-web-1305970982.cos.ap-singapore.myqcloud.com | unknown | unknown | true | unknown |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| true | unknown |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 43.152.64.207 | sgp.file.myqcloud.com | Japan | 4249 | LILLY-ASUS | false |
| Joe Sandbox version: | 41.0.0 Charoite |
| Analysis ID: | 1535738 |
| Start date and time: | 2024-10-17 09:19:14 +02:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 5m 50s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Run name: | Run with higher sleep bypass |
| Number of analysed new started processes analysed: | 22 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | SO2mdwWVvg.exerenamed because original name is a hash value |
| Original Sample Name: | f3b2f1ec49bf6fbd4fe9e28fb28e526da4c7fce85ac95f835d3dc343b872075d.exe |
| Detection: | MAL |
| Classification: | mal84.troj.evad.winEXE@2/0@8/1 |
| EGA Information: |
|
| HCA Information: | Failed |
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
- Excluded domains from analysis (whitelisted): www.bing.com, fs.microsoft.com, slscr.update.microsoft.com, otelrules.azureedge.net, login.live.com, ctldl.windowsupdate.com, tse1.mm.bing.net, g.bing.com, arc.msn.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtQueryValueKey calls found.
- Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
- VT rate limit hit for: SO2mdwWVvg.exe
⊘No simulations
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 43.152.64.207 | Get hash | malicious | CobaltStrike | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| sgp.file.myqcloud.com | Get hash | malicious | CobaltStrike | Browse |
| |
| Get hash | malicious | CobaltStrike | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| LILLY-ASUS | Get hash | malicious | Mirai | Browse |
| |
| Get hash | malicious | CobaltStrike | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | CobaltStrike | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai, Gafgyt | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai, Gafgyt | Browse |
|
⊘No context
⊘No context
⊘No created / dropped files found
| File type: | |
| Entropy (8bit): | 6.39827836007752 |
| TrID: |
|
| File name: | SO2mdwWVvg.exe |
| File size: | 8'063'016 bytes |
| MD5: | bfa844f0be57643e3ebf11690e539a75 |
| SHA1: | 8495fd0110b642c66f49e3d30c543f5c730bc206 |
| SHA256: | f3b2f1ec49bf6fbd4fe9e28fb28e526da4c7fce85ac95f835d3dc343b872075d |
| SHA512: | c527259c31068ce4bcba4f88bd8f99745d43c4809b8c75f6242eccfa712bf2fcbf3e785294c94f65ee23397d44dda74b1ec02cc9b9a76e059b608d31c11c8317 |
| SSDEEP: | 49152:u/byhpYcDbYtlxFbY2zU6AoF01ms886E4xkkrtCMcrY0Eqh88RwTAJx6ZXdl71KB:eyoaZl3sqbwEJOfcOm4ZW |
| TLSH: | 8F869D13E9946AF4D4ABCA34812F63317B317A9DD7108BB30A75C3716F52291EF0BA58 |
| File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d......g..z..U....&....&..)...P................@..............................{....../....`... ............................ |
 | |
| Icon Hash: | 0000000000000000 |
| Entrypoint: | 0x1400014d0 |
| Entrypoint Section: | .text |
| Digitally signed: | true |
| Imagebase: | 0x140000000 |
| Subsystem: | windows cui |
| Image File Characteristics: | EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LARGE_ADDRESS_AWARE |
| DLL Characteristics: | HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT |
| Time Stamp: | 0x6708D41F [Fri Oct 11 07:30:39 2024 UTC] |
| TLS Callbacks: | 0x40254570, 0x1, 0x4029eff0, 0x1, 0x4029efc0, 0x1 |
| CLR (.Net) Version: | |
| OS Version Major: | 4 |
| OS Version Minor: | 0 |
| File Version Major: | 4 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 4 |
| Subsystem Version Minor: | 0 |
| Import Hash: | 68496f0ecf5dcf9ad868bebe595b3bbb |
| Signature Valid: | false |
| Signature Issuer: | CN=Microsoft Code Signing PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
| Signature Validation Error: | The digital signature of the object did not verify |
| Error Number: | -2146869232 |
| Not Before, Not After |
|
| Subject Chain |
|
| Version: | 3 |
| Thumbprint MD5: | 87AC6386A8291ECF334EB3022D315F82 |
| Thumbprint SHA-1: | 05A822642CF64464460CB4684FF11C7F476873CA |
| Thumbprint SHA-256: | 36305D4DDFD4756D17FCDFB742FD2031A3D5133BCE34BD8E3080BC803AE44D0B |
| Serial: | 33000003A54111E8F07FBE0B750000000003A5 |
| Instruction |
|---|
| dec eax |
| sub esp, 28h |
| dec eax |
| mov eax, dword ptr [00397365h] |
| mov dword ptr [eax], 00000000h |
| call 00007F500C7EB7DFh |
| nop |
| nop |
| dec eax |
| add esp, 28h |
| ret |
| nop dword ptr [eax] |
| dec eax |
| sub esp, 28h |
| call 00007F500CA894E4h |
| dec eax |
| test eax, eax |
| sete al |
| movzx eax, al |
| neg eax |
| dec eax |
| add esp, 28h |
| ret |
| nop |
| nop |
| nop |
| nop |
| nop |
| nop |
| nop |
| push esi |
| push edi |
| dec eax |
| sub esp, 28h |
| dec eax |
| mov esi, dword ptr [ecx] |
| dec eax |
| test esi, esi |
| je 00007F500C7EBB8Dh |
| dec eax |
| mov ecx, esi |
| call 00007F500C99370Fh |
| dec eax |
| mov eax, dword ptr [esi+10h] |
| dec eax |
| dec dword ptr [eax] |
| jne 00007F500C7EBB4Bh |
| dec eax |
| lea ecx, dword ptr [esi+10h] |
| call 00007F500C7ECDACh |
| dec eax |
| cmp dword ptr [esi+18h], 00000000h |
| je 00007F500C7EBB52h |
| dec eax |
| mov eax, dword ptr [esi+40h] |
| dec eax |
| test eax, eax |
| je 00007F500C7EBB49h |
| dec eax |
| mov ecx, dword ptr [esi+48h] |
| call dword ptr [eax+18h] |
| mov edx, 00000070h |
| inc ecx |
| mov eax, 00000008h |
| dec eax |
| mov ecx, esi |
| dec eax |
| add esp, 28h |
| pop edi |
| pop esi |
| jmp 00007F500C7F0EACh |
| nop |
| dec eax |
| add esp, 28h |
| pop edi |
| pop esi |
| ret |
| dec eax |
| mov edi, eax |
| jmp 00007F500C7EBB74h |
| dec eax |
| mov edi, eax |
| jmp 00007F500C7EBB58h |
| dec eax |
| mov edi, eax |
| dec eax |
| mov eax, dword ptr [esi+10h] |
| dec eax |
| dec dword ptr [eax] |
| jne 00007F500C7EBB4Bh |
| dec eax |
| lea ecx, dword ptr [esi+10h] |
| call 00007F500C7ECD54h |
| dec eax |
| cmp dword ptr [esi+18h], 00000000h |
| je 00007F500C7EBB52h |
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0x3ed000 | 0x29a4 | .idata |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x3f2000 | 0x4a0 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x399000 | 0x14898 | .pdata |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x7ae000 | 0x2828 | /113 |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x3f3000 | 0x6ae0 | .reloc |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x398480 | 0x28 | .rdata |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x3ed948 | 0x858 | .idata |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0x29f0a8 | 0x29f200 | 259b974f0ee51784bf597efc48bbbbbe | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .data | 0x2a1000 | 0x4b20 | 0x4c00 | abdfe15562c55b90f2caf4c50a108ef8 | False | 0.19413034539473684 | data | 3.042317915133944 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .rdata | 0x2a6000 | 0xf2940 | 0xf2a00 | 790c81429cc4502e5f79bf85173aa8bb | False | 0.39405831401339514 | 8086 relocatable (Microsoft), "\001", 1st record data length 46, 2nd record type 0x72, 2nd record data length 28530 | 5.804525344969575 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .pdata | 0x399000 | 0x14898 | 0x14a00 | 35892e9354d3515e9ba22c5b66ff4452 | False | 0.5371803977272728 | data | 6.285541568397713 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .xdata | 0x3ae000 | 0x3d1f8 | 0x3d200 | 5596f7921b7cbb1e5f7896c46d3fd1fa | False | 0.3804999041411043 | data | 5.482057773775184 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .bss | 0x3ec000 | 0x35c | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .idata | 0x3ed000 | 0x29a4 | 0x2a00 | 27e40ce0f006a359416d45289b69f5ba | False | 0.26209077380952384 | data | 4.4450782274129645 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .CRT | 0x3f0000 | 0x70 | 0x200 | eccf70b44811bcc4f44c36459f577362 | False | 0.08984375 | data | 0.4965832874032078 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .tls | 0x3f1000 | 0x10 | 0x200 | bf619eac0cdf3f68d496ea9344137e8b | False | 0.02734375 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .rsrc | 0x3f2000 | 0x4a0 | 0x600 | f106952f55bc10f0d669c8c5041ac8e9 | False | 0.3131510416666667 | data | 3.7177162859354107 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .reloc | 0x3f3000 | 0x6ae0 | 0x6c00 | a005c052707dc9389c58deea863a8fd8 | False | 0.3851634837962963 | data | 5.448662938188895 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
| /4 | 0x3fa000 | 0x260 | 0x400 | 8517538435369095b38cab16045a1774 | False | 0.189453125 | data | 1.666147721952265 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
| /19 | 0x3fb000 | 0x9b4d6 | 0x9b600 | 5ad3a155317bf826b2f573486a2a6b6d | False | 0.12735694891391794 | MIPSEB Ucode | 5.0979263844548415 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
| /35 | 0x497000 | 0xe2609 | 0xe2800 | ce446b3f6eb446b7db86fce6ead5e19f | False | 0.3802579159768212 | data | 5.526268967684696 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
| /47 | 0x57a000 | 0x13f1 | 0x1400 | 937541e4121ed480a0a0fa607719bf64 | False | 0.2408203125 | data | 4.899277134046503 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
| /61 | 0x57c000 | 0x5b404 | 0x5b600 | 9d0f11493c72314e3e042d7b0897aa00 | False | 0.3966339988030096 | data | 5.962573754446139 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
| /73 | 0x5d8000 | 0x2e0 | 0x400 | 85316995ff793b87845b81d67872b184 | False | 0.3447265625 | data | 2.880882175766859 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
| /86 | 0x5d9000 | 0x15106b | 0x151200 | deef478bf5fb15e418fc3e2de1d539cf | False | 0.17364852729885058 | data | 5.384084445449517 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
| /97 | 0x72b000 | 0x10e | 0x200 | 5c08cacbdf4071bce793c7c0e033b7a4 | False | 0.244140625 | data | 1.6221371847887087 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
| /113 | 0x72c000 | 0x8eab0 | 0x8ec00 | b62a07db96f4a7c8651b2eb44ed6f7a8 | False | 0.10461532672942207 | data | 2.4961799056096816 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
| /127 | 0x7bb000 | 0x3e9 | 0x400 | 55ab218550afaef32cf682ad9b627bb9 | False | 0.5302734375 | data | 4.566407064601656 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
| /143 | 0x7bc000 | 0x17 | 0x200 | b2332f3b7c1b892bb88709de3af56034 | False | 0.064453125 | Spectrum .TAP data "\005 " - BASIC program | 0.2475781363955928 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
|---|---|---|---|---|---|---|
| RT_ICON | 0x3f20e8 | 0x30 | Device independent bitmap graphic, 1 x 2 x 24, image size 0, resolution 96 x 96 px/m | English | United States | 0.6041666666666666 |
| RT_GROUP_ICON | 0x3f2118 | 0x14 | data | English | United States | 1.05 |
| RT_VERSION | 0x3f212c | 0x374 | data | English | United States | 0.4095022624434389 |
| DLL | Import |
|---|---|
| KERNEL32.dll | DeleteCriticalSection, EnterCriticalSection, InitializeCriticalSection, LeaveCriticalSection, RaiseException, RtlUnwindEx, VirtualProtect, VirtualQuery, __C_specific_handler |
| msvcrt.dll | __getmainargs, __initenv, __iob_func, __set_app_type, __setusermatherr, _acmdln, _amsg_exit, _cexit, _commode, _fmode, _fpreset, _initterm, _onexit, abort, calloc, exit, fprintf, free, fwrite, malloc, memcmp, memcpy, memmove, memset, signal, strlen, strncmp, vfprintf |
| advapi32.dll | CryptAcquireContextW, CryptDestroyKey, CryptImportKey, CryptReleaseContext, OpenProcessToken, RegCloseKey, RegEnumKeyExW, RegEnumValueW, RegOpenKeyExW, RegQueryInfoKeyW, RegQueryValueExW, SystemFunction036 |
| bcrypt.dll | BCryptGenRandom |
| crypt32.dll | CertAddCertificateContextToStore, CertAddEncodedCTLToStore, CertAddEncodedCertificateToStore, CertCloseStore, CertCreateCTLEntryFromCertificateContextProperties, CertCreateCertificateContext, CertDeleteCertificateFromStore, CertDuplicateCertificateChain, CertDuplicateCertificateContext, CertDuplicateStore, CertEnumCertificatesInStore, CertFreeCTLContext, CertFreeCertificateChain, CertFreeCertificateContext, CertGetCertificateChain, CertGetCertificateContextProperty, CertGetEnhancedKeyUsage, CertOpenStore, CertSetCertificateContextProperty, CertVerifyCertificateChainPolicy, CertVerifyTimeValidity, CryptAcquireCertificatePrivateKey, CryptBinaryToStringA, CryptDecodeObjectEx, CryptEncodeObjectEx, CryptHashCertificate, CryptMsgEncodeAndSignCTL, CryptStringToBinaryA, PFXExportCertStore, PFXImportCertStore |
| kernel32.dll | AcquireSRWLockExclusive, AcquireSRWLockShared, AddVectoredExceptionHandler, CancelIo, CancelIoEx, CloseHandle, CompareStringOrdinal, ConnectNamedPipe, CopyFileExW, CreateDirectoryW, CreateEventW, CreateFileMappingA, CreateFileW, CreateHardLinkW, CreateIoCompletionPort, CreateNamedPipeW, CreateProcessW, CreateSymbolicLinkW, CreateThread, CreateToolhelp32Snapshot, CreateWaitableTimerExW, DeleteFileW, DeleteProcThreadAttributeList, DeviceIoControl, DisconnectNamedPipe, DuplicateHandle, ExitProcess, FileTimeToSystemTime, FindClose, FindFirstFileW, FindNextFileW, FlushFileBuffers, FormatMessageW, FreeConsole, FreeEnvironmentStringsW, FreeLibrary, GetCommandLineW, GetConsoleMode, GetCurrentDirectoryW, GetCurrentProcess, GetCurrentProcessId, GetCurrentThread, GetEnvironmentStringsW, GetEnvironmentVariableW, GetExitCodeProcess, GetFileAttributesW, GetFileInformationByHandle, GetFileInformationByHandleEx, GetFileType, GetFinalPathNameByHandleW, GetFullPathNameW, GetLastError, GetModuleFileNameW, GetModuleHandleA, GetModuleHandleExW, GetModuleHandleW, GetNamedPipeInfo, GetOverlappedResult, GetProcAddress, GetProcessHeap, GetProcessId, GetQueuedCompletionStatusEx, GetStartupInfoA, GetStdHandle, GetSystemDirectoryW, GetSystemInfo, GetSystemTimeAsFileTime, GetTempPathW, GetWindowsDirectoryW, HeapAlloc, HeapFree, HeapReAlloc, InitOnceBeginInitialize, InitOnceComplete, InitializeProcThreadAttributeList, LoadLibraryExW, LocalFree, MapViewOfFile, Module32FirstW, Module32NextW, MoveFileExW, MultiByteToWideChar, PostQueuedCompletionStatus, QueryPerformanceCounter, QueryPerformanceFrequency, ReadConsoleW, ReadFile, ReadFileEx, ReleaseSRWLockExclusive, ReleaseSRWLockShared, RemoveDirectoryW, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, SetCurrentDirectoryW, SetEnvironmentVariableW, SetFileAttributesW, SetFileCompletionNotificationModes, SetFileInformationByHandle, SetFilePointerEx, SetFileTime, SetHandleInformation, SetLastError, SetThreadErrorMode, SetThreadStackGuarantee, SetUnhandledExceptionFilter, SetWaitableTimer, Sleep, SleepConditionVariableSRW, SleepEx, SwitchToThread, TerminateProcess, TlsAlloc, TlsFree, TlsGetValue, TlsSetValue, TryAcquireSRWLockExclusive, UnmapViewOfFile, UpdateProcThreadAttribute, WaitForMultipleObjects, WaitForSingleObject, WakeAllConditionVariable, WakeConditionVariable, WideCharToMultiByte, WriteConsoleW, WriteFile, WriteFileEx |
| ncrypt.dll | NCryptFreeObject |
| ntdll.dll | NtCancelIoFileEx, NtCreateFile, NtDeviceIoControlFile, NtReadFile, NtWriteFile, RtlNtStatusToDosError |
| secur32.dll | AcceptSecurityContext, AcquireCredentialsHandleA, ApplyControlToken, DecryptMessage, DeleteSecurityContext, EncryptMessage, FreeContextBuffer, FreeCredentialsHandle, InitializeSecurityContextW, QueryContextAttributesW |
| userenv.dll | GetUserProfileDirectoryW |
| ws2_32.dll | WSACleanup, WSADuplicateSocketW, WSAGetLastError, WSAIoctl, WSAPoll, WSARecv, WSARecvFrom, WSASend, WSASendMsg, WSASendTo, WSASocketW, WSAStartup, accept, bind, closesocket, connect, freeaddrinfo, getaddrinfo, getpeername, getsockname, getsockopt, ioctlsocket, listen, recv, recvfrom, select, send, sendto, setsockopt, shutdown, socket |
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| English | United States |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Oct 17, 2024 09:20:09.474390030 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:10.489583015 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:12.489402056 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:12.552901030 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:12.552984953 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:12.554409981 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:12.621756077 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.010185957 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.010201931 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.010215044 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.010277987 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:14.011647940 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.011661053 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.011674881 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.011697054 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.011697054 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:14.011709929 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.011759996 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:14.013746023 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.014390945 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.014444113 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:14.073034048 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.073271990 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.073421955 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:14.075500011 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.130038023 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:14.136027098 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.136408091 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.136461020 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:14.138334036 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.139184952 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.139240026 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:14.139455080 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.143654108 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.143713951 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:14.143954039 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.148262024 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.148366928 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.148396969 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:14.152873039 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.152950048 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:14.153166056 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.178956032 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.179002047 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:14.179116964 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.181169987 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.181226015 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:14.258101940 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.258120060 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.258187056 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:14.260317087 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.260473967 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.260521889 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:14.264842033 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.264962912 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.265005112 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:14.269493103 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.269685030 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.269737005 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:14.273967028 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.274333954 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.274388075 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:14.299896002 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.300091982 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.300154924 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:14.302083015 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.302232981 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.302314043 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:14.376188993 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.376208067 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.376281023 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:14.378463984 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.379154921 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.379184961 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.379256964 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:14.383789062 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.383802891 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.383852005 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:14.388273954 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.388366938 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:14.388525009 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.393016100 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.393026114 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.393079996 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:14.422168016 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.422180891 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.422239065 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:14.424371958 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.424382925 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.424410105 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:14.473774910 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:14.500545025 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.500740051 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.500780106 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:14.502880096 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.503104925 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.503149986 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:14.507272005 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.507632017 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.507674932 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:14.511934996 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.512203932 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.512279034 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:14.516408920 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.516474962 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.516522884 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:14.520873070 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.540225029 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.540292025 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:14.540437937 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.542519093 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.542653084 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.542684078 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:14.583144903 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:14.624803066 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.624819040 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.624872923 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:14.627089024 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.627101898 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.627291918 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:14.631344080 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.631931067 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.632055044 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:14.635988951 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.636002064 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.636054039 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:14.640523911 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.640675068 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.640727043 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:14.645210028 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.671565056 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.671577930 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.671610117 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:14.674298048 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.674340010 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:14.674741030 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.723788977 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:14.756458998 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.756572008 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.756613970 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:14.758757114 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.759042978 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.759093046 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:14.763407946 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.763676882 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.763726950 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:14.767992973 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.768266916 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.768315077 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:14.772485971 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.772512913 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.772556067 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:14.777024031 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.784396887 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.784449100 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:14.784614086 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.786612988 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.786674023 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:14.786839962 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.791220903 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.791270971 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:14.864634991 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.864960909 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.865016937 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:14.866926908 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.867803097 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.867849112 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:14.868051052 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.872289896 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.872302055 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.872353077 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:14.882941008 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.882997990 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.883013010 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:14.885217905 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.885267019 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:14.885485888 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.889797926 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.889847994 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:14.908303022 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.908355951 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.908586025 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:14.911048889 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.911158085 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.911226034 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:14.914199114 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.914211988 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.914275885 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:14.918848991 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.973779917 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:14.993720055 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.993829966 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.993875027 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:14.995956898 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.996138096 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:14.996196032 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:14.999993086 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.008821964 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.008871078 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:15.008961916 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.010898113 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.010948896 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:15.011094093 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.014986992 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.015041113 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:15.032727003 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.032882929 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.033024073 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:15.034739971 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.034849882 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.034904957 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:15.038944006 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.075993061 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.076316118 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:15.076390028 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.078063011 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.078124046 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:15.110894918 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.111148119 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.111206055 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:15.112896919 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.114130020 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.114200115 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:15.114351988 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.117758036 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.117820024 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:15.129321098 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.129662037 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.129718065 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:15.131431103 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.131608009 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.131659985 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:15.135636091 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.149697065 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.149751902 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.149775982 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:15.151823997 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.151885986 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:15.152015924 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.155833006 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.155950069 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:15.194989920 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.195003033 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.196971893 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:15.197199106 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.197211027 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.197258949 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:15.231220007 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.231977940 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.232037067 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:15.232806921 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.234599113 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.234668970 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:15.235084057 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.236710072 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.236763000 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:15.248104095 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.248311043 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.248362064 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:15.249912024 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.250490904 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.250562906 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:15.250565052 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.253842115 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.253894091 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:15.272556067 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.272898912 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.272954941 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:15.274291992 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.274516106 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.274563074 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:15.277667999 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.315021038 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.315128088 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:15.315215111 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.316839933 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.316901922 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:15.350475073 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.350497007 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.351186991 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:15.352349997 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.352456093 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.352551937 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:15.354708910 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.354888916 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.354948044 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:15.358042002 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.365705013 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.365719080 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.365816116 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:15.367302895 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.367408991 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:15.370332003 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.370594978 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.370647907 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:15.372054100 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.391940117 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.391952991 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.393524885 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.393642902 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:15.393781900 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.397034883 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.399187088 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:15.434655905 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.434964895 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.435045004 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:15.436311960 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.470752954 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.470882893 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:15.471050978 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.472388983 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.472400904 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.472455978 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:15.475425005 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.475487947 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:15.476531029 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.476583958 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.476670027 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:15.479664087 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.493354082 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.493498087 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.494771957 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:15.494931936 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.494995117 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:15.495034933 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.498025894 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.498087883 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:15.516654968 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.516666889 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.516721964 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:15.518219948 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.518358946 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.518460989 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:15.521346092 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.558572054 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.558584929 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.558629036 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:15.559842110 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.560971022 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:15.598355055 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.598367929 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.598434925 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:15.599827051 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.600153923 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.600223064 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:15.603171110 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.604146004 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.604157925 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.604206085 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:15.607152939 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.607978106 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:15.615247011 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.615259886 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.615304947 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:15.616730928 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.616743088 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.616796017 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:15.619772911 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.623049021 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.623061895 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.623146057 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:15.624564886 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.628967047 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:15.648581982 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.648844004 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.650156021 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.650284052 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.650350094 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:15.653276920 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.691080093 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.691207886 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.691250086 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:15.691617966 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Oct 17, 2024 09:20:15.737890005 CEST | 80 | 49735 | 43.152.64.207 | 192.168.2.4 |
| Oct 17, 2024 09:20:15.737961054 CEST | 49735 | 80 | 192.168.2.4 | 43.152.64.207 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Oct 17, 2024 09:20:09.095582962 CEST | 49828 | 53 | 192.168.2.4 | 1.1.1.1 |
| Oct 17, 2024 09:20:09.468378067 CEST | 53 | 49828 | 1.1.1.1 | 192.168.2.4 |
| Oct 17, 2024 09:20:16.122220039 CEST | 61799 | 53 | 192.168.2.4 | 1.1.1.1 |
| Oct 17, 2024 09:20:16.173314095 CEST | 53 | 61799 | 1.1.1.1 | 192.168.2.4 |
| Oct 17, 2024 09:20:40.230952978 CEST | 53 | 49762 | 162.159.36.2 | 192.168.2.4 |
| Oct 17, 2024 09:20:40.855911016 CEST | 52168 | 53 | 192.168.2.4 | 1.1.1.1 |
| Oct 17, 2024 09:20:40.863260984 CEST | 53 | 52168 | 1.1.1.1 | 192.168.2.4 |
| Oct 17, 2024 09:20:45.225013018 CEST | 59364 | 53 | 192.168.2.4 | 1.1.1.1 |
| Oct 17, 2024 09:20:45.235436916 CEST | 53 | 59364 | 1.1.1.1 | 192.168.2.4 |
| Oct 17, 2024 09:21:20.022018909 CEST | 63610 | 53 | 192.168.2.4 | 1.1.1.1 |
| Oct 17, 2024 09:21:20.030700922 CEST | 53 | 63610 | 1.1.1.1 | 192.168.2.4 |
| Oct 17, 2024 09:22:00.634013891 CEST | 55974 | 53 | 192.168.2.4 | 1.1.1.1 |
| Oct 17, 2024 09:22:00.641715050 CEST | 53 | 55974 | 1.1.1.1 | 192.168.2.4 |
| Oct 17, 2024 09:22:37.459774971 CEST | 60050 | 53 | 192.168.2.4 | 1.1.1.1 |
| Oct 17, 2024 09:22:37.467211008 CEST | 53 | 60050 | 1.1.1.1 | 192.168.2.4 |
| Oct 17, 2024 09:23:08.835302114 CEST | 50937 | 53 | 192.168.2.4 | 1.1.1.1 |
| Oct 17, 2024 09:23:08.845695972 CEST | 53 | 50937 | 1.1.1.1 | 192.168.2.4 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Oct 17, 2024 09:20:09.095582962 CEST | 192.168.2.4 | 1.1.1.1 | 0x9858 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Oct 17, 2024 09:20:16.122220039 CEST | 192.168.2.4 | 1.1.1.1 | 0xbe63 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Oct 17, 2024 09:20:40.855911016 CEST | 192.168.2.4 | 1.1.1.1 | 0x35e2 | Standard query (0) | PTR (Pointer record) | IN (0x0001) | false | |
| Oct 17, 2024 09:20:45.225013018 CEST | 192.168.2.4 | 1.1.1.1 | 0xd2d1 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Oct 17, 2024 09:21:20.022018909 CEST | 192.168.2.4 | 1.1.1.1 | 0xa291 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Oct 17, 2024 09:22:00.634013891 CEST | 192.168.2.4 | 1.1.1.1 | 0x4f15 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Oct 17, 2024 09:22:37.459774971 CEST | 192.168.2.4 | 1.1.1.1 | 0x507 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Oct 17, 2024 09:23:08.835302114 CEST | 192.168.2.4 | 1.1.1.1 | 0x85ac | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Oct 17, 2024 09:20:09.468378067 CEST | 1.1.1.1 | 192.168.2.4 | 0x9858 | No error (0) | sgp.file.myqcloud.com | CNAME (Canonical name) | IN (0x0001) | false | ||
| Oct 17, 2024 09:20:09.468378067 CEST | 1.1.1.1 | 192.168.2.4 | 0x9858 | No error (0) | 43.152.64.207 | A (IP address) | IN (0x0001) | false | ||
| Oct 17, 2024 09:20:09.468378067 CEST | 1.1.1.1 | 192.168.2.4 | 0x9858 | No error (0) | 43.153.232.151 | A (IP address) | IN (0x0001) | false | ||
| Oct 17, 2024 09:20:09.468378067 CEST | 1.1.1.1 | 192.168.2.4 | 0x9858 | No error (0) | 43.153.232.152 | A (IP address) | IN (0x0001) | false | ||
| Oct 17, 2024 09:20:09.468378067 CEST | 1.1.1.1 | 192.168.2.4 | 0x9858 | No error (0) | 43.152.64.193 | A (IP address) | IN (0x0001) | false | ||
| Oct 17, 2024 09:20:16.173314095 CEST | 1.1.1.1 | 192.168.2.4 | 0xbe63 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
| Oct 17, 2024 09:20:40.863260984 CEST | 1.1.1.1 | 192.168.2.4 | 0x35e2 | Name error (3) | none | none | PTR (Pointer record) | IN (0x0001) | false | |
| Oct 17, 2024 09:20:45.235436916 CEST | 1.1.1.1 | 192.168.2.4 | 0xd2d1 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
| Oct 17, 2024 09:21:20.030700922 CEST | 1.1.1.1 | 192.168.2.4 | 0xa291 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
| Oct 17, 2024 09:22:00.641715050 CEST | 1.1.1.1 | 192.168.2.4 | 0x4f15 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
| Oct 17, 2024 09:22:37.467211008 CEST | 1.1.1.1 | 192.168.2.4 | 0x507 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
| Oct 17, 2024 09:23:08.845695972 CEST | 1.1.1.1 | 192.168.2.4 | 0x85ac | Name error (3) | none | none | A (IP address) | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.4 | 49735 | 43.152.64.207 | 80 | 7516 | C:\Users\user\Desktop\SO2mdwWVvg.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Oct 17, 2024 09:20:12.554409981 CEST | 104 | OUT | |
| Oct 17, 2024 09:20:14.010185957 CEST | 1236 | IN | |
| Oct 17, 2024 09:20:14.010201931 CEST | 1236 | IN | |
| Oct 17, 2024 09:20:14.010215044 CEST | 408 | IN | |
| Oct 17, 2024 09:20:14.011647940 CEST | 1236 | IN | |
| Oct 17, 2024 09:20:14.011661053 CEST | 1236 | IN | |
| Oct 17, 2024 09:20:14.011674881 CEST | 1236 | IN | |
| Oct 17, 2024 09:20:14.011697054 CEST | 1236 | IN | |
| Oct 17, 2024 09:20:14.011709929 CEST | 816 | IN | |
| Oct 17, 2024 09:20:14.013746023 CEST | 1236 | IN | |
| Oct 17, 2024 09:20:14.014390945 CEST | 1236 | IN | |
| Oct 17, 2024 09:20:14.073034048 CEST | 1236 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 03:20:07 |
| Start date: | 17/10/2024 |
| Path: | C:\Users\user\Desktop\SO2mdwWVvg.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff63f4f0000 |
| File size: | 8'063'016 bytes |
| MD5 hash: | BFA844F0BE57643E3EBF11690E539A75 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
| Has exited: | false |
| Target ID: | 1 |
| Start time: | 03:20:07 |
| Start date: | 17/10/2024 |
| Path: | C:\Windows\System32\conhost.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff7699e0000 |
| File size: | 862'208 bytes |
| MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
Execution Graph
| Execution Coverage: | 2.6% |
| Dynamic/Decrypted Code Coverage: | 100% |
| Signature Coverage: | 6.1% |
| Total number of Nodes: | 735 |
| Total number of Limit Nodes: | 49 |
Graph
Function 000001DDE6102FA8 Relevance: 4.7, APIs: 3, Instructions: 190stringCOMMONLIBRARYCODE
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000001DDE60FD570 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 103networkCOMMONLIBRARYCODE
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000001DDE60FCCD4 Relevance: 6.2, APIs: 4, Instructions: 239networkCOMMONLIBRARYCODE
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000001DDE60FD054 Relevance: 3.2, APIs: 2, Instructions: 157networkCOMMONLIBRARYCODE
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000001DDE6105FA4 Relevance: 1.3, APIs: 1, Instructions: 61COMMONLIBRARYCODE
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00007FF63F4F14D0 Relevance: .0, Instructions: 4COMMON
Download Yara Rule
Control-flow Graph
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000001DDE610D384 Relevance: 32.5, APIs: 16, Strings: 2, Instructions: 1030COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000001DDE610C888 Relevance: 30.8, APIs: 16, Strings: 1, Instructions: 1022COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000001DDE6104820 Relevance: 13.3, APIs: 10, Instructions: 790COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000001DDE610A708 Relevance: 1.8, APIs: 1, Instructions: 304COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000001DDE61180B0 Relevance: .8, Instructions: 783COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000001DDE6117740 Relevance: .8, Instructions: 761COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000001DDE611117C Relevance: 16.6, APIs: 11, Instructions: 108COMMONLIBRARYCODE
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000001DDE6111F68 Relevance: 15.1, APIs: 10, Instructions: 93COMMONLIBRARYCODE
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000001DDE6111DF0 Relevance: 15.1, APIs: 10, Instructions: 89COMMONLIBRARYCODE
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000001DDE6110794 Relevance: 13.6, APIs: 9, Instructions: 89COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000001DDE610FFB8 Relevance: 13.6, APIs: 9, Instructions: 71COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000001DDE610A4CC Relevance: 12.6, APIs: 10, Instructions: 116COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000001DDE60F360C Relevance: 11.6, APIs: 9, Instructions: 305COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000001DDE610A370 Relevance: 10.6, APIs: 7, Instructions: 107COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000001DDE6114AA8 Relevance: 10.6, APIs: 7, Instructions: 78COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000001DDE610B070 Relevance: 9.3, APIs: 6, Instructions: 257COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000001DDE60F3170 Relevance: 8.9, APIs: 7, Instructions: 181COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000001DDE60FBA74 Relevance: 7.8, APIs: 6, Instructions: 337COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000001DDE60F44F0 Relevance: 7.7, APIs: 6, Instructions: 175COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000001DDE610C654 Relevance: 7.6, APIs: 5, Instructions: 149COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000001DDE6114958 Relevance: 7.5, APIs: 5, Instructions: 41COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000001DDE6109698 Relevance: 6.3, APIs: 5, Instructions: 76COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000001DDE610AB8C Relevance: 6.2, APIs: 4, Instructions: 194COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000001DDE60F00D0 Relevance: 6.1, APIs: 4, Instructions: 90COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000001DDE6119A98 Relevance: 6.1, APIs: 4, Instructions: 84stringCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000001DDE61083D0 Relevance: 5.4, APIs: 4, Instructions: 378COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000001DDE6109DC0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000001DDE6107898 Relevance: 5.2, APIs: 4, Instructions: 226COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000001DDE60FD208 Relevance: 5.2, APIs: 4, Instructions: 200COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 000001DDE60F3300 Relevance: 5.2, APIs: 4, Instructions: 179COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|